Privacy note

Updated on 27 September 2021

On these pages, you can find general information about Codemen Oy’s data protection practices as well as our data protection and registration statements in compliance with the EU’s General Data Protection Regulation (GDPR, 679/2016).

GENERAL

Codemen Oy is a consulting firm and partner network delivering information technology services and software solutions. Our strong know-how and the extensive experience of our staff result in the highest-quality, data secure solutions, in which personal data protection is taken into account in a responsible manner and as required by the laws and regulations.

Codemen Oy strives to continuously improve the management level of data security and data protection while preventing the threats they are subjected to. We implement this together with our entire staff and all our stakeholders.

Our data security and data protection objectives are determined in our firm’s data security policies, which are part of our firm’s risk management based on ISO-27001 and ISO-9001 standards, VAHTI recommendations, and information technology best practices.

Codemen Oy follows standards regarding data security and data protection, legislation and regulations and adapts as needed for when these change or update.

The central objectives of our data security policies are:

  • Undisturbed and information secure functioning of information systems supporting the company continuity
  • Undisturbed and information secure functioning of the services deliver by the firm to its customers
  • Prevention of destruction and unauthorised alteration of data
  • Prevention of intrusion into information systems and unauthorised use of data
  • Ensuring personal data protection and rights
  • Ensuring functional continuity in exceptional circumstances through continuity planning and backup arrangements

Our staff are obliged to participate in relevant training and to commit to upholding data security policies and guidance.

 

MARKETING REGISTER

1. REGISTER HOLDER

Codemen Oy (Business ID: 2577936-4) Malminkatu 34, 00100 Helsinki +358 10 336 2600

2. CONTACT FOR MATTERS RELATING TO DATA PROTECTION

Data protection officer Tuomas Huokuna

tel.: +358 (50) 466 2727 e-mail: tuomas.huokuna (at) codemen.fi

Contact requests regarding matters relating to data protection are to be addressed to tietosuoja (at) codemen.fi

3. NAME OF THE REGISTER

Codemen Oy’s marketing register

4. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data and necessary cookies is the legitimate interest and provision of service by the controller.

For other cookies, the processing is based on the user’s consent. User may edit their cookie consent through the page cookie options (changeable on the website).

Some cookies are necessary for the operation of the website. Other cookies are used by the

Controller to improve the user experience and to develop its business.

Personal information is used to send the Controller’s newsletters, to market services and events, and to communicate with potential and current customers and partners and to maintain customer and partnership relationships.

5. THE REGISTER’S DATA CONTENT

The register may include the following information:

  • first and last name
  • position
  • employer and employer’s contact information
  • email address
  • telephone number

 

Furthermore, information concerning a registered person’s participation in or registration to events organised by the registration holder may be collected in the register.

 

6. REGULAR DATA SOURCES

The information contained in the register is collected through customer or partnership relations, through contact forms on the website as well as through registrations to and participation in events.

7. DISCLOSURE OF CONTENTS OF THE REGISTER

In principle, the contents of the register are not released or transferred outside of the EU and European Economic Area. Certain information may, however, be released, for example to authorities, on the basis of a legal requirement.

8. PROTECTION OF THE REGISTER

The register exists only in electronic form on the firm’s high-security classified cloud service and is protected by the most appropriate administrative and technical protection methods.

Access to the register is only possible over an encrypted connection and with a personal username and password. Use of the register is confidential and the right of usage is limited exclusively to the controller’s own staff, whose tasks require the right to use the register. The controller’s staff are bound to secrecy and have received appropriate training regarding data security and data protection.

9. DURATION OF DATA STORAGE

The data collected in the register is stored only as long and as extensively as is necessary in relation to their intended use. The register’s data contents, legal grounds for their usage and need for processing are assessed at least every three years.

10. DATA SUBJECT’S RIGHTS

a) The right to access personal information

Registered persons have the right to receive confirmation of whether personal information relating to them is being processed and, if this is the case, they have the right to receive a copy of such personal information.

b) The right of correction

Registered persons have the right to request that incorrect or ambiguous personal information concerning themselves be corrected or supplemented.

c) The right to removal of information

Registered persons have the right to request the removal of personal information concerning themselves if:

  • the personal information is no longer needed for the original intended use
  • the personal information has been processed unlawfully

 

d) The right to limit processing

Registered persons have the right to limit the processing of personal information concerning themselves if:

  • the registered person disputes the validity of the information
  • processing is unlawful and the registered person objects to removal while instead demanding that their use is being limited
  • the register holder no longer needs the information for their original intended use, but the registered person needs it in order to submit, present or defend a legal claim

 

e) The right to object

Registered persons have the right to oppose the processing of information concerning themselves on the basis of personal circumstances in case the register holder cannot demonstrate that there is a significantly important and justified reason for processing, which supersedes the registered person’s interests, rights and freedoms, or if it is necessary in order to submit, present or defend a legal claim.

f) The right to transfer data from one system to another

Registered persons have the right to receive all of the register’s information concerning themselves in commonly used as well as machine-readable form, and they have the right to transfer the information in question to another register holder.

g) The right to submit a complaint to the supervisory authority

A registered person has the right to file a complaint with the national supervisory authority, a data protection supervisor collaborating with the ministry of justice, in case the registered person finds that the relevant legislation pertaining to the processing of their personal information has been violated.

