Jeppis Stadion PRIVACY STATEMENT
Jeppis Stadion’s customers and potential customers
Jeppis Stadion’s employees and job applicants
We value your privacy
Every person values privacy, also our customers and employees. However, it would not be possible to operate our business without collecting some amount of personal data. As a data controller, we collect and process personal data especially relating to our employees and our customers’ contacts and project team members. Same goes for potential customers and job applicants. Personal data is all data relating to and identified or identifiable person, such as name, email, social security id and a photo.
Jeppis Stadion processes personal data relating to its customers, potential customers, employees and job candidates in accordance with this privacy statement and applicable laws, so please read this carefully. We may also make changes to this statement due to changes in our operations or applicable laws.
Jeppis Stadion Ab Oy
Business ID: 2194781-8
Otto Malminkatu 16 A 3
FI – 68600 PIETARSAARI
Privacy matters are handled by Björn Anderssén, who is Jeppis Stadion’s Data Protection Officer. You can use the above contact details also for privacy-related questions and requests.
For what purposes does Jeppis Stadion collect personal data? What is the legal basis for processing personal data?
We collect, store and process personal data relating to customers and employees only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:
Marketing and customer communications. We may perform digital marketing, email marketing and communications, personalized marketing content and social media advertising targeted to potential and existing customers. For these purposes we need to collect and process personal data. Marketing may also be based on automated decisions and profiles created for social media campaigns, search engine marketing and website content. The legal basis for this processing is mainly our legitimate interest. A person has however a right to object direct marketing at any point. It is also possible that some direct marketing is based on consent (e.g. newsletters).
Developing our business. We may also use personal data for developing our business relating to development of marketing services. The legal basis for this processing is our legitimate interest.
Fulfilling legal obligations. We may also use personal data for fulfilling legal obligations (e.g. bookkeeping, employment contracts act, tax laws).
Human resources management. Personal data relating to employees are mainly collected and used for human resources management purposes, payment of salaries, fulfilling other rights and obligations relating to employment contracts and meeting legal requirements relating to employment. The legal basis for this processing may be fulfilling a contract between Jeppis Stadion and the employee, consent as well as fulfilling legal obligations relating to employment.
Recruiting and job applicants. In recruitment situations we process personal data mainly for preparing and concluding an employment contract and based on the job applicants consent. Based on consent we may receive job applicant data also from other sources than from the person itself.
What personal data does Jeppis Stadion collect? From which sources?
We collect, store and use personal data mainly relating to our customer contacts (including potential customers), employees and job candidates.
Customers and potential customers
We collect personal data relating to customers and potential customers mainly from the person itself. Relating to potential customers we also collect prospecting data, mainly from LinkedIn and corporate websites. Important source of data is also our website and its online forms. We also collect data by using Google Analytics. Data is also collected and generated during customer relationship, but mainly concerning the companies and organizations. Data about potential customers may also be received through seminars organized with business partners.
Typically we collect and process the following personal data relating to customers:
- First name
- Last name
- Email address
- Contact details
- Work phone
- Employer, its contact details and business ID
- Customer level and lifecycle phase
- Legal basis for processing personal data (contract, consent, legitimate interest)
- Call details (when and about what)
- Meeting details (when and about what)
- Sales history
- Email correspondence
- Marketing opt-in’s / opt-out’s
Similar, but more limited data may also be received from prospecting potential customers through LinkedIn or corporate websites.
Personal data relating to employees is received primarily from the employee and with her consent also from other sources. We may also process data that is generated during the employment relationship.
Typically we collect and process the following personal data relating to employees:
- Data required for withholding taxes
- Social security ID
- Salary data
- Work time tracking
- Contact details
- Data relating to sick leaves
- Employment contract
Personal data relating to job applicants is received primarily from the applicant and with her consent also from other sources. (such as LinkedIn, references and possible suitability tests).
Typically we collect and process the following personal data relating to job applicants:
- Name and basic contact details
- Education, experience, skills and work history
- Application and cv
- References (with consent)
- LinkedIn profile (with consent)
- Possible suitability test results (with consent)
Who processes personal data at Jeppis Stadion and is it transferred to anyone?
People within our organization have access to the personal data for the purposes of performing their work tasks. Access to HR data is more limited than customer data, as most of our staff perform customer work but only limited group of people have HR responsibilities.
We may also subcontract some personal data processing, such as the cloud services used for storing data. Most of the data we store are in electronic form only. We use subcontractors especially in the following matters: marketing automation, CRM, accounting and bookkeeping, website hosting and analytics, email marketing and project management.
In these situations, we make sure we have a written contract with the services provider with minimum data processing provisions and also otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully.
We may also provide personal data to a third party for fulfilling contractual obligations or due to a legal obligation or requirement by an authority. We may also provide personal data to a third party if we are involved in a business sale or restructuring.
Does Jeppis Stadion transfer personal data outside the EU?
Personal data is primarily processed inside the EU, but as data is stored and processed mainly in electronic form in cloud services, some of the service providers we use may locate outside the EU. These include Google, Mailchimp and HubSpot. If personal data is transferred outside the EU, we make sure that (1) the transferee is located in a country with adequate safeguards (as decided by the EU commission from time to time), (2) the transferee is Privacy Shield certified (if a US-based company) or (3) the transfer occurs by using model clauses published by the EU commission.
How long is personal data stored?
We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose, legal basis for processing data and the situation. The retention periods may also be based on laws (e.g. accounting, tax laws, employment contracts act). If consent was the only basis for processing personal data, the data may be deleted after a person withdraws her consent. We may also delete the data based on a person’s request, if we do not have a legal basis for processing personal data that would override the request. We may also update data from time to time and delete outdated and incorrect data.
How does Jeppis Stadion store and secure the data?
Personal data is stored primarily in electronic form and it is secured in accordance with general industry standards and practices. We consider and keep personal data confidential. We use only such services providers for data storage and processing that have a good reputation in terms of data security. Access to personal data is also protected with user-specific logins, passwords and user rights. We do not sell or rent personal data for marketing purposes. Our premises are also safe and secure.
Is it mandatory to provide personal data to Jeppis Stadion? What happens if you don’t provide it?
In many situations it not mandatory to provide us personal data. This concerns especially personal data relating to potential customers and job applicants. However, we need some amount of personal data especially in customer relationships to conclude and fulfill contracts. Potential customers provide us usually their basic contact details (email address) and other data, that we need for responding to a contact request. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment.
What rights do you have regarding personal data relating to you?
Withdraw your consent
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above.
Access to data
You have the right to be confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.
Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.
Right to data portability
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided us to another services provider in a commonly used electronic format.
How can you use your rights?
You can execute and use your rights by contacting us, for instance by using the contact details provided above. Remember also that we need to verify your identity. If you consider that the processing of your personal data is not lawful, you can always also make a notification to the supervising authority (tietosuojavaltuutettu).
Can this privacy statement be updated?