Data protection
Promeco appreciates your privacy and places the highest importance on protecting the integrity of your data, whether about you, your company, your transactions, your products or your services. In this Data protection page we provide you with information about personal data processing and data protection in Promeco Group and its’ subsidiaries.
We arrange and process the personal data we collect by dividing the data into certain categories. Before further continuing your activities with Promeco, we recommend you to familiarize yourself with Promeco data protection information. Depending on your role, you can find navigate to the relevant subpage below.
Effective date: May 3, 2018
Promeco Group Oy (FI21752500) as the parent company of Promeco Oy (FI18640129) and VM-Group Oy (FI07851860), (also “Promeco”, “we”, “us”, “our” above and below), places the highest priority on protecting the integrity of your data, whether about you, your company, your transactions, your products or your service. We collect and process your personal data always in accordance with all applicable laws and regulations.
This Website Data Protection Statement (the “Statement”) describes collection and processing of personal data in connection with your use of Promeco websites (the “Site”, any public internet page of Promeco).
Most of the pages on the Site are provided mainly for information purposes and generally we do not, automatically or otherwise, collect or process any personal data (i.e. any data identifying you directly or indirectly such as your name, address or email address) about you as you visit our Site. However, we may collect and process your personal data e.g.:
– When it is provided by you in connection of any specific function of our Site. Examples of such special functions include submitting a feedback form or job application as well as registering to our commercial services; and
– Through use of cookies (as explained below) if you use our services as a registered user.
If we collect and process your personal data, we will inform you about it explicitly and in detail. Please visit our Data Protection Pages for further information.
From time to time, Promeco may place information on your computer which allows Promeco to recognize your computer. This information is commonly known as a “cookie”. Information we collect by using cookies is in anonymous form except when we use cookies with our registered and therefore identified users. Please visit our Cookie Statement which explains our cookies in detail.
Other Websites
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites are separate from our Sites and do not operate under this Statement, but have their own privacy policies, data protection statements or similar announcements/devices. We do not accept any responsibility or liability for these policies, statements and announcements/devices or the lack of them or your use of such websites. Please check these policies, statements and announcements/devices before you submit any personal data to these websites.
Changes to this statement
From time to time, Promeco may change or amend this Statement. In addition, Promeco may modify or revoke access to the Site at any time with or without notice. It is the recommendation of Promeco that you revisit this Statement periodically to review any changes to this Statement.
Contact us
If you want to contact Promeco in data protection related matters, please send us an e-mail at data.protection(at)promeco.fi
Effective Date: 17 October 2017
Protecting the integrity of your data, whether about you, your company, your transactions, your products or your service, is our highest priority. The commitment to keep your personal data confidential and secure at all times and the personal data processing practices in our business activities are explained below. Your personal data is processed in accordance with all applicable laws and regulations.
When you are representing our customer or vendor company and engaged with us (e.g. using or buying the services, or selling products or services to us) (“Business Activity”), this Contact Data Protection Statement (“Statement”) is intended to provide you with general information on the processing of your personal data (“Contact Data”).
We arrange and process the Contact Data we collect in two data files, one for our customer contacts and another for our vendor contacts. Additional and more detailed data protection information applicable to each of these data files and Contact Data processed in the context of them is available in:
(each “Description”, further references to this Statement below include also the contents of the relevant Description or both Descriptions unless otherwise stated case by case).
In case of possible discrepancy, the information provided in the relevant Description prevails over the information presented in this Statement.
Please read this Statement carefully prior to accessing or participating in any Business Activity. By accessing or participating in the Business Activity and/or submitting (directly or indirectly) your Contact Data in connection with the Business Activity, you express your understanding to the processing of your Contact Data in the manner provided in this Statement. Otherwise, we expect you will immediately discontinue accessing or participating in the Business Activity, and you will not provide or will cease to provide your Contact Data to us. However, please note that absence of your Contact Data might fully or partially prevent us from fulfilling or executing the Business Activity.