MORE INFORMATION

All requests for information and other contact are to be directed to the contact address of the person responsible for matters concerning the register as mentioned under section 2.

 

RECRUITMENT REGISTER

1. REGISTER HOLDER

Codemen Oy (Business ID: 2577936-4) Malminkatu 34, 00100 Helsinki +358 10 336 2600

2. CONTACT IN MATTERS CONCERNING DATA PROTECTION

Data protection officer Tuomas Huokuna

tel.: +358 (50) 466 2727 e-mail: tuomas.huokuna (at) codemen.fi

Contact requests regarding matters relating to data protection are to be addressed to tietosuoja (at) codemen.fi

3. NAME OF THE REGISTER

Codemen Oy’s recruitment register

4. LEGAL BASIS AND INTENDED USE OF PERSONAL DATA

The legal basis for the processing of personal data is the registered person’s consent and the legitimate interest of the Controller. A job application and its possible attachments, submitted by a registered person, are considered to constitute consent.

Personal data are used in the controller’s recruitment processes.

5. THE REGISTER’S DATA CONTENT

By its nature, the register’s contents cannot be completely determined per person in advance as it may contain information that is freely provided by the person in question. Normally, the register will include at least the following information:

  • first and last name
  • contact information (such as address, email address, telephone number)
  • date of birth
  • wishes concerning the job’s content and compensation
  • information concerning education, work experience, and skills profile
  • other, additional information, freely provided by the person in question
  • additional information submitted as attachments, such as CV, work samples, etc.
6. REGULAR DATA SOURCES

Primarily, the information source is the registered person. In addition, more limited information about recruitment candidates who are potentially to be contacted may be collected, for example, through collaboration partners, the firm’s own staff or the information published by the registered person (for example, on professional social media (LinkedIn)).

7. DISCLOSURE OF CONTENTS IN THE REGISTER

Content in the register which has been collected with the registered person’s consent may be released to staff of Codemen Oy taking part in the recruitment process as well as to potential assignment commissioners of the registered person, who are clients of Codemen Oy.

Information that has been collected other than from the registered person themselves will not be released to anyone else but Codemen Oy’s staff taking part in the recruitment process.

Furthermore, information may be released, for example to authorities, on the basis of a legal requirement.

Contents of the register are not transferred outside of the EU and European economic area.

8. PROTECTION OF THE REGISTER

The register exists in electronic form on the firm’s high-security classified cloud service and is protected by the most appropriate administrative and technical protection methods. Furthermore, parts of the register may be printed as paper copies.

Access to the register is only possible over an encrypted connection and with a personal username and password. Use of the register is confidential and the right of usage is limited

exclusively to the controller’s own staff, whose tasks require the right to use the register. The controller’s staff are bound to secrecy and have received appropriate training regarding data security and data protection.

Paper copies are stored in a locked condition to which only the controller’s own staff, whose tasks require the right to use the register, have access.

9. DURATION OF DATA STORAGE

The information collected in the register is assessed yearly. Together with the assessment, information on which part the recruitment process has not resulted in a work relationship will be removed. The information pertaining to a recruitment process resulting in a work relationship is immediately removed from the recruitment register.

10. DATA SUBJECT’S RIGHTS

a) The right to access personal information

Registered persons have the right to receive confirmation of whether personal information relating to them is being processed and, if this is the case, they have the right to receive a copy of such personal information.

b) The right of correction

Registered persons have the right to request that incorrect or ambiguous personal information concerning themselves be corrected or supplemented.

c) The right to removal of information

Registered persons have the right to request the removal of personal information concerning themselves if:

  • the personal information is no longer needed for the original intended use
  • the personal information has been processed unlawfully

 

d) The right to limit processing

Registered persons have the right to limit the processing of personal information concerning themselves if:

  • the registered person disputes the validity of the information
  • processing is unlawful and the registered person objects to removal while instead demanding that their use is being limited
  • the register holder no longer needs the information for their original intended use, but the registered person needs it in order to submit, present or defend a legal claim

 

e) The right to object to processing

Registered persons have the right to oppose against the processing of information concerning themselves on the basis of personal circumstances in case the register holder cannot demonstrate that there is a significantly important and justified reason for processing, which supersedes the registered person’s interests, rights and freedoms, or if it is necessary in order to submit, present or defend a legal claim.

f) The right to transfer data from one system to another

Registered persons have the right to receive all of the register’s information concerning themselves in commonly used as well as machine-readable form, and they have the right to transfer the information in question to another register holder.

g) The right to submit a complaint to the supervisory authority

A registered person has the right to file a complaint with the national supervisory authority, a data protection supervisor collaborating with the ministry of justice, in case the registered person finds that the relevant legislation pertaining to the processing of their personal information has been violated.

MORE INFORMATION

All requests for information and other contact are to be directed to the contact address of the person responsible for matters concerning the register as mentioned under section 2.