Codemen Oy – Data protection


Updated on 23 May 2018

On these pages, you can find general information about Codemen Oy’s data protection practices as well as our data protection and registration statements in compliance with the EU’s General Data Protection Regulation (GDPR, 679/2016).

GENERAL

Codemen Oy is a consulting firm and partner network delivering information technology services and software solutions. Our strong know-how and the extensive experience of our staff result in the highest-quality, data secure solutions, in which personal data protection is taken into account in a responsible manner and as required by the laws and regulations.

Codemen Oy strives to continuously improve the management level of data security and data protection while preventing the threats they are subjected to. We implement this together with our entire staff and all our stakeholders.

Our data security and data protection objectives are determined in our firm’s data security policies, which are part of our firm’s risk management based on ISO-27001 and ISO-9001 standards, VAHTI recommendations, and information technology best practices.

Codemen Oy follows standards regarding data security and data protection, legislation and regulations. If changes happen to them, we initiate the required action, if needed.

The central objectives of our data security policies are:

– Undisturbed and information secure functioning of information systems supporting the firm’s functioning
– Undisturbed and information secure functioning of the services deliver by the firm to its customers
– Prevention of destruction and unauthorised alteration of information content
– Prevention of intrusion into information systems and unauthorised use of data
– Ensuring personal data protection and rights
– Ensuring functional continuity in exceptional circumstances through continuity planning and backup arrangements

Our staff are obliged to participate in relevant training and to commit to upholding data security policies and guidance.

MARKETING REGISTER

1. REGISTER HOLDER

Codemen Oy (Business ID: 2577936-4)
Malminkatu 34, 00100 Helsinki
+358 10 336 2600

2. CONTACT FOR MATTERS RELATING TO DATA PROTECTION

Data protection officer
Mika Myllynen
tel.: +358 (40) 526 4875
e-mail: mika.myllynen (at) codemen.fi

Contact requests regarding matters relating to data protection are to be addressed to tietosuoja (at) codemen.fi

3. NAME OF THE REGISTER

Codemen Oy’s marketing register

4. LEGAL GROUNDS AND INTENDED USE OF PERSONAL DATA

The legal grounds for the use of personal data is the register holder’s legitimate interest.

Personal data are used for the distribution of register holder’s newsletters, for the marketing of services and events, for maintaining communication with potential and current customers and partners, and for maintaining customer and partner relations.

5. THE REGISTER’S INFORMATION CONTENT

The register may include the following information:
– first and last name
– position
– employer and employer’s contact information
– email address
– telephone number

Furthermore, information concerning a registered person’s participation in or registration to events organised by the registration holder may be collected in the register.

6. REGULAR INFORMATION SOURCES

The information contained in the register is collected through customer or partnership relations, through contact forms on the website as well as through registrations to and participation in events.

7. RELEASE OF CONTENT IN THE REGISTER

In principle, the contents of the register are not released, nor are they being transferred outside of the EU and European economic area. Certain information may, however, be released, for example to authorities, on the basis of a legal requirement.

8. PROTECTION OF THE REGISTER

The register exists only in electronic form on the firm’s high-security classified cloud service and is protected by the most appropriate administrative and technical protection methods.

Access to the register is only possible over an encrypted connection and with a personal username and password. Use of the register is confidential and the right of usage is limited exclusively to the register holder’s own staff, whose tasks require the right to use the register. The register holder’s staff are bound to secrecy and have received appropriate training regarding data security and data protection.

9. DURATION OF INFORMATION STORAGE

The information collected in the register is stored only as long and as extensively as is necessary in relation to their intended use. The register’s data contents, legal grounds for their usage and need for processing are assessed at least every three years.

10. REGISTERED PERSONS’ RIGHTS

a) The right to access personal information

Registered persons have the right to receive confirmation of whether personal information relating to them is being processed and, if this is the case, they have the right to receive a copy of such personal information.

b) The right of correction

Registered persons have the right to request that incorrect or ambiguous personal information concerning themselves be corrected or supplemented.

c) The right to removal of information

Registered persons have the right to request the removal of personal information concerning themselves if:
– the personal information is no longer needed for the original intended use
– the personal information has been processed unlawfully

d) The right to limit processing

Registered persons have the right to limit the processing of personal information concerning themselves if:
– the registered person disputes the validity of the information
– processing is unlawful and the registered person objects to removal while instead demanding that their use is being limited
– the register holder no longer needs the information for their original intended use, but the registered person needs it in order to submit, present or defend a legal claim

e) The right to oppose

Registered persons have the right to oppose the processing of information concerning themselves on the basis of personal circumstances in case the register holder cannot demonstrate that there is a significantly important and justified reason for processing, which supersedes the registered person’s interests, rights and freedoms, or if it is necessary in order to submit, present or defend a legal claim.

f) The right to transfer data from one system to another

Registered persons have the right to receive all of the register’s information concerning themselves in commonly used as well as machine-readable form, and they have the right to transfer the information in question to another register holder.

g) The right to submit a complaint to the supervisory authority

A registered person has the right to file a complaint with the national supervisory authority, a data protection supervisor collaborating with the ministry of justice, in case the registered person finds that the relevant legislation pertaining to the processing of their personal information has been violated.

