to top

Description of file and the protection of data

Suomen Erillisverkot Oy respects your privacy and is committed to protecting your personal data. The purpose of this privacy notice is to describe how we collect, process and share your personal data when you are in contact with us. This notice also specifies your data protection rights.

PRIVACY NOTICE – external partners

  1. WHO IS THE CONTROLLER?
  2. WHAT DATA DO WE COLLECT AND HOW?
  3. PURPOSES OF AND LAWFUL BASES FOR PROCESSING PERSONAL DATA
  4. SHARING THE COLLECTED DATA
  5. DATA TRANSFERS TO THIRD COUNTRIES
  6. RETENTION PERIODS
  7. HOW CAN YOU EXERCISE YOUR DATA PROTECTION RIGHTS?
  8. CHANGES TO THE PRIVACY NOTICE

 

  1. WHO IS THE CONTROLLER?

The controller for the processing of personal data described in this privacy notice:

  • Suomen Erillisverkot Oy (State Security Networks Group Finland)

If you have any questions about this privacy notice, you can contact us via e-mail at tietosuoja@erillisverkot.fi.

  1. WHAT DATA DO WE COLLECT AND HOW?

Next, we will tell you which personal data we may collect from you and how we collect it. The diagram in section 3 specifies the different purposes of processing your personal data as well as the lawful basis of the processing.

We may collect, use, store and transfer different types of personal data, which we have grouped as follows:

  • Identifier refers to your name, date of birth, personal identification number and other data that can be used to identify you.
  • Personal Identification Number refers to the unique identifier of a person that is given by the state.
  • Contact Information refers to your e-mail address, phone number, address and other information that helps us to contact you.
  • Transaction Data refers to the details of the contracts and payments you have made.
  • Profile Data comprises your interests, any feedback you have given and your responses to surveys, along with your participation in our events.
  • Technical Data refers to your IP address, login data, browser data (browser type and version), time zone and location, browser extension type and version, operating system and platform, as well as any other technical devices needed for using our website.
  • Usage Data refers to information that reveals how you have interacted with our website and other services.
  • Marketing and Communications Data refers to your marketing preferences and other communications settings.
  • Organisation Data refers to information about the organisation you represent.
  • Registration Data describes your registrations in our events.
  • Diet Data refers to your wishes regarding food and drinks, for example, at our events you have participated in.
  • Video Surveillance Data comprises the recorded footage from our CCTV system.
  • Log Data specifies your use of our information and communications systems.
  • Message Data refers to e-mails and other electronic messages.

The data is collected directly from you. We can also receive data from your employer or other third sources.

When you use our website or services, we may automatically collect Technical Data and Usage Data regarding the devices you use, your browsing and browsing behaviour. We collect this data with the help of cookies and other similar technologies. We use cookies only if you have given your consent to their use, with the exception of technical cookies that are necessary for the functioning of the website.

  1. PURPOSES OF AND LAWFUL BASES FOR PROCESSING PERSONAL DATA

We process your personal data only to the extent permitted by legislation. In most cases, we process your personal data in the following situations:

  • The processing is necessary in order to enforce an agreement we have made or are about to make with you, in accordance with Article 6(1)(b) of the General Data Protection Regulation.
  • The processing is necessary for the fulfilment of a statutory obligation under Article 6(1)(b) of the General Data Protection Regulation or the establishment, exercise or defence of a claim under Article 9(2)(f) of the General Data Protection Regulation.
  • You have given us your consent to the processing of personal data under Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation.
  • The processing is necessary in order to meet our legitimate interests or the legitimate interests of a third party, except when your interests or basic rights and freedoms requiring the protection of personal data supersede such interests, in accordance with Article 6(1)(f) of the General Data Protection Regulation.
  • We may process data concerning your personal identification number in accordance with Section 29 of the Data Protection Act or when we have a lawful basis for the processing, as specified in paragraphs (i), (ii) and (iv). We may disclose your personal identification number when it is crucial for unambiguous identification or when required by the authorities.

Below is a table of all the purposes for which we will use your personal data and the lawful bases for the processing. If the processing is based on our legitimate interest, the table specifies the legitimate interest in question.