Our Data Collection Methods
Accessing or participating in some Business Activities may require you to register personally for a user account in which you will need to provide us with certain basic Contact Data. Depending on the Business Activity, it is also possible that all or certain Contact Data is collected interactively from you (e.g. in a sales meeting or by phone) without subjecting you to any computerized data collection method.
In addition to collecting Contact Data from you personally, we may collect your Contact Data from your employer (or your colleagues or superiors) or from our own employees and other persons providing services for us.
Furthermore, in the course of your participation in any Business Activity electronically, we may automatically track certain Contact Data concerning you, such as IP address, the source of visit and type of your web browser even prior to explicitly requesting any of your Contact Data.
The Data We Collect and Process
Basic Contact Data consists typically of your name, email address, street address, country of residence, telephone number and the name of your employing company (if applicable).
In addition, we may collect other types of Contact Data that are necessary for the Business Activity in question. Detailed information concerning the types and processing of Contact Data is available in the relevant Description.
Generally, to the extent permitted by applicable laws and regulations, we retain your Contact Data at most ten (10) years after the last Business Activity where you have been involved. Additionally, as the case may require, we may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to our obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.
The Purposes of Data Collection and Processing
The primary purpose of collecting and processing your Contact Data is to make the Business Activity and related products and services available for you. Additionally, among other defined processing purposes, we may use your Contact Data to communicate with you. For instance, we may provide additional information relating to our services or other similar topics. The information may contain advertising in the form of electronic direct marketing or otherwise. If direct marketing is included in the Business Activity, we take into account related special safeguard requirements, including consistently providing you with the option to unsubscribe from our marketing activities. We may also use your Contact Data for research and development purposes such as improving and developing our IT systems and business processes. All detailed purposes of processing of your Contact Data are available in the relevant Description.
At all times and independent of any single purpose of processing we strive for efficient and secure Contact Data processing. This includes continued development of the Business Activities to ensure high quality and a broader scope and availability of our services.
Lawfulness of Processing of Contact Data
Processing of your Contact Data is generally and primarily based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and lawful business according to applicable legislation.
Secondarily, for certain Contact Data subjects, our processing of Contact Data is based on direct or indirect contractual relationship.
Disclosures and Transfers of Contact Data
Your Contact Data is generally not disclosed (to be independently processed for purposes other than ours) to third parties outside our affiliates. In some circumstances, we may have to disclose your Contact Data by law, because a court or the police or other law enforcement agency has asked us for it. Your Contact Data may, however, be transferred to our affiliates or to third parties (e.g. subcontractors) who process Contact Data on our behalf for the purposes described in this Statement and in the relevant Description. In this way, we do not release the Contact Data from our effective control.
Due to technical and practical requirements, your Contact Data may be processed in locations other than the country in which you are situated, including locations outside the European Union or European Economic Area (incl. Switzerland). Therefore, countries to which your Contact Data may be sent/accessed from may have a different standard of data protection than the country in which you are situated. However, in all such cases, the processing of Contact Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses) and our data processing policies and instructions.
We may also share your Contact Data with a purchaser or potential purchaser of our business.
We may provide aggregate statistics about our customers, sales, traffic patterns, and other related Business Activity information to reputable third parties, but these statistics are anonymized and will not include your Contact Data.
Security
Unfortunately, the transmission of information via the internet is not completely secure. We cannot fully guarantee the security of your Contact Data transmitted to us; any such transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized and illegal access, alteration and denial of use of your Contact Data.
Use of Cookies
From time to time, we may place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your internet protocol (IP) address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve availability and quality of the Business Activity. A separate Cookie Statement explains the cookies in detail (references to this Statement above and below include also the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement and relevant Description.
Your Rights
At any time, you have the right to:
- Object the processing of your Contact Data;
- Opt-out as a recipient of any of our marketing activities (including electronic direct marketing), opinion polls or market research.
