This is Skarta Energy’s register and privacy notice in accordance with the EU General Data Protection Regulation. Created on 1.2.2021. Last modified 26.6.2023.
Skarta Energy Oy
Business ID: 3182627-8
Miestentie 7, 02150 Espoo
Anna Korhonen, email@example.com
3. Name of the register
The company customer, stakeholder, marketing, employee, job candidate ja website visitor register.
4. The legal basis and purpose of processing personal data
The legal basis for the processing of personal data in accordance with the EU General Data Protection Regulation is:
- the person’s documented, voluntary, identified, informed and unambiguous consent
- that data subject is party to a contract
- legitimate interest of the controller (e.g. customer relationship before the contract, employment relationship)
The purpose of processing personal data is to communicate with customers and stakeholders, maintain customer and stakeholder relationships, contract management and performance of contractual obligations, marketing, maintain human resources, and recruitment.
Data is not used for automated decision-making or profiling.
5. Content of the register
The information stored in the register can be person’s name, position, company/organization, contact information (phone number, email address, address), IP address of the network connection, username / profiles on social media services, information about the ordered services and their changes, and other information related to customer and stakeholder relationship and ordered services.
The data stored on personnel primarily includes the person’s name, contact information (telephone number, e-mail address, address), user IDs, passwords, personal identity code, tax number, and education and qualification information.
The data stored on employees contains the person’s name, contact information (telephone number, e-mail address, address) as well as education and qualification information.
The IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of legitimate interest, e.g. to ensure information security and to collect statistical information on website visitors in cases where they can be considered personal data. If necessary, consent will be requested separately for third-party cookies.
Data storage and deletion comply with applicable laws and regulations.
6. Regulated sources of information
Information on the contact persons of companies and other organizations may also be collected from public sources, such as websites, directory services and other companies.
Personnel data is collected through an employment contract and maintained in the company’s systems.
Information on job applicants is collected from job applications.
7. Regular disclosure of data and transfer of data outside the EU or EEA
As a rule, personal data is not transferred outside the European Union (EU) or the European Economic Area (EEA). However, if personal data is transferred outside the EU or EEA, appropriate safeguards in accordance with current data protection legislation, such as standard contractual clauses approved by the European Commission, will be used.
Personal data may be disclosed and transferred to controller’s carefully selected partners for purposes that support the purposes of processing personal data described in this privacy notice. Data may also be disclosed to authorities within the limits required by law.
Third parties processing personal data (= data processors) by category:
- Service providers such as consultants
- IT service providers, cloud services
- Sales and marketing partners
8. Principles of register security
The register is handled with care and the information processed by information systems is appropriately protected. Keeping register information on Internet servers ensures that the physical and digital security of their hardware is properly managed. The controller ensures that the stored data, as well as server access and other critical information for the security of personal data, is treated confidentially and only by the employees whose job description allows access.
9. Right of access and right to request information rectification
Every person in the register has the right to check the information stored in the register and to request rectification of any incorrect information or supplementation of incomplete information. If a person wants to check the information stored on him or her to claim rectification, the request must be sent in writing to the controller. The controller may ask the applicant, if necessary, to prove his/her identity. The controller must respond to the customer within the time frame provided for in the EU Data Protection Regulation (as a rule within one month).
10. Other rights related to the processing of personal data
The person in the register has the right to request that the personal data concerning him/her be erased from the register (“the right to be forgotten”). Likewise, the data subjects have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may ask the applicant, if necessary, to prove his/her identity. The controller must respond to the customer within the time frame provided for in the EU Data Protection Regulation (as a rule within one month).