 

Purpose/activity Data type Lawful basis, including the justification for legitimate interest
Maintaining the contact information of contact persons, including:

·        Mapping out relevant stakeholders and contact persons;

·        Saving, storing and updating the identifiers and contact information of contact persons

(A) Identifier

(C) Contact information

(E) Profile data

(H) Marketing and communications data

(I) Organisation data

 

We have a legitimate interest to map out contact persons who are relevant for our operations and manage their contact information. (GDPR 6.1.(f))
Contract management (A) Identifier

(C) Contact information

(D) Transaction data

(I) Organisation data

 

We have a legitimate interest to process your personal data in connection with making agreements. (GDPR 6.1.(f))

We also have the legal obligation to process certain data that arises in connection with transactions, such as payment data, which may also be your personal data. (GDPR 6.1.(c))

Management of personal data in projects (A) Identifiers

(I) Organisation data

 

The processing is necessary in order to meet our statutory obligation. (GDPR 6.1.(c))
Targeted communications (A) Identifiers

(C) Contact information

(E) Profile data

(M) Log data

(N) Message data

(I) Organisation data

The processing is based on the specific consent given for this purpose. (GDPR 6.1.(a))
Organising events, including:

·        Sending invitations;

·        Managing registrations;

Managing participant preferences, such as diets

(A) Identifiers

(C) Contact information

(E) Profile data

(H) Marketing and communications data

(I) Organisation data

(J) Registration data

(K) Diet data

(M) Log data

(N) Message data

The processing is based on the specific consent given for this purpose. (GDPR 6.1.(a))
Conducting and utilising customer surveys (A) Identifiers

(C) Contact information

(E) Profile data

(M) Log data

(N) Message data

(I) Organisation data

The processing is necessary in order to meet our legitimate interests. (GDPR 6.1.(f))

Erillisverkot has a legitimate interest to develop its services with the help of customer experiences.

Contacting stakeholders (A) Identifiers

(C) Contact information

(E) Profile data

(M)Log data

(N) Message data

(I) Organisation data

The processing is necessary in order to meet our legitimate interests. (GDPR 6.1.(f))

Erillisverkot has a legitimate interest to keep important stakeholders informed of the business situation.

Sending newsletters and other marketing materials (A) Identifiers

(C) Contact information

(E) Profile data

(H) Marketing and communications data

(I) Organisation data

We have a legitimate interest to send relevant marketing content to you. (GDPR 6.1.(f))
Conducting, utilising and managing security surveys (A) Identifiers

(B) Personal identification number

(I) Organisation data

The processing is necessary in order to meet our statutory obligation. (GDPR 6.1.(c))
Communication via e-mail, on the website or on other electronic platforms (A) Identifier

(C) Contact information

(E) Profile data

(H) Marketing and communications data

(I) Organisation data

We have a legitimate interest to communicate with you. (GDPR 6.1.(f))
The management and protection of our website (including error diagnostics, data analysis, testing and system maintenance) (A) Identifier

(C) Contact information

(F) Technical data

(G) Usage data

The processing is necessary for our legitimate interest to provide administration and IT services, protect online security and prevent fraud. (GDPR 6.1.(f))
Using data analytics to develop the website, services, marketing, customer relationships and experiences (F) Technical data

(G) Usage data

(I) Organisation data

The processing is necessary for our legitimate interests to keep our website up to date and relevant, develop our operations and improve our marketing strategy. (GDPR 6.1.(f))

We use cookies only with your consent – with the exception of strictly necessary technical cookies. (GDPR 6.1.(a))

Offering relevant and targeted marketing, advertisements and website content on our website and the websites of third parties, and measuring the impact of advertising (A) Identifier

(C) Contact information

(E) Profile data

(F) Technical data

(G) Usage data

(H) Marketing and communications data

(I) Organisation data

We have a legitimate interest to make strategic marketing decisions and target our marketing to match your preferences. (GDPR 6.1.(f))

We use cookies that are other than strictly necessary only with your consent. (GDPR 6.1.(a))

     
Video surveillance on our premises or on customer premises, targeted at the controller’s production system (L) Video surveillance data The processing is necessary in order to meet our legitimate interests. (GDPR 6.1.(f))

Erillisverkot has a legitimate interest to protect property and information.

