Privacy Policy

The EU Data Protection Regulation will enter into force on 25 May 2018. The purpose of the regulation is to make the processing of personal data more transparent and to increase the protection of personal data. 

The basic principles regarding the processing of personal data and the rights of data subjects shall remain largely unchanged under the reform. People will continue to have the right to, for example, check information about themselves, ask for incorrect information to be corrected and for unnecessary information to be deleted.

However, the reform introduces some new rights. You will be able to obtain your data electronically from the data controller, and transferring data from one system to another shall become easier.

WHAT DOES THE EU DATA PROTECTION REGULATION MEAN FOR YOU?

If you wish to check Herman IT ‘s registry for information about you:

Bring your ID and come to our office, where you can fill out a data verification request form. After you have presented your identification and provided the required information, the form shall be sent to the Herman IT controller, who shall provide you with the relevant information in our register.

If you do not want to check the information about you held in the Herman IT registry:

The EU Data Protection Regulation does not require you to take action.

 

 

DATA PROTECTION STATEMENT DIRECT MARKETING

1 JOINT CONTROLLERS AND CONTACT INFORMATION

Kainuun Puhelinosuuskunta (KPO)

Pohjolankatu 20

87100 Kajaani

Business ID: 0185497-2

 

Puhelinosuuskunta IPY

Pohjolankatu 5

74100 Iisalmi

Business ID: 0170403-4

 

Kaisanet Oy

Pohjolankatu 20

87100 Kajaani

Business ID: 2366937-2

 

Herman IT Oy

Lönnrotinkatu 12 A 1. krs

87100 Kajaani

Business ID: 2392690-6

 

2 PERSON AND/OR CONTACT PERSON RESPONSIBLE FOR REGISTRATION MATTERS AND CORRESPONDING CONTACT INFORMATION

Data Protection Officer

tietosuojavastaava@kpo.fi

 

3 NAME OF REGISTER

Direct Marketing Register

 

4 PURPOSE OF THE PROCESSING OF PERSONAL DATA (INTENDED USE OF REGISTER)

Personal data may be used for direct mail advertising, distance selling and other direct marketing, opinion or market research, or other equivalent addressed shipments from joint controllers and partners. Marketing can also be done electronically, for example via e-mail or mobile phone.

 

5 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Article 6 of the 2016/679 Data Protection Regulation

 

6 INFORMATION CONTENT OF REGISTER

Name, position or occupation, age or year of birth, social security number, gender, mother tongue, address and other contact details, preferred forms of contact, direct marketing authorisation and opting out information, one other piece of identifying data regarding the data subject, and information modification data. Other information if the data subject has given their consent.

 

7 REGULAR SOURCES OF INFORMATION

(Section 10 of the Personal Data Act does not explicitly require that note be taken of the information, but it can be useful in order to facilitate data subjects’ right of access. It also partly describes the information content of the register.) Personal data is collected when a data subject registers for a marketing competition or other similar event, when they register for the services of joint controllers, or otherwise directly from the data subject. Personal data may also be collected and updated from the registers of joint controllers and companies belonging to the same group, the Population Register, the restriction register maintained by the Finnish Competition and Consumer Authority (ASML) and other similar public and private registers.

 

8 REGULAR INFORMATION DISCLOSURE

Clients’ data shall not be disclosed to third parties acting on behalf of the joint register or participating in the production of the service package. Information shall be provided to authorities in cases required by law. Data shall not be disclosed to countries outside the European Union or to international organisations.

 

9 TRANSFERRING DATA OUTSIDE THE EU/

Data shall not be transferred outside the EU or the EEA

 

10 PERSONAL DATA RETENTION PERIOD

Personal data shall be kept only for the purposes necessary for the operations of the controller or in accordance with official obligations.

 

11 RIGHTS OF DATA SUBJECTS

In accordance with Articles 12 to 22 of the General Data Protection Regulation, data subjects have the following rights:

– Data subject’s right to access their data

– Right to rectify data

– Right to delete data (‘right to be forgotten’)

– Right to restrict processing

– Obligation regarding rectification or erasure of personal data or restriction of processing

– Right to data portability

– Right of opposition

 

12 GENERAL DESCRIPTION OF TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

The information security of registers and the confidentiality, integrity and availability of personal data shall be ensured by means of appropriate technical and administrative measures. Data and services shall be protected by means of, among other things, a firewall, protection of physical IT area, access control, access rights and encryption technologies, and the active monitoring of all the above. Personal data shall be protected against unauthorised access and against illegal or accidental data processing.