At any time, you have also the right to:
- Gain access to your Contact Data;
- Verify the accuracy of your Contact Data;
- At your request, have your incomplete, inaccurate or outdated Contact Data modified or erased; and
- Under certain circumstances, restrict the processing of your Contact Data;
- Under certain circumstances, be forgotten by us;
- Receive your Contact Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller when the processing is necessary for performance of a contract where you are involved; and
- Lodge a complaint with a supervisory authority.
For more detailed description of your rights, please see the Description. In order to use these rights, contact us to the contact information provided below or in the Description.
Other Websites
Our Business Activity related information sources may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites are separate from our websites and do not operate under this Statement or any other data protection communication of us, but have their own privacy policies, data protection statements or similar announcements. We do not accept any responsibility or liability for these policies, statements and announcements or the lack of them or your use of such websites. Please check these policies, statements and/or any other data protection documents before you submit any Contact Data to these websites.
Changes to This Statement
From time to time, this Statement may have to be changed or amended. In addition, the access to the Business Activity may be modified or revoked at any time with or without notice. It is therefore recommended that you revisit this Statement periodically to review any changes to this Statement.
Our Responsibility and Contacting Us
Promeco Group Oy (FI21752500) as the parent company of Promeco Oy (FI18640129) and VM-Group Oy (FI07851860), (also “Promeco”, “we”, “us”, “our” above and below), are the data controllers for your personal data. Promeco has the general responsibility and ultimate mastery on Contact Data and Promeco Group Oy is responsible for transfers of Contact Data outside EU/EEA, as well as centralized IT subcontracting. Other companies belonging to Promeco group of companies may act as data processors for your personal data on behalf of the data controllers.
If you want to contact us on data protection related matters, please send us an e-mail at data.protection(at)promeco.fi
Additional Business Activity data protection contact information (including mailing address and telephone numbers) is available in the relevant Descriptions.
EU GDPR Compliant version
Effective Date: 3 May 2018
| Data File Name: | Promeco Customer Data Protection Description (PRO1-1021027536-16) |
| Legal Basis for the Processing and Purpose of Use of the Personal Data: | Processing of personal data (“Contact Data”) is generally and primarily based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and legitimate business according to applicable legislation. Secondarily, for certain data subjects, the processing of Contact Data is based on direct or indirect contractual relationship between data subjects and data controllers. Purposes of use: 1) Business development and reporting; 2) Quality management; 3) Research and development of products and services; 4) Research and development of Promeco Group (Promeco Oy, VM-Group Oy) IT infrastructure; 5) Marketing activities; 6) Sales activities; 7) Customer relationship management (“CRM”); 8) Manufacturing of products; 9) Delivery of products and services (incl. access to Promeco Group digital channels); 10) Invoicing, taxation and related financial transactions; and 11) Ensuring the integrity of Promeco Group business environment and processes (incl. eventual non-continuous system monitoring for the prevention or inspection of misuse as the case may require). |
| Data Content: | First name; Last name; Salutation; Title; Company (employer); Job role; Decision role; Street Address; Postal Code; City; State; Country; Telephone number; Mobile phone number; Telephone extension; Fax number; Email address; Miscellaneous business information (free text field); Customer survey communication prohibition; Cookie consent; |
| Data Subjects: | Any natural persons representing customer companies of Promeco Group. |
| Regular Sources of Data: | Customer contact persons themselves, other persons representing the customer companies of Promeco Group, employees and other persons working for or representing Promeco Group. |
| Regular Disclosures of Data and Transfer of Data to countries outside EU and/or EEA: | Contact Data are not disclosed (to another controller for independent use unless required by the law such as to authorities) regularly except within companies of Promeco Group and even then at all times in accordance with applicable laws. Contact Data are transferred outside EU and/or EEA only as allowed by and in accordance with applicable laws. In case of absence of EU Commission adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision 2010/87/EU) are used as appropriate or suitable safeguards for these data transfers. Copies of the standard contractual clauses will be available through the contact details mentioned below. Furthermore, if EU Commission adequacy decisions are applicable we may rely on them. If Contact Data is transferred to external data processors (subcontractors or vendors) appropriate contractual arrangements (Including EU Commission standard contractual clauses, as applicable), as required by the applicable laws, are executed to secure lawful and appropriate processing of Contact Data. Contact Data can be transferred to following countries for processing: o Finland o Poland |
