top of page

PRIVACY STATEMENT
Emill Solutions Oy

Marketing, business partner and customer contacts for software deliveries

Personnel and job seekers

1 Introduction

This Privacy Statement describes the principles according to which Emill Solutions Oy (hereinafter also "Emill" or "we"), as the data controller, collects and processes personal data concerning personnel, job seekers, and marketing, customer and business partner contacts of software supplies. Personal information is any information related to an identified or identifiable person, such as a name, email address or photograph.

2. Controller and contact information

Emill Solutions Oy

Social security number: 3388478-9

Rokalintie 10, 21660 Nauvo

Phone: +358 400 412 158

Email: info@emill.fi

Internet: www.emill.fi

If you have questions or requests regarding data protection matters, or if you want to use the rights you have as a registered user regarding your personal data, you can contact us using the contact information above.

3. Emill as a personal data processor

In relation to software deliveries, Emill itself may act not only as a data controller, but also as a personal data processor for organizational customers who are data controllers, with which Emill has a contractual relationship. Emill acts as a personal data processor, for example, when Emill has access rights to the information system it provides to the customer. The purposes and principles of personal data processing are determined in these situations in accordance with the data protection principles of each data controller, and Emill may not process the data for any purposes other than for the benefit of the data controller in question and in accordance with the instructions.

4. What personal data do we process, for what purpose and what is the legal basis for the processing according to the law

4. Mitä henkilötietoja käsittelemme

We collect, store and process personal data only for predefined purposes and only on legal grounds. We process personal data mainly for the following purposes and on the following grounds:

4.1 Customers and business partners

Screenshot 2024-3-4 at 8.35.05.png

4.2 Marketing

marketing.png

4.3 Employees

Screenshot 2024-3-4 at 8.39.16.png

4.4 Recruitment and job seekers

4.4 Recruitment and job seekers.png

4.5 Legal bases and purposes

4.5 Legal bases and purposes.png

5. From which sources has the personal information been obtained

We receive personal data related to our customers mainly from the customer himself. We may occasionally buy or rent marketing registers for direct marketing purposes from companies that offer these. During the customer relationship, information is also created and collected, but this mainly concerns the company, not individuals.

Regarding personnel, we receive personal data mainly from the person himself. We may also process personnel information that is otherwise generated during the employment relationship. We receive personal data related to job applicants from the person himself or with his consent from others.

6. To whom personal data is shared

As a general rule, your personal data is processed by the personnel of our company when performing their duties. However, we may share personal data with others, especially in the following situations:

  1. Our own service providers. We may use external service providers and outsource some processing of personal data. We use subcontractors for e.g. website maintenance, cloud storage services, financial administration, new customer acquisition, implementation of feedback surveys and e-mail marketing. We may also use other service providers. The service providers we use may not use personal data for any of their own purposes, but only for our benefit. We always make sure, for example through contracts, that the confidentiality of your data is maintained and that the data is also otherwise processed in accordance with the law. What data our service providers process at any given time is closely related to the task and purpose for which we use the service provider;

  2. Official and other legal reasons. We may also disclose information when required by law, a court or a competent authority, to respond to a legal claim or to prepare one;

  3. Corporate and business arrangements. We may also disclose information if we were involved in a business transaction or other business or business arrangement; and

  4. Consent of the registrant. We may also disclose information if the person has given their consent to the disclosure of information.

7. International transfers of personal data

Personal data is mainly processed only within the EU and EEA. However, if personal data were to be transferred outside the EU to a country that is not included in the EU Commission's decision on an adequate level of data protection due to mainly technical reasons, we will make sure that the processing, transfer and storage of your data is carried out on the grounds required by law and with adequate protection mechanisms, such as using the EU's standard contract clauses confirmed by the Commission. The standard contract clauses can be found here (part of the text is in English): https://ec.europa.eu/info/law/law-topic/data-protection_fi . The standard contract clauses have different modules for different situations, most likely we would apply module 2 (controller-processor) or 3 (processor-sub-processor), depending on the case.

8. Personal data retention period

We do not store personal data longer than is necessary for their purpose of use or as required by contract or law. Personal data can also be deleted in a situation where the data subject withdraws his consent or requests the deletion of his data (and there is no other legal basis for the processing). Data retention periods are also governed by legislation (e.g. accounting act, tax act) and the expiration dates of deadlines related to presenting legal claims (e.g. statute of limitations for filing a lawsuit).

The required storage time can vary, but typically it means a few years. The information needed to defend against legal claims may have to be stored for up to 10 years. Accounting documents are typically kept for 6-10 years. We maintain a minimum data register of the data subject's requests in accordance with data protection legislation (e.g. the data subject's request to delete data), so that we can show afterwards that we have implemented the data subject's requests appropriately.

