Privacy policy
HeadPower portal customer- and user register
1. DATA CONTROLLER
HeadPower Oy Harakantie 18 B, 02650 ESPOO, tel. +358 10 841 5400, helpdesk@headpower.fi
2. REPRESENTATIVE OF DATA CONTROLLER
Antti Jukarainen
3. RIGHTS OF DATA SUBJECT
As a matter of principle, HeadPower complies with the EU’s General Data Protection Regulation and the applicable legislation regarding the rights of the data subject. Correction of personal data: with an active user ID, Customers can check their data in the register at any time via the Internet, and change it if necessary. You can also make a request as instructed in the ‘Contact us’ section. Checking of personal data: Data subjects with an active user account can check their data in the register at any time free of charge on the HeadPower portal. If this is not possible, data subjects can make a request as instructed in the ‘Contact us’ section. Erasure of personal data: Data subjects may make a written request to erase data. Data will only be erased if this does not endanger the legal security of HeadPower Oy or HeadPower Oy’s customer companies. The right to lodge a complaint with the Data Protection Ombudsman: If the data controller refuses to take action, the data subject may refer the matter to the Data Protection Ombudsman.
4. CONTACT US
Any request to exercise the rights of the data subject, and any questions or other communication concerning this privacy policy, should be sent by e-mail to helpdesk@headpower.fi. Any communication should be sent from the e-mail address associated with the data subject’s details, so that the request can be properly targeted. If this is not possible, the data subject must be able to prove that they are registered by means of a written request. The written request must be made at the data controller’s premises referred to in section 1. To make a request, a personal meeting must be arranged and the data subject must present official proof of identity at the meeting. For repeated requests, the data controller may charge a fee in accordance with its current tariff, based on the use of staff time.
5. PURPOSE OF PROCESSING PERSONAL DATA
The register is used to: manage access rights to the HeadPower portal; maintain customer contacts; manage the customer relationship, and to exercise the rights and obligations of the customer and HeadPower Oy. The register is also used for processing personal data in accordance with current data protection legislation for purposes related to online services, research and marketing with the customer’s consent.
6. BASIS OF PROCESSING PERSONAL DATA
Managing the customer relationship, and managing and using the access rights to the portal services purchased by the customer, the data subject accepts the terms of use of the portal and consents to the processing of personal data on the HeadPower portal. Without such acceptance, the use of the services is not possible.
7. DATA CONTENT OF THE REGISTER
The register contains the following information about data subjects:
- Contact information (name, position, telephone number and email address).
- Username and password.
- Companies, languages, roles and sector profiles represented by the user.
- Log-in times and other activities related to the username.
- Consent to communication and other processing procedures.
- Information concerning system user management and restriction of user rights.
8. REGULAR DATA SOURCES OF THE REGISTER
Customer data is collected at the time of registration on the portal and for the duration of the customer relationship. Customers with an active user ID can check their data in the register at any time via an internet network, with the exception of user activity data, and change it if necessary. Register data is also updated on the basis of notifications made by the customer to the data controller.
9. DISCLOSURES OF PERSONAL DATA
In the case of integration with the HeadPower portal, the contact and company data stored in the register will be transferred to the system of the customer company using the portal. Such services outside the portal include, for example, planning, financial information and ERP systems for customer companies. The transfer of information is necessary for the ordering and execution of work between customers and suppliers. The necessary information is transferred between the client and the supplier during the processing of the work, either within the portal or to a system outside the portal. Customer contact information may be transferred from the register to an external service provider for the purpose of sending customer satisfaction surveys and service-related communications to users of the HeadPower portal. No other information from the register will be disclosed to third parties unless the data controller is expressly required to do so by law or regulation. Data from the register is not transferred outside the EU- and EEA area.
10. STORAGE, ARCHIVING AND DESTRUCTION OF PERSONAL DATA
Personal data is stored for as long as the user takes care of the activation of their ID or as part of the data in the registers of the customer companies of the HeadPower portal, so that the customer companies retain the possibility to check the persons who have processed their data, for example at the request of the authorities. The person’s data is automatically deleted when the person is no longer associated with any use case, such as a work task, protocol or plan. Data may have to be deleted as a result of monitoring if the customer misuses the service or uses the service to engage in activities that violate the law or good practice, etc. The register data is backed up regularly to ensure the operation of the service and to restore the data in the event of any disruption.
11. COMBINING OF REGISTERS
In the case of integration with the HeadPower portal, the contact and company data stored in the register can be combined with the systems of the customer company using the portal. Such services outside the portal include, for example, planning, financial information and ERP systems for customer companies. The transfer of information is necessary for the ordering and execution of work between customers and suppliers. The register is not combined with other registers.
12. GENERAL DESCRIPTION OF TECHNICAL AND ORGANISATIONAL SECURITY MEASURES
The data is kept technically protected by appropriate IT security measures such as firewalls, encrypted communications, and access control with personal user IDs. The server environments included in the service are located in physical high-security data centre environments. The data in the register is processed only by persons whose duties require it. Training is provided, where necessary, for people dealing with register matters.