Loading...
FIPrivacy Policy
Your privacy is important to us.
At Finitec, it is important to us that you can trust us to handle your personal data carefully, transparently, and with respect for your privacy. When processing your personal data, we strictly comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws, and we always aim to follow good data protection practices. This privacy policy describes how we collect, process, and protect the personal data of our experts at Finitec and at Finitec's subsidiaries AI Roots and CyberDo.
This privacy policy is updated regularly. The current version is always available at www.finitec.fi/privacy-policy. We will contact data subjects separately if there are significant changes to the privacy policy.
Data Controller and Data Protection Officer
Data Controller
Data Protection Officer
Processing of Personal Data
- Name
- Email address
- Phone number
- Job application documents, such as a CV and portfolio
- Information on expertise, education, experience, and skills
- Referee details and references provided by referees
- Information on previous collaboration and communications
- Name
- Email address
- Phone number
- Job application documents, such as a CV and portfolio
- Information on expertise, education, experience, and skills
- Information contained in contracts, such as invoicing details
- Information related to the collaboration, such as hours worked
- Name
- Email address
- Phone number
- Job application documents, such as a CV and portfolio
- Name
- Email address
Sources of Personal Data
We collect personal data directly from the expert and from public sources, such as LinkedIn. We may also receive experts' personal data from our partner companies if a partner company creates an expert profile in Finitec's system for the expert it represents. The partner company acts as an independent controller when processing the personal data of the experts it represents.
Disclosures of Personal Data
A disclosure means a situation where the controller provides personal data to a third party that uses it for its own purposes. Experts' personal data is disclosed to Finitec's clients for presenting the expert and carrying out the assignment.
Data Processors
We use external service providers in our processing activities, such as system suppliers, who process personal data on behalf of Finitec in the role of a data processor. The service providers we use are contractually committed to ensuring an adequate level of data protection in all processing of personal data.
We use processors for the following purposes:
- Data storage in cloud services
- Management of expert profiles
- Invoicing
- Communications and sending the newsletter
Data Transfers Outside the EU/EEA
Our service providers may, in some cases, process personal data outside the EU/EEA, for example in the United States. Personal data is transferred outside the EU/EEA only when the requirements set by data protection legislation are met. Transfers outside the EU/EEA may be based, for example, on the European Commission's Standard Contractual Clauses (SCCs) or on an adequacy decision regarding the level of data protection in the recipient country.
Data Security
We protect personal data against loss, unauthorized access, and other misuse through appropriate technical and organizational measures. Examples of such measures include the use of firewalls, encryption, backups, and secure facilities.
Access to personal data is internally restricted through electronic and physical access controls, as well as policies governing the granting and monitoring of user access rights to different systems. Personal data may only be accessed by employees who are authorized to do so as part of their job responsibilities.
Data Subject Rights
Data subjects have several rights that allow them to influence how their personal data is processed. The rights listed below can be exercised by sending a request by email to tietosuoja@finitec.fi.
Right to be informed
The data subject has the right to receive information about our processing of personal data in a transparent and easily understandable form. This privacy notice provides the basic information about the processing of personal data. If you have any questions about data protection, you can request further information by contacting us using the contact details provided at the beginning of this notice.
Right of access
The data subject has the right to know what personal data about them we process and, if they wish, to obtain access to that data.
Right to rectification
The data subject has the right to request rectification or correction of their data, in which case we will complete or correct inaccurate or incorrect data.
Right to erasure
The data subject has the right to have all their personal data erased (the right to be forgotten). This right may be restricted, for example, where we have a legal obligation to retain the personal data.
Right to restrict processing
The data subject has the right to request restriction of processing. Restriction of processing means that the data is stored, but otherwise processed only on the basis of consent, for the establishment, exercise or defense of legal claims, to protect the rights of another person, or for important reasons of public interest of the Union or a Member State. Restriction may apply, for example, where the lawfulness of the processing is contested. In such a case, processing is restricted until the lawfulness of the processing has been verified.
Right to data portability
The data subject has the right to request the transfer of their personal data from one system to another. This right applies when the personal data has been collected directly from the data subject and the processing is based on a contract or consent.
Right to object processing
The data subject has the right to object to the processing of personal data on grounds relating to their particular situation where the legal basis for processing is legitimate interests, a task carried out in the public interest, or the exercise of official authority. Processing will be stopped unless it is necessary for another justified reason.
Rights regarding automated decision-making
The data subject has the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. The data subject also has the right to request human review of decisions based on automated decision-making.
We do not make decisions based solely on automated processing of personal data that would produce legal effects or similarly significant effects.
Right to withdraw consent
Where the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Processing may continue after withdrawal if another legal basis applies.
Right to lodge a complaint
The data subject has the right to lodge a complaint regarding the processing of personal data with the competent supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.