| Security Principles of Data File: | Contact Data is protected by technical and organizational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of Contact Data. Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained. Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Access to Contact Data is available only in the internal networks of Promeco Group. Personnel processing Contact Data as part of their tasks is trained and properly instructed in data protection and data security matters. |
| Right to Object Data Processing: | In accordance with the law the data subject has at any time the right to: 1. Object the processing of Contact Data for the purposes of direct marketing, market research and opinion polls; and 2. On grounds relating to his or her particular situation, object the processing of his/her Contact Data when lawfulness of processing is based on legitimate interest of the data controllers. In order to use these rights, the data subject shall contact the below mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law. |
| Other Rights of Data Subject: | In accordance with the law the data subject has at any time the right to: 1. Access the Contact Data on him/her and at request, receive a copy of the Contact Data and related supplementary information concerning Contact Data processing as required by the law; 2. Request, provided that the purposes of data processing allow: a. Inaccurate Contact Data to be rectified; b. Incomplete Contact Data to be supplemented; and c. Outdated or obsolete Contact Data to be erased. 3. Be forgotten by us, if: a. Contact Data are no longer necessary in relation to the purposes of data processing; b. The data subject has objected to the data processing pursuant to reason explained above in point 2 of the section “Right to Object Data Processing” and there are no overriding legitimate grounds for the data processing; c. The data subject has objected to the data processing pursuant to reason explained above in point 1 of the section “Right to Object Data Processing”; or d. The Contact Data have been unlawfully processed by us; 4. Restrict the processing of the Contact Data on him/her if: a. Data subject contests the accuracy of the Contact Data; b. The processing is unlawful and the data subject opposes the erasure of the Contact Data and requests the restriction instead; c. The data controllers no longer need the Contact Data for the purposes of uses, but Contact Data are required by the data subject for the establishment, exercise or defense of legal claims; or d. Data subject has objected to processing pursuant to reason explained above in point 2 of the section “Right to Object Data Processing” and pending the verification whether the legitimate interests of the data controller override those of the data subject; 5. Receive the Contact Data concerning him or her, which he or she has provided to data controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to other data controller when the processing is necessary for performance of a contract where the data subject is involved; or 6. Lodge a complaint with a supervisory authority (Finnish Data Protection Ombudsman); In order to use these rights, the data subject shall contact the below mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law. |
| Retention Period of Contact Data: | Generally, to the extent permitted by applicable laws and regulations, data controllers retain Contact Data at most ten (10) years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers’ obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations. |
| Provision of Contact Data: | It is not statutory for the data subject to provide the Contact Data but certain Contact Data is required to execute or enter into a business activity (such as business contract) with Promeco Group. Lack of or failure to provide Contact Data prevents or may prevent the business activity (such as business contract) as the case may be. |
| Data Controllers: | Promeco Group Oy (FI21752500) Address: Mettälänkatu 91, (P.O.Box 116), 38700 Kankaanpää, Finland Telephone: +358 (0) 207 595 2002.Promeco Oy (FI18640129) Address: Mettälänkatu 91, (P.O.Box 116), 38700 Kankaanpää, Finland Telephone: +358 (0) 207 595 2003. VM-Group Oy (FI07851860) Address: Dynamotie 4 S (P.O.Box 227), 65320 Vaasa Telephone +358 (0) 207 681 500 |
| Contact Email Address in Matters Related to Data File: | data.protection@promeco.fi |
EU GDPR Compliant version
Effective Date: 3 May 2018
Data Controllers:
- Promeco Group Oy (FI21752500)
Address: Mettälänkatu 91, (P.O.Box 116), 38700 Kankaanpää, Finland
Telephone: +358 (0) 207 595 200 - Promeco Oy (FI18640129)
Address: Mettälänkatu 91, (P.O.Box 116), 38700 Kankaanpää, Finland
Telephone: +358 (0) 207 595 200 - VM-Group Oy (FI07851860)
Address: Dynamotie 4 S (P.O.Box 227), 65320 Vaasa
Telephone +358 (0) 207 681 500
Contact Email Address in Matters Related to Data File:
data.protection@promeco.fi
Mailing address and telephone number as above.