 

Personal data shall only be processed by persons designated by the joint controller who are employed by the joint controller or by third parties who maintain or develop services on behalf of the joint controller. These persons must sign into the systems using a unique username and password.

 

13 AUTOMATIC DECISION MAKING

Personal data in the register is not only used for automatic decision-making.

 

14 REPORTING SECURITY BREACHES

Article 33 of the 2016/679 Data Protection Regulation

 

15 RIGHT OF APPEAL TO A SUPERVISORY AUTHORITY

The data subject has the right to lodge a complaint with a supervisory authority

 

 

PRIVACY POLICY RECRUITMENT

1 JOINT CONTROLLERS AND CONTACT INFORMATION

Kainuun Puhelinosuuskunta (KPO)

Pohjolankatu 20

87100 Kajaani

Business ID: 0185497-2

 

Herman IT Oy

Lönnrotinkatu 12 A 1. krs

87100 Kajaani

Business ID: 2392690-6

 

Kaisanet Oy

Pohjolankatu 20

87100 Kajaani

Business ID: 2366937-2

 

2 PERSON AND/OR CONTACT PERSON RESPONSIBLE FOR REGISTRATION MATTERS AND CORRESPONDING CONTACT INFORMATION

Data Protection Officer

tietosuojavastaava@kpo.fi

 

3 NAME OF REGISTER

Recruitment Register

 

4 PURPOSE OF THE PROCESSING OF PERSONAL DATA (INTENDED USE OF REGISTER)

Personal information may be processed for recruitment purposes

 

5 LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA

Article 6 of the 2016/679 Data Protection Regulation

 

6 INFORMATION CONTENT OF REGISTER

Person’s name, phone number, email address, LinkedIn profile address, personal information provided by persons themselves.

 

7 REGULAR SOURCES OF INFORMATION

From data subjects themselves.

 

8 REGULAR INFORMATION DISCLOSURE

Clients’ data shall not be disclosed to third parties acting on behalf of the joint controller or participating in the production of the service package. Data shall not be disclosed to countries outside the European Union or to international organisations.

 

9 TRANSFERRING DATA OUTSIDE THE EU / EEA

Data shall not be transferred outside the EU or the EEA

 

10 PERSONAL DATA RETENTION PERIOD

Personal data shall only be kept for the time period necessary for the recruitment process. In open applications, the applicant can choose a retention period of either 3 or 6 months.

 

11 RIGHTS OF THE DATA SUBJECT

In accordance with Articles 12 to 22 of the General Data Protection Regulation, the data subject has the following rights:

– Data subject’s right to access their data

– Right to rectify data

– Right to delete data (‘right to be forgotten’)

– Right to restrict processing

– Obligation regarding rectification or erasure of personal data or restriction of processing

– Right to data portability

– Right of opposition

– Right to prohibit the processing and disclosure of information related to them for direct mail advertising, distance selling and other direct marketing, as well as market and opinion research. This right can be exercised by contacting our customer service.

 

12 GENERAL DESCRIPTION OF TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

The information security of registers and the confidentiality, integrity and availability of personal data shall be ensured by means of appropriate technical and administrative measures. Data and the service shall be protected by means of, among other things, a firewall, protection of physical IT area, access control, access rights and encryption technologies, and the active monitoring of all the above. Personal data is protected against unauthorised access and against illegal or accidental data processing.

 

Personal data shall only be processed by persons designated by the joint controller who are employed by the joint controller and by third parties who maintain or develop services on behalf of the joint controller. These persons must sign into the systems using a unique username and password.

 

13 AUTOMATIC DECISION MAKING

Personal data in the register is not only used for automatic decision-making.

 

14 REPORTING SECURITY BREACHES

Articles 33 and 34 of the Data Protection Regulation 2016/679

 

15 RIGHT OF APPEAL TO A SUPERVISORY AUTHORITY

The data subject has the right to lodge a complaint to a supervisory authority.