Privacy Policy
Sofokus Oy’s customer and marketing register
Privacy Policy, created 24.4.2018, updated 28.5.2018 and 20.3.2020.
Data controller
Sofokus Oy
Juhana Herttuan puistokatu 3, 20200 Turku
Puh. 02 250 1333
info@sofokus.com
Contact person for the register
Contact person for the register related matters:
Erkki Kallio
erkki.kallio@sofokus.com
Name of the register
Sofokus Oy’s customer and marketing register
Purpose of processing personal data
The primary purpose for processing personal data is the customer relationship between the customer and Sofokus, the legitimate interest of the data controller and data subject, the user’s consent, marketing and customer surveys, the assignment of the customer or any other relevant connection between the data subject and the data controller. The data is not used for automated decision-making or profiling.
Data subjects of the register
Data subjects in the register are contact persons related to data controller’s customers or former customers, persons that have been in contact to the data controller or persons that have submitted contact information using contact forms or persons who have given marketing approval to the data controller.
Data content of the register
The register may contain the following information about data subjects:
- Name
- Email address
- Phone numbers
- Organisation and position
- Address of organisation
- Billing address of organisation
- Contact log
- Data collected with cookies and web analytics
Regular sources of data
Information provided by the data subject, other reliable public Internet sources such as social media connections.
Regular disclosure of personal data and data transfers
Data subject’s personal data will not be disclosed to unauthorized third parties outside of Sofokus group and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. The data controller can outsource processing of your personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and processing of the register are applied by procedures that comply with the data protection regulation, such as standard contractual clauses approved by the EU Commission.
Principles of register data protection
Digital registers and databases where personal data is stored are secured by firewalls, passwords and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access. All personal data is processed with confidentiality and only those users who need the data to perform their tasks will have access to it. Data is backed up safely so it can be restored in case of system failures.
Rights of data subjects
- The data subject has the right to check what personal data has been saved about the person in the register
- Ask that incorrect personal information should be corrected
- Right for to cancelling consent, if processing is base for consent (for example opt-out of marketing communications)
- Right to request for data deletion, if there is no legal obligations for data controller to continue processing
- Right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.
The data controller shall delete personal data from the register when there is no business related or legal basis to continue processing or when the data subject requests data deletion based on privacy regulations.
The data subject can submit the request for fulfilling the rights of data subject by sending email to the contact person of the register. Request must be individualised so that identity can be verified reliably.
Cookies
Sofokus Oy’s recruitment register
Privacy Policy, created 26.4.2018, updated 28.5.2018.
Data controller
Sofokus Oy
Juhana Herttuan puistokatu 3, 20200 Turku
Puh. 02 250 1333
info@sofokus.com
Contact person for the register
Contact person for the register related matters:
Milla Heikkilä
milla.heikkila@sofokus.com
Name of the register
Sofokus Oy’s recruitment register
Purpose of processing personal data
The primary purpose for processing personal data is handling of job applications, recruiting process, the legitimate interest of the data controller and job applicant, the user’s consent, marketing and recruitment related surveys or any other relevant connection between the data subject and the data controller.
Data subjects of the register
Data subjects in the register are persons who have participated to data controller’s recruitment process, persons that have been in contact to the data controller as jub applicants or persons that have submitted contact information using contact forms, phone calls or written forms in recruitment events.
Data content of the register
The register may contain the following information about data subjects:
- Name
- Email address
- Phone numbers
- Job application, CV, photo and other information job applicant has provided
- Data collected with cookies and web analytics
Regular sources of data
Information provided by the data subject, other reliable public Internet sources such as social media connections.
Regular disclosure of personal data and data tranfers
Data subject’s personal data will not be disclosed to unauthorized third parties outside of Sofokus group and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. The data controller can outsource processing of your personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and processing of the register are applied by procedures that comply with the data protection regulation, such as standard contractual clauses approved by the EU Commission.
Principles of register data protection
Digital registers and databases where personal data is stored are secured by firewalls, passwords and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access. All personal data is processed with confidentiality and only those users who need the data to perform their tasks will have access to it. Data is backed up safely so it can be restored in case of system failures.
Rights of data subjects
- The data subject has the right to check what personal data has been saved about the person in the register
- Ask that incorrect personal information should be corrected
- Right for to cancelling consent, if processing is base for consent (for example opt-out of marketing communications)
- Right to request for data deletion, if there is no legal obligations for data controller to continue processing
- Right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.
The data controller shall delete personal data from the register when there is no need for processing data for recruiting purposes or when the data subject requests data deletion based on privacy regulations.
Principally job applications are retained two (2) years after collecting, and expired data is automatically deleted from the register.
The data subject can submit the request for fulfilling the rights of data subject by sending email to the contact person of the register. Request must be individualised so that identity can be verified reliably.
Shortcuts
- Sofokus Oy's customer and marketing register
- Data controller
- Contact person for the register
- Name of the register
- Purpose of processing personal data
- Data subjects of the register
- Data content of the register
- Regular sources of data
- Regular disclosure of personal data and data transfers
- Principles of register data protection
- Rights of data subjects
- Cookies
- Sofokus Oy's recruitment register
- Data controller
- Contact person for the register
- Name of the register
- Purpose of processing personal data
- Data subjects of the register
- Data content of the register
- Regular sources of data
- Regular disclosure of personal data and data tranfers
- Principles of register data protection
- Rights of data subjects