Data File Name:
Promeco Vendor Contact Data Protection Description (PRO1-1021027536-18)
Legal Basis for the Processing and Purposes of Use of the Personal Data:
Processing of personal data (“Contact Data”) is generally based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and legitimate business according to applicable legislation.
Secondarily, for certain data subjects, the processing of Contact Data is based on direct or indirect contractual relationship between data subjects and data controllers.
Purposes of use:
1) Business development and reporting;
2) Quality management;
3) Research and development of Promeco Group (Promeco Oy and its affiliated companies) IT infrastructure;
4) Purchasing activities;
5) Inventory management and activities;
6) Manufacturing of products;
7) Delivery of products;
8) Vendor and subcontractor management (incl. access to Promeco Group digital channels and as appropriate to Promeco Group IT systems and products);
9) Invoicing, taxation and related financial transactions; and
10) Ensuring the integrity of Promeco Group business environment and processes (incl. eventual non-continuous system monitoring for the prevention or inspection of misuse as the case may require).
Data Subjects
Any natural persons representing vendor companies of Promeco Group.
Data Content
First name;
Last name;
Salutation;
Title;
Company (employer);
Job role;
Street Address;
Postal Code;
City;
State;
Country;
Contact Method;
Telephone number;
Mobile phone number;
Telephone extension;
Fax number;
Email address;
Miscellaneous business information (free text field);
Personal identification number (for some vendors only and only in certain countries: Spain, Portugal and U.S.)
Indicator of access to Promeco Group digital platforms;
Last data processing activity (time stamp);
Cookie consent;
Data request date (if any);
Regular Sources of Data:
Vendor contact persons themselves, other persons representing the vendor companies of the Promeco Group, employees and other persons working for or representing Promeco Group.
Regular Disclosures of Data and Transfer of Data to Countries Outside EU and/or EEA:
Contact Data are not disclosed (to another controller for independent use unless required by the law such as to authorities) regularly except within companies of Promeco Group and even then at all times in accordance with applicable laws.
Contact Data are transferred outside EU and/or EEA (incl. Switzerland) only as allowed by and in accordance with applicable laws. In case of absence of EU Commission adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision C(2010)593) are used as appropriate or suitable safeguards for these data transfers. Copies of the standard contractual clauses will be available through the contact details mentioned above. Furthermore, if EU Commission adequacy decisions are applicable we may rely on them.
If Contact Data is transferred to external data processors (subcontractors or vendors), appropriate contractual arrangements (including EU Commission standard contractual clauses, as applicable), as required by the applicable laws, are executed to secure lawful and appropriate processing of personal data.
Contact Data can be transferred to following countries for processing:
o Finland
o Poland
Security Principles of Data File:
Contact Data is protected by technical and organisational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of Contact Data.
Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.
Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Access to personal data is available only in the internal networks of Promeco Group. Personnel processing personal data as part of their tasks is trained and properly instructed in data protection and data security matters.
Right to Object Data Processing:
In accordance with the law the data subject has at any time the right to:
Object the processing of Contact Data for the purposes of direct marketing, market research and opinion polls; and
On grounds relating to his or her particular situation, object the processing of his/her Contact Data when lawfulness of processing is based on legitimate interest of the data controllers.
In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law.