We store online behavior data collected with cookies and other similar technologies as described in the cookie statement produced by our cookie tool. The cookie statement is available on our website.

9. Your Rights

You have the following rights in relation to your personal data:

Managing your own data

As a user of our service, you may have a limited opportunity to log into the service, view your own information and make changes to it.

The right to access personal data

You have the right to receive confirmation from us as to whether we are processing personal data concerning you and to know what personal data concerning you we are processing (e.g. a copy of the data). In addition, you have the right to receive additional information about the basis of the processing of your personal data. However, the right to access personal data can be restricted based on legislation, the protection of privacy of other persons and the protection of trade secrets.

The right to correct data

You have the right to have your incomplete, incorrect or outdated personal data supplemented or corrected.

The right to delete data

You have the right to request the deletion of your personal data. Your data will be deleted if there is no longer a legal basis for processing personal data.

The right to restrict processing

You may have the right to restrict the processing of your personal data. In this case, the controller generally does not process personal data other than by storing the data. You may have this right, for example, when you dispute the accuracy of your personal data, if the processing is against the law, or if you have objected to the processing of your personal data and are waiting for a response to the request for action in question.

Right to object

If we process your personal data based on our legitimate interest, you have the right to object to such processing based on your personal reasons.

The right to transfer data from one system to another

If we have processed your data on the basis of your consent or to fulfill a contract and the processing has taken place automatically, you have the right to receive the data you have provided us electronically in a commonly used machine-readable format so that the data can be transferred to another data controller.

Withdrawal of consent

If the processing of personal data is based on consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the legality of the processing of personal data that took place before the withdrawal. The processing of your personal data is based on consent, for example when you have given permission for electronic direct marketing by subscribing to our newsletter. The processing of non-necessary cookies on our website is also based on your consent. You can manage the cookie consents you have given yourself using the cookie tool on our website.

The right to prohibit direct marketing

You always have the right to object to the processing of your personal data for direct marketing purposes and the right to withdraw any consent you may have given for marketing purposes.

10. How to exercise your rights

You can exercise your rights described above by contacting us, for example, using the contact information mentioned above. The use of your rights is basically free of charge for you. If you submit a request electronically, we will deliver the information electronically as far as possible, unless you request otherwise. If necessary, we may ask you to verify your identity or specify your request.

You can easily ban e-mail marketing, for example, by clicking the link in the header or footer of any e-mail marketing message.

You can manage cookie consents yourself using the cookie management tool on our website.

11. Complaint to the supervisory authority

If you believe that we do not process your personal data in accordance with this privacy statement or the applicable national and European Union data protection legislation, you can lodge a complaint with the supervisory authority if you wish. In Finland, the authority in question is the office of the Data Protection Commissioner (homepage: https://www.tietosuoja.fi ).

12. Security

Personal data in electronic form is properly and carefully stored on servers that are protected by firewalls, passwords and other technical means in accordance with the general practices of the industry. The servers and their backups are located in locked rooms. Any written documents and materials containing personal data of registered persons are kept in locked rooms so that unauthorized persons are prevented from accessing them. Our premises are also locked and well protected. The personal data we collect and process are confidential, and we do not disclose it to anyone other than those who need the information in their work or, in accordance with this privacy statement, to our partners or other recipients.

13. Cookies

We use cookies on our website so that we can offer the best possible user experience to the website visitor. Cookies are short text files that the web server stores on the user's terminal device. Cookies give us information about how users use our website. We may use cookies to develop our services and website, to analyze website usage, and to target and optimize marketing. Non-necessary cookies are processed only with the consent of the website visitor. Consent is given, it is revocable and it is managed using the cookie tool on our website, which opens to the visitor from the cookie banner on the side of the site. The cookie banner and the separate cookie statement on our site provide more detailed information about the cookies on our site.

14. Obligation to provide personal information and the consequences of not providing it

In the case of legal entities, the processing of certain personal data of customers is mandatory, for example for the conclusion and execution of contracts and for invoicing purposes.

When you are an employee, we need to process certain personal data to fulfill contracts and legal rights and obligations related to the employment relationship.

Providing information is not mandatory in recruitment situations. However, if you do not provide the necessary information, we may not be able to process your application.

As far as possible, we try to tell you which information is mandatory and which information you can provide if you wish, in this privacy statement and when you do business with us.

15. Automatic decision-making and profiling

We do not make automatic decision-making, such as profiling, based on personal data.

16. Changes

We may make updates to this privacy statement as our operations, services, privacy principles or applicable legislation change. Unless otherwise stated, changes will take effect when we have posted an updated privacy statement on our website. When we make material changes, we will announce the date of the changes in advance on our website or in another way we deem appropriate.

bottom of page