PRIVACY STATEMENT - Emill Solutions Oy
Marketing, business partner, and customer contacts related to software deliveries
Personnel and job applicants
1. Introduction
This privacy notice describes the principles according to which Emill Solutions Oy (hereinafter also referred to as "Emill" or "we"), as the data controller, collects and processes personal data related to personnel, job applicants, and contacts for the marketing, customers, and business partner relations of software deliveries. Personal data refers to any information related to an identified or identifiable individual, such as a name, email address, or photograph.
2. Data controller and contact information
Emill Solutions Oy
Business ID: 3388478-9
Rokalintie 10, 21660 Nauvo
Phone: +358 400 412 158
Email: info@emill.fi
Internet: www.emill.fi
If you have any questions or requests regarding data protection, or if you wish to exercise your rights as a data subject concerning your personal data, you can contact us using the contact details provided above.
3. Emill as a Processor of Personal Data
In connection with software deliveries, Emill may act not only as a data controller but also as a processor of personal data on behalf of its organizational customers, with whom Emill has a contractual relationship. Emill acts as a data processor, for example, when it has access rights to an information system it has delivered to a customer. In such cases, the purposes and principles of personal data processing are determined by the data controller's privacy policies, and Emill is not permitted to process the data for any other purposes than for the benefit of and in accordance with the instructions of the respective data controller.
4. What personal data do we process, for what purpose and what is the legal basis for the processing?
We collect, store, and process personal data only for predefined purposes and solely on lawful grounds. We primarily process personal data for the following purposes and based on the following legal bases:
4.1 Customers and Business Partners
4.2 Marketing
4.3 Employees
4.4 Recruitment and job seekers
4.5 Legal basis and purposes
5. Sources of Personal Data
We primarily receive personal data related to our customers directly from the customer. Occasionally, we may purchase or rent marketing registers for direct marketing purposes from companies that provide such services. During the customer relationship, additional information may also be generated and collected, but this mainly concerns the company, not individuals.
With regard to personnel, we primarily receive personal data directly from the individual. We may also process information related to personnel that is otherwise generated during the course of employment. For job applicants, we receive personal data either directly from the applicant or, with their consent, from third parties.
6. Disclosure of Personal Data
As a rule, your personal data is processed by individuals within our organization as part of their duties. However, we may share personal data with others in particular situations, including:
-
Our service providers. We may use external service providers and outsource certain personal data processing activities. Subcontractors may be used, for example, for website maintenance, cloud storage services, financial administration, customer acquisition, feedback surveys, and email marketing. Other service providers may also be used. These service providers are not permitted to use personal data for their own purposes but only on our behalf. We always ensure, for example through contracts, that your data remains confidential and is processed in accordance with the law. The specific personal data processed by each service provider depends on the service and purpose for which the provider is used.
-
Authorities and other legal obligations. We may disclose data if required by law, a court order, or a competent authority, or for the purpose of responding to or preparing for a legal claim.
-
Corporate and business transactions. We may also disclose data if we are involved in a corporate or business transaction or other business or company restructuring.
Consent of the data subject. We may also disclose data if the individual has given their consent for the disclosure.
7. International transfers of personal data
Personal data is primarily processed only within the EU and EEA. However, if personal data is transferred—mainly for technical reasons—outside the EU to a country that is not subject to an adequacy decision by the European Commission, we ensure that the processing, transfer, and storage of your data is carried out on lawful grounds and with adequate safeguards. These include the use of the European Commission’s Standard Contractual Clauses (SCCs).
You can review the Standard Contractual Clauses here (some content is in English):
https://ec.europa.eu/info/law/law-topic/data-protection_fi
The SCCs include different modules for different scenarios. We would most likely apply either Module 2 (controller-to-processor) or Module 3 (processor-to-sub-processor), depending on the specific case.
8. Retention period of personal data
We do not retain personal data longer than necessary for its intended purpose, or as required by contract or law. Personal data may also be deleted if the data subject withdraws their consent or requests deletion of their data (provided there is no other legal basis for processing). Retention periods are also guided by legislation (e.g., the Accounting Act, Tax Act) and legal limitation periods related to the filing of legal claims (e.g., statute of limitations).
The necessary retention period may vary, but typically it means a few years. Data needed for defending against legal claims may need to be retained for up to 10 years. Accounting documents are typically retained for 6 to 10 years. We maintain a minimum data register for requests made by data subjects under data protection legislation (e.g., a request to delete data) so that we can later demonstrate that we have properly fulfilled such requests.