MORE INFORMATION

All requests for information and other contact are to be directed to the contact address of the person responsible for matters concerning the register as mentioned under section 2.

RECRUITMENT REGISTER

1. REGISTER HOLDER

Codemen Oy (Business ID: 2577936-4)
Malminkatu 34, 00100 Helsinki
+358 10 336 2600

2. CONTACT IN MATTERS CONCERNING DATA PROTECTION

Data protection officer
Mika Myllynen
tel.: +358 (40) 526 4875

e-mail: mika.myllynen (at) codemen.fi

Contact requests in matters concerning data protection are directed at tietosuoja (at) codemen.fi

3. NAME OF THE REGISTER

Codemen Oy’s recruitment register

4. LEGAL GROUNDS AND INTENDED USE OF PERSONAL DATA

The legal grounds for the processing of personal data is the registered person’s consent. A job application and its possible attachments, submitted by a registered person, are considered to constitute consent.

Personal data are used in the register holder’s recruitment processes.

5. THE REGISTER’S INFORMATION CONTENT

By its nature, the register’s contents cannot be completely determined per person in advance as it may contain information that is freely provided by the person in question. Normally, the register will include at least the following information:
– first and last name
– contact information (such as address, email address, telephone number)
– date of birth
-wishes concerning the job’s content and compensation
– information concerning education, work experience, and skills profile
– other, additional information, freely provided by the person in question
– additional information submitted as attachments, such as CV, work samples, etc.

6. REGULAR INFORMATION SOURCES

Primarily, the information source is the registered person. In addition, more limited information about recruitment candidates who are potentially to be contacted may be collected, for example, through collaboration partners, the firm’s own staff or the information published by the registered person (for example, on social media).

7. RELEASE OF CONTENT IN THE REGISTER

Content in the register which has been collected with the registered person’s consent may be released to staff of Codemen Oy taking part in the recruitment process as well as to potential assignment commissioners of the registered person, who are clients of Codemen Oy.

Information that has been collected other than from the registered person themselves will not be released to anyone else but Codemen Oy’s staff taking part in the recruitment process.

Furthermore, information may be released, for example to authorities, on the basis of a legal requirement.

Contents of the register are not transferred outside of the EU and European economic area.

8. PROTECTION OF THE REGISTER

The register exists in electronic form on the firm’s high-security classified cloud service and is protected by the most appropriate administrative and technical protection methods. Furthermore, parts of the register may be printed as paper copies.

Access to the register is only possible over an encrypted connection and with a personal username and password. Use of the register is confidential and the right of usage is limited exclusively to the register holder’s own staff, whose tasks require the right to use the register. The register holder’s staff are bound to secrecy and have received appropriate training regarding data security and data protection.

Paper copies are stored in a locked condition to which only the register holder’s own staff, whose tasks require the right to use the register, have access.

9. DURATION OF INFORMATION STORAGE

The information collected in the register is assessed yearly. Together with the assessment, information on which part the recruitment process has not resulted in a work relationship will be removed. The information pertaining to a recruitment process resulting in a work relationship is immediately removed from the recruitment register.

10. REGISTERED PERSONS’ RIGHTS

a) The right to access personal information

Registered persons have the right to receive confirmation of whether personal information relating to them is being processed and, if this is the case, they have the right to receive a copy of such personal information.

b) The right of correction

Registered persons have the right to request that incorrect or ambiguous personal information concerning themselves be corrected or supplemented.

c) The right to removal of information

Registered persons have the right to request the removal of personal information concerning themselves if:
– the personal information is no longer needed for the original intended use
– the personal information has been processed unlawfully

d) The right to limit processing

Registered persons have the right to limit the processing of personal information concerning themselves if:
– the registered person disputes the validity of the information
– processing is unlawful and the registered person objects to removal while instead demanding that their use is being limited
– the register holder no longer needs the information for their original intended use, but the registered person needs it in order to submit, present or defend a legal claim

e) The right to oppose

Registered persons have the right to oppose against the processing of information concerning themselves on the basis of personal circumstances in case the register holder cannot demonstrate that there is a significantly important and justified reason for processing, which supersedes the registered person’s interests, rights and freedoms, or if it is necessary in order to submit, present or defend a legal claim.

f) The right to transfer data from one system to another

Registered persons have the right to receive all of the register’s information concerning themselves in commonly used as well as machine-readable form, and they have the right to transfer the information in question to another register holder.

g) The right to submit a complaint to the supervisory authority

A registered person has the right to file a complaint with the national supervisory authority, a data protection supervisor collaborating with the ministry of justice, in case the registered person finds that the relevant legislation pertaining to the processing of their personal information has been violated.

MORE INFORMATION

All requests for information and other contact are to be directed to the contact address of the person responsible for matters concerning the register as mentioned under section 2.

Interested?

Contact us

  • This field is for validation purposes and should be left unchanged.

Get the latest news in software development directly to your inbox!

  • This field is for validation purposes and should be left unchanged.