 

  1. SHARING THE COLLECTED DATA

We may disclose your data to third parties in the following cases:

  • When it is necessary for the purposes listed in section 3.
  • To public authorities, the tax administration or executive authorities or as otherwise required by law.
  • To an accounting entity for accounting purposes.
  • Our website may place cookies and collect or transfer data to third parties. We kindly ask you to read the cookie policy and cookie settings, which are available on our website, in order to receive information about these third parties and the purposes for which we collect the data. We use cookies that are other than strictly necessary only with your consent.
  • In mergers and acquisitions, to a person or community that will acquire our company, our shares or our assets, either fully or in part, or with whom we are about to merge.
  • When we believe in good faith that the disclosure of data is necessary in order to exercise our rights or defend ourselves against a legal claim, protect your security or the security of others, investigate fraud or respond to an official request.

We share data, including personal data, with reliable third-party service providers who process the personal data on our behalf, following our instructions. These services include hosting services, IT system administration and maintenance, communications, planning and display of marketing, customer service, payment handling, analytics and other services. Third-party service providers may be given access to or the opportunity to process personal data so that they can provide us with the aforementioned services. These third parties are not allowed to use your personal data for purposes that are not related to the services they offer. We have made data processing agreements with all such third parties.

  1. DATA TRANSFERS TO THIRD COUNTRIES

We do not transfer your data outside the EU or the EEA, unless we have verified that the transfer meets the requirements laid down in Chapter V of the General Data Protection Regulation.

Some of the third-party service providers we use are located outside the European Economic Area. This means that when they process personal data on our behalf, they also transfer the personal data outside the EEA. In order to ensure the adequate protection of your personal data, we have implemented sufficient protective measures to ensure a secure transfer in these situations. These protective measures cover the decisions on a sufficient level of data protection by the European Commission or the standard contractual clauses approved by the Commission. These measures are regarded as providing the same level of protection as processing within the EEA.

If you would like to know more about the parties that process your personal data outside the European Economic Area and the security measures we have taken to ensure the continuity of data transfers, please contact us via e-mail at tietosuoja@erillisverkot.fi.

  1. RETENTION PERIODS

We store the personal data we have collected for as long as our legitimate interest or obligation to store it continues. When such legitimate interest or obligation ends, we will delete or anonymise your personal data.

We store transaction data for accounting and taxation purposes for six (6) years after the end of the year during which the last transaction took place.

We store Profile Data and Marketing and Communications Data for a maximum on two (2) years after the last use.

We store Registration and Diet Data for as long as necessary for organising the event in question.

We store Technical Data and Usage Data for 24 months after the time of collection.

Data may also be stored for a longer period if we have a legal obligation to store the data or if the storage is necessary for the establishment, exercise or defence of a legal claim in a legal process.

  1. HOW CAN YOU EXERCISE YOUR DATA PROTECTION RIGHTS?

You have several rights related to your personal data. Below is a concise list of these rights, along with information on how to exercise them and their limitations.

When certain conditions are met, you have the following rights:

  • Right to request access to your personal data. This right allows you to have a copy of all the personal data we store about you and to ensure that we process the data lawfully.
  • Right to request the rectification of your personal data. Under this right, you may request we rectify any inaccurate or false data concerning you.
  • Right to request the erasure of your personal data. Under thig right, you may request we erase or move your personal data when the appropriate basis for processing the data has ceased.
  • Right to object to the processing of your data when the basis of processing is our legitimate interest (or the legitimate interest of a third party) and you have a specific personal reason to restrict the processing. You will also always have the right to restrict the processing of your data for direct marketing purposes.
  • Right to request restricting the processing of your personal data. Under this right, you may request we stop the processing of your personal data, for example, while you ensure the accuracy of the data or the validity of the lawful basis of processing.
  • Right to request the transfer of your data between systems.
  • If the processing is based only on your consent, you have the right to withdraw your consent at any time. However, withdrawing your consent does not affect the lawfulness of the processing of personal data that has taken place before the consent was withdrawn.

If you wish to exercise any of the aforementioned rights, you can contact us via e-mail at tietosuoja@erillisverkot.fi. When you have contacted us, we will fulfil your wishes in accordance with data protection legislation.

You have the right to make a notification to the national data protection authorities if you are dissatisfied with the way in which we process your personal data. In Finland, the notification is made to the Data Protection Ombudsman at https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman.

  1. CHANGES TO THE PRIVACY NOTICE

This privacy notice may be updated, as necessary, to reflect changes in the legal and operational requirements. We recommend visiting our website regularly to learn about our updated data protection policies.