Sofokus - Your partner in digital business development

Privacy Policy

Sofokus Oy’s customer and marketing register

Privacy Policy, created 24.4.2018, updated 28.5.2018 and 20.3.2020.

Data controller

Sofokus Oy

Juhana Herttuan puistokatu 3, 20200 Turku

Puh. 02 250 1333

info@sofokus.com

www.sofokus.com

Contact person for the register

Contact person for the register related matters:

Erkki Kallio

erkki.kallio@sofokus.com

Name of the register

Sofokus Oy’s customer and marketing register

Purpose of processing personal data

The primary purpose for processing personal data is the customer relationship between the customer and Sofokus, the legitimate interest of the data controller and data subject, the user’s consent, marketing and customer surveys, the assignment of the customer or any other relevant connection between the data subject and the data controller. The data is not used for automated decision-making or profiling.

Data subjects of the register

Data subjects in the register are contact persons related to data controller’s customers or former customers, persons that have been in contact to the data controller or persons that have submitted contact information using contact forms or persons who have given marketing approval to the data controller.

Data content of the register

The register may contain the following information about data subjects:

  • Name
  • Email address
  • Phone numbers
  • Organisation and position
  • Address of organisation
  • Billing address of organisation
  • Contact log
  • Data collected with cookies and web analytics

Regular sources of data

Information provided by the data subject, other reliable public Internet sources such as social media connections.

Regular disclosure of personal data and data transfers

Data subject’s personal data will not be disclosed to unauthorized third parties outside of Sofokus group and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. The data controller can outsource processing of your personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and processing of the register are applied by procedures that comply with the data protection regulation, such as standard contractual clauses approved by the EU Commission.

Principles of register data protection

Digital registers and databases where personal data is stored are secured by firewalls, passwords and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access.  All personal data is processed with confidentiality and only those users who need the data to perform their tasks will have access to it. Data is backed up safely so it can be restored in case of system failures.

Rights of data subjects

  • The data subject has the right to check what personal data has been saved about the person in the register
  • Ask that incorrect personal information should be corrected
  • Right for to cancelling consent, if processing is base for consent (for example opt-out of marketing communications)
  • Right to request for data deletion, if there is no legal obligations for data controller to continue processing
  • Right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.

The data controller shall delete personal data from the register when there is no business related or legal basis to continue processing or when the data subject requests data deletion based on privacy regulations.

The data subject can submit the request for fulfilling the rights of data subject by sending email to the contact person of the register. Request must be individualised so that identity can be verified reliably.

Cookies


Sofokus Oy’s recruitment register

Privacy Policy, created 26.4.2018, updated 28.5.2018.

Data controller

Sofokus Oy

Juhana Herttuan puistokatu 3, 20200 Turku

Puh. 02 250 1333

info@sofokus.com

www.sofokus.com

Contact person for the register

Contact person for the register related matters:

Milla Heikkilä

milla.heikkila@sofokus.com

Name of the register

Sofokus Oy’s recruitment register

Purpose of processing personal data

The primary purpose for processing personal data is handling of job applications, recruiting process, the legitimate interest of the data controller and job applicant, the user’s consent, marketing and recruitment related surveys or any other relevant connection between the data subject and the data controller.

Data subjects of the register

Data subjects in the register are persons who have participated to data controller’s recruitment process, persons that have been in contact to the data controller as jub applicants or persons that have submitted contact information using contact forms, phone calls or written forms in recruitment events.

Data content of the register

The register may contain the following information about data subjects:

  • Name
  • Email address
  • Phone numbers
  • Job application, CV, photo and other information job applicant has provided
  • Data collected with cookies and web analytics

Regular sources of data

Information provided by the data subject, other reliable public Internet sources such as social media connections.

Regular disclosure of personal data and data tranfers

Data subject’s personal data will not be disclosed to unauthorized third parties outside of Sofokus group and its designated resellers or subcontractors. All subcontractors are bound by the legality requirement. The data controller can outsource processing of your personal data to companies and service providers outside the data controller’s enterprise that may be in countries outside the European Union and the European Economic Area, such as the United States. These companies can process personal data to provide infrastructure and IT services, or other services. In such cases, sufficient data security and processing of the register are applied by procedures that comply with the data protection regulation, such as standard contractual clauses approved by the EU Commission.

Principles of register data protection

Digital registers and databases where personal data is stored are secured by firewalls, passwords and other technical security measures. Physical access to stored personal data is secured by access controls and locked cabinets with no outsider access.  All personal data is processed with confidentiality and only those users who need the data to perform their tasks will have access to it. Data is backed up safely so it can be restored in case of system failures.

Rights of data subjects

  • The data subject has the right to check what personal data has been saved about the person in the register
  • Ask that incorrect personal information should be corrected
  • Right for to cancelling consent, if processing is base for consent (for example opt-out of marketing communications)
  • Right to request for data deletion, if there is no legal obligations for data controller to continue processing
  • Right to make a complaint to the supervisory authority regarding the processing of personal data, if the data subject considers that the processing of personal data infringes the legal framework of privacy laws.

The data controller shall delete personal data from the register when there is no need for processing data for recruiting purposes or when the data subject requests data deletion based on privacy regulations.

Principally job applications are retained two (2) years after collecting, and expired data is automatically deleted from the register.

The data subject can submit the request for fulfilling the rights of data subject by sending email to the contact person of the register. Request must be individualised so that identity can be verified reliably.

Shortcuts