Description of processing personal data

  1. Data controller
    Upsert oy (2759623-8)
    Bertel Jungin aukio 5
    02600 Espoo
    Finland
  2. Data Protection Officer
    Hannu Kröger
    Bertel Jungin aukio 5
    FI-02600 Espoo
    Finland
  3. Name of the register

    The personal data register of Upsert Oy's personnel and recruitment in which information is stored concerning the employment relationship of each employee and information collected in connection with recruitment.

  4. Purpose of processing personal data

    The purpose of processing personal data is to maintain statutory information on the personnel, to develop the company's services by utilising the expertise of the personnel, to collect information on events in the company for the personnel and to assist with managing customer relationships. In addition, information on candidates for jobs are stored in the register for the company's recruitment purposes. Personal data is collected on the person's consent to fulfil the company's statutory obligations. The person has the right to withdraw his or her consent at any time.

  5. Content of the register

    The following information, to the extent deemed necessary, is stored in the register:

    • basic information, such as name, contact information (mailing addresses, phone numbers, e-mail addresses), gender, title or position in the organisation and native tongue, and when the customer is a private person, the personal identity code;
    • CV, certificates and other information used for assessing the expertise of the employee;
    • authorisations or other representation;
    • information on official identity papers for identification purposes, such as passport or identity card;
    • information required by law and orders of the authorities; and
    • any changes to the information specified above.
  6. Regular sources of information

    Regular sources of information include the registered person him/herself and various registers maintained by the authorities, such as the population register and tax administration.

  7. Transfer of personal data

    Personal data is considered information in confidence, and the personnel have the obligation to maintain secrecy. The company may transfer the data within the limits of the obligations of the currently valid legislation. The data can only be transferred to the authorities, trade unions and other parties which by law have the right to receive the data, and in a restricted way to the clients of the company for the business purposes of the company. In addition, the data can be transferred to partners in conjunction with outsourcing, when the transfer is necessary for managing statutory obligations, such as calculation of salaries, bookkeeping and related assisting duties.

  8. Transferring the data outside the EU or EEA

    The data shall not be transferred outside the European Union or the European Economic Area unless it is deemed absolutely necessary for managing a customer relationship or other highly important and justifiable business reason.

  9. Protecting the register

    The data controller shall arrange the information security of the register in a generally acceptable manner and aim, using appropriate technical solutions, to prevent unauthorised access to both its information systems maintained by IT services and the manually maintained and stored materials. Instructions on using the register have been prepared, the users of the register shall be trained and the use of the register monitored on a regular basis.

    Only the data controller and the employees of the companies acting as its agents shall have access to the data contained in the register. Access to the register data maintained by IT services requires the user to enter his or her personal user ID and password. The persons processing the data have access rights granted by the data controller to the extent that suffice their needs.

  10. Viewing the data

    The data subject has the right to view the data stored about him or her in the register. A signed request to view the data must be sent in writing to the Data Protection Officer. The request to view the data can also be submitted in person at the data controller's office.

  11. Rectifying the data

    The data subject has the right to require a personal data item in the register to be rectified, erased or complemented if, considering the purpose of the processing, the information is faulty, unnecessary, incomplete or outdated. A written and personally signed or corresponding request for rectification presented in a certified document must be submitted to the Data Protection Officer. The person submitting the request for rectification must prove his or her identity.

    The data controller shall, on its own initiative and without undue delay, also rectify any personal data that it has found to be faulty, unnecessary, incomplete or outdated.

    When permitted by regulation, the data subject also has the right to require erasure of his or her data.

  12. Right to prohibit

    The data subject has the right to prohibit the processing and transfer of his or her personal data. A written and personally signed or corresponding request for using the right to prohibit presented in a certified document must be submitted to the Data Protection Officer. The person requesting the right to prohibit must present proof of his or her identity.

  13. Right to transfer the data from one system to another

    To the extent you yourself have given us data which will be processed based on your consent, you have the right to receive such data mainly in machine-readable form as well as the right to transfer this data to another data controller.

  14. Storing the data

    The personal data shall be stored for a period defined in legislation valid each time, which will also continue after the end of the employment contract.

  15. Right to lodge a complaint with the supervisory authority

    If, in your opinion, we have not acted in compliance with the applicable data protection regulation, you have the right to lodge a complaint with the competent supervisory authority.