Other Rights of Data Subject:
In accordance with the law the data subject has at any time the right to:
- Access the Contact Data on him/her and at request, receive a copy of the Contact Data and related supplementary information concerning Contact Data processing as required by the law;
- Request, provided that the purposes of data processing allow
a) Inaccurate Contact Data to be rectified;
b) Incomplete Contact Data to be supplemented; and
c) Outdated or obsolete Contact Data to be erased. - Be forgotten by us, if:
a) Contact Data are no longer necessary in relation to the purposes of data processing;
b) The data subject has objected to the data processing pursuant to reason explained above in point 2 of the section “Right to Object Data Processing” and there are no overriding legitimate grounds for the data processing;
c) The data subject has objected to the data processing pursuant to reason explained above in point 1 of the section “Right to Object Data Processing”; or
d) The Contact Data have been unlawfully processed by us; - Restrict the processing of the Contact Data on him/her if:
a) Data subject contests the accuracy of the Contact Data;
b)The processing is unlawful and the data subject opposes the erasure of the Contact Data and requests the restriction instead;
c) The data controllers no longer need the Contact Data for the purposes of uses, but Contact Data are required by the data subject for the establishment, exercise or defense of legal claims; or
d) Data subject has objected to processing pursuant to reason explained above in point 2 of the section “Right to Object Data Processing” and pending the verification whether the legitimate interests of the data controller override those of the data subject; - Receive the Contact Data concerning him or her, which he or she has provided to data controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to other data controller when the processing is necessary for performance of a contract where the data subject is involved; or
- Lodge a complaint with a supervisory authority (Finnish Data Protection Ombudsman);
In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law.
Retention Period of the Contact Data:
Generally, to the extent permitted by applicable laws and regulations, data controllers retain Contact Data at most ten (10) years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers’ obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.
Provision of Contact Data:
It is not statutory for the data subject to provide the Contact Data but certain Contact Data is required to execute or enter into a business activity (such as business contract) with Promeco Group. Lack of or failure to provide Contact Data prevents or may prevent the business activity (such as business contract) as the case may be.
Register STATEMENT for the RECRUITMENT database in accordance with Data Protection Act (523/99) 10
1. Holder of register
Promeco Group Oy (FI21752500)
Mettälänkatu 91
FI-38700 Kankaanpää
Finland
E-mail: firstname.lastname@promeco.fi
2. Organisation in charge of data on register
Promeco Group Oy
E-mail: data.protection@promeco.fi
3. Data file name
Promeco Group Oy’s Recruitment database.
4. Purpose of processing personal data
Data on the Recruitment database will be used in register holder’s own recruiting, processing of job applications and selection of employees.
The job applicants agree to provide the register holder’s Recruitment database with their personal data. (Data Protection Act, 8§.)
5. Data source of the register
Data is provided by applicant her/himself.
6. Data content of the register
Data processed onto the register is saved from the job application form. Details provided by the applicant about her/himself on the job application are recorded on the register.
7. Access to the register
The data given by the applicant is used and processed by the employees in Promeco Group Oy and its subsidiaries that are involved in the recruitment process and by authorized third parties assisting in the recruitment processes such as recruitment and IT service providers.
8. Retention of data
The data in the job application will be kept on file for twelve (12) months from the date of submission of the job application.
9. Statutory release of data, including transfer of data outside the EU or EEC
The recruitment database operates in the service provider’s external database, and recorded data is restricted to use solely by the register holder.
Promeco Group Oy has operations in Finland and Poland and therefore data can be processed in both countries.
Promeco Group Oy does not disclose the personal data of the applicant outside the EU or EEC.
10. Principles of register security
The register holder’s employees using the Recruitment database are identified by their username and password and / or network authentication. Access rights are granted to employees of Promeco Group Oy who need the data in their recruitment tasks. Access may also be granted to employees of external service providers associated with the recruitment process.
The Recruitment data base service provider (Sympa Ltd) is responsible for privacy policy and technical protection of data recorded in the data base.
11. Additional information
Promeco Group Oy shall not be liable for any damages incurred by the applicant arising from the electronic data transfer of personal data (including errors, delays or failure in data transfer).