We retain web behavior data collected via cookies and similar technologies as specified in our cookie policy, which is available on our website.
9. Your rights
You have the following rights regarding your personal data:
Managing Your Own Data
As a user of our services, you may, to a limited extent, have the ability to log in to the service, view your personal data, and make changes to it.
Right of Access to Personal Data
You have the right to obtain confirmation from us as to whether we are processing your personal data, and to access the personal data we process about you (e.g., a copy of the data). You also have the right to receive additional information about the legal basis of the processing of your personal data. However, the right to access may be restricted on the grounds of legislation, the protection of other individuals’ privacy, or trade secrets.
Right to Rectification
You have the right to have incomplete, incorrect, or outdated personal data completed or corrected.
Right to Erasure
You have the right to request the deletion of your personal data. Your data will be deleted if there is no longer a legal basis for processing the personal data.
Right to Restrict Processing
You may have the right to restrict the processing of your personal data. In such cases, the data controller will generally only store the data without otherwise processing it. This right may apply, for example, if you contest the accuracy of your personal data, if the processing is unlawful, or if you have objected to the processing and are awaiting a response to that request.
Right to Object
If we process your personal data based on our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation.
Right to Data Portability
If we process your data based on your consent or for the performance of a contract, and the processing is carried out by automated means, you have the right to receive the data you have provided to us in a commonly used, machine-readable format, so that the data can be transferred to another data controller.
Right to Withdraw Consent
If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. For example, processing your personal data based on consent includes when you have agreed to receive electronic direct marketing by subscribing to our newsletter. The use of non-essential cookies on our website is also based on your consent. You can manage your cookie consents at any time using our website’s cookie management tool.
Right to Object to Direct Marketing
You always have the right to object to the processing of your personal data for direct marketing purposes and to withdraw any consent you may have given for such marketing.
10. How You Can Exercise Your Rights
You can exercise the rights described above by contacting us, for example, using the contact details provided earlier. Exercising your rights is generally free of charge. If you submit your request electronically, we will provide the information electronically where possible, unless you request otherwise. If necessary, we may ask you to verify your identity or clarify your request.
You can easily unsubscribe from email marketing, for example, by clicking the link in the header or footer of any marketing email message.
You can manage your cookie consents using the cookie management tool on our website.
11. Complaint to the Supervisory Authority
If you believe that we are not processing your personal data in accordance with this privacy notice or applicable national and European Union data protection legislation, you have the right to file a complaint with a supervisory authority. In Finland, the relevant authority is the Office of the Data Protection Ombudsman (website: https://www.tietosuoja.fi).
12. Turvallisuus
Personal data in electronic form is stored appropriately and carefully on servers that are protected with firewalls, passwords, and other technical measures in accordance with industry best practices. The servers and their backups are located in locked facilities. Any physical documents and materials containing personal data are stored in locked premises to prevent unauthorized access. Our office facilities are also locked and well secured.
We treat all personal data we collect and process as confidential and do not disclose it to anyone other than tho
13. Cookies
We use cookies on our website to provide the best possible user experience for visitors. Cookies are small text files that a web server stores on a user's device. Cookies provide us with information about how users interact with our website. We may use cookies to improve our services and website, analyze website usage, and to target and optimize marketing efforts.
Non-essential cookies are processed only with the consent of the website visitor. Consent is given, can be withdrawn, and is managed via the cookie tool on our website, which is accessible through the cookie banner that appears at the edge of the site. The cookie banner and a separate cookie policy available on our website provide more detailed information about the cookies we use.
14. Obligation to Provide Personal Data and Consequences of Not Providing It
For legal entities, the processing of certain personal data of customers is mandatory, for example, for the conclusion and performance of contracts and for invoicing purposes.
If you are an employee, we must process certain personal data to fulfill employment contracts and related legal rights and obligations.
In recruitment situations, providing data is not mandatory. However, if you do not provide the necessary information, we may not be able to process your application.
Whenever possible, we aim to indicate in this privacy notice and during our interactions with you which data is mandatory and which information you may provide voluntarily.
15. Automated Decision-Making and Profiling
We do not make decisions based on automated processing of personal data, such as profiling.
16. Changes
We may update this privacy notice due to changes in our operations, services, data protection practices, or applicable legislation. Unless otherwise stated, changes will take effect once we publish the updated privacy notice on our website. When we make significant changes, we will announce the date of the changes in advance on our website or by other means we consider appropriate.