12. Applicants approval
☐ I agree to this Register description and confirm that the information I have provided does not contain incorrect, inaccurate, incomplete or misleading information. I also agree that, according to existing legislation and within the framework permitted by law, Promeco Group Oy may take steps to verify the data I have provided during the recruitment process. Data can be verified from my previous employer, school, and other actors.
Register description for the RECRUITMENT DATA BASE in accordance with Data Protection Act (523/99) 10 §
1. Holder of register
Promeco Group Oy (FI21752500)
Mettälänkatu 91
FI-38700 Kankaanpää
Finland
firstname.familyname@promeco.fi
2. Organisation in charge of data on register
Promeco Group Oy
E-mail: data.protection@promeco.fi
3. Data file name
Promeco Group Oy’s Recruitment database
4. Purpose of processing personal data
Data on the Recruitment database will be used in register holder’s own recruiting, processing of job applications and hiring employees.
The applicants agree to provide the register holder’s Recruitment database with their data. (Data Protection Act, 8§.).
5. Data source
Data is provided by applicant her/himself.
6. Data content of the register
Data processed onto the register is saved from the job application form. Details provided by the applicant about her/himself on the job application are recorded on the register.
The applicant’s identification data to be collected is:
- first name
- last name
- nickname
- applicants e-mail address
- applicants phone number
- applicant’s wish for the form of employment
- date when the applicant can start the employment relationship
- job that is applied for
- preferred city of working
- previous work experience in Promeco
- Previous working history
- photo
- job application (attachment)
- CV (attachment)
- degrees and studies
- other education
- referees
- salary request
- where did you hear about the open position -question
7. Access to the register
The data given by the applicant is used and processed by the employees in Promeco Group Oy and its subsidiaries that are involved in the recruitment process and by authorized third parties assisting in the recruitment processes such as recruitment and IT service providers.
8. Data retention
An application will be kept on file for twelve (12) months from the date of application.
9. Statutory release of data, including transfer of data outside the EU or EEC
The recruitment database operates in the service provider’s external database, and recorded data is restricted to use solely by the register holder.
- Promeco Group Oy has operations in Finland and Poland and therefore data can be processed in both countries.
- Promeco Group Oy does not disclose the personal data of the job applicant outside the EU or EEC.
10. Principles of register security
The register holder’s employees using the Recruitment database are identified by their username and password and / or network authentication. Access rights are granted to employees of Promeco Group Oy who need the data in their recruitment tasks. Access may also be granted to employees of external service providers associated with the recruitment process.
The Recruitment data base service provider (Sympa Ltd) is responsible for privacy policy and technical protection of data recorded in the data base.
11. The right for data inspection
The registered applicant in the Recruitment database has the right to inspect his/her personal data in the database. The applicant will submit a written request with signature for data verification to the holder of the register (Promeco Group Oy).
12. Applicants right to demand correction of data
The registered applicant in the recruitment database has the right to request correction of the data in the register if the data is incorrect, imprecise, defective or outdated. The applicant will submit a written request with signature to the holder of the register (Promeco Group Oy). The register holder will correct the data without undue delay.
13. Additional information
Promeco Group Oy shall not be liable for any damages incurred by the applicant arising from the electronic data transfer of personal data (including errors, delays or failure in data transfer).
It is the applicant’s responsibility that the data provided does not contain false, inaccurate, incomplete or misleading information.
Promeco Group Oy may, according to existing legislation and within the framework permitted by law, take steps to verify that the data given during the recruitment process is correct. The data can be verified from the applicant’s previous employer, educational institution and other actors.
14. Applicants approval
By accepting this Register description, the applicant confirms that the information he/she has provided does not contain incorrect, inaccurate, incomplete or misleading information. The applicant also agrees that Promeco Group Oy may, according to existing legislation and within the framework permitted by law, take steps to verify the data the applicant has provided during the recruitment process. Data can be verified from the applicant’s previous employer, school, and other actors.