Data Controller
SprintIT Finland Oy (Business ID: 3001049-6)
https://www.sprintit.fi
https://www.people.sprintit.fi
Atomitie 5, 00370 Helsinki, Finland
Contact Person
Registers
SprintIT Finland Oy Client and Supplier Register
SprintIT Finland Oy Recruitment System
SprintIT Finland Oy Employee Register
Principles for the Protection of the Register
SprintIT Finland Oy protects the information in the register to the best of its ability.
If SprintIT Finland Oy suspects a data breach, SprintIT Finland Oy will immediately notify the clients to whom it has been directed and will later indicate what measures have been taken in connection with the matter. SprintIT Finland Oy has produced guidelines for data breaches in Finnish (”Yrityksen_toimintasuunnitelma_tietoturvaloukkauksen_varalta.docx).
SprintIT Finland Oy strives to keep this privacy statement up to date.
Data Retention
The information in the Client and Supplier Register is kept for at least six years after the termination of the client relationship in accordance with the Accounting Act.
Recruitment System information is retained during recruitment.
Purpose of the Registers
The purpose of the Client and Supplier Register is to collect and store information about SprintIT Finland Oy's clients only for the purpose of managing client relationships, ordering and providing services, providing information, and invoicing and accounting. SprintIT Finland Oy may use the information in the client register in marketing communications. The client can refuse to receive messages.
The purpose of the Recruitment System is to collect information from the job seeker that is essential for recruitment. A job seeker may refuse to retain their information at the end of the recruitment process.
The purpose of the Employee Register is to maintain the employee's contact and salary information. Payroll accounting has been outsourced, in connection with which the Employee Data required for payroll accounting has been transferred to the domestic company that performs payroll accounting. Employee data is destroyed upon termination of employment.
The information in the registers will not be disclosed to third parties.
Register Sources
The information is collected in SprintIT Finland Oy's own operations by self-notification by both clients and jobseekers and employees when they register as users of the services. Client information may also be collected and updated for marketing purposes from other available public or private records. Data may also be collected through the use of cookies or other similar technologies.
Content of the Registers
Information of clients, suppliers and their contact persons is collected in the Client and Supplier Register:
- name
- Business ID
- email address
- phone number
- address
- billing addresses, billing, and payments
The following information on jobseekers is collected in the Recruitment System:
- name
- email address
- phone number
- job search information and files submitted by the applicant himself
The following information on employees is collected in the Employee Register:
- name
- personal security number
- tax information for payroll
- bank connection for payroll
- home address
- phone number
- email address
Data Protection
In SprintIT Finland Oy's systems and websites, data travels via secure SSL connections. The electronic client register is kept confidential in SprintIT Finland Oy's ERP system. The ERP system is in the service provider's cloud service within the EU and the service provider is certified to the ISO 27001 security standard. SprintIT Finland Oy and the cloud service provider take care of maintaining data security to the best of their ability.
Disclosure of Information
The information stored in the register is not regularly disclosed to third parties.
Rights of the Data Subject
A client in the register has the right in accordance with the Personal Data Act to
check the data stored in the register and request SprintIT Finland Oy to correct incorrect data
require the correction of incorrect information in the register
prohibit the use of personal data in direct mail and marketing communications.
Any request for inspection, request for rectification or prohibition must be sent in writing to the contact person of SprintIT Finland Oy.
Cookies
SprintIT Finland Oy uses cookies on its website, i.e. the so-called cookie function. In addition, the website uses Google Analytics, which may use its own cookies to provide the service. Cookies are necessary for the proper functioning of the website and the services provided.
We use Leadoo user tracking to track how our Users navigate our website and combine this data with user data collected through, for example, chat interactions. Leadoo uses etag tracking, which is technically different from cookie-based tracking, but which has the same laws as cookies. Check Leadoo Marketing Technologies Ltd's Privacy Policy (https://leadoo.com/privacy-policy/) to learn more about what is being tracked in the system. With GDPR in mind, we act as the controller and Leadoo data processor. If you do not want to be tracked you can clear your browser's cache. For more information on how Leadoo works, check https://leadoo.com/privacy-policy-processor/
IP Addresses
The IP addresses of users visiting SprintIT Finland Oy's website and users of the services provided by SprintIT Finland Oy are automatically stored in the system log data. The log is used for statistical purposes and for troubleshooting. Only SprintIT Finland Oy's personnel have access to the log.
Links to Other Websites
The website maintained by SprintIT Finland Oy contains links to websites maintained by third parties. SprintIT Finland Oy is not responsible for the security, content or information collected on these external pages.
The pages maintained by SprintIT Finland Oy have social media functions (eg Facebook, LinkedIn, Instagram). In addition, SprintIT organizes webinars and demos using the WebinarGeek service. These functions are governed by the registry descriptions and permissions that each function uses.
General summary of SprintIT Finland Oy's data security and personal data processing implementation
SprintIT Finland Oy supplies its clients with various systems. The data stored in the systems is always the property of the client, in which case the client is always the registrar himself. During the delivery phase and in the future, the maintenance and support service may have access to the system and thus also to the personal data stored in it.
Hosting Services
SprintIT Finland Oy also provides its clients with third-party hosting services that run the delivered systems. SprintIT Finland Oy has the security statements of these third parties and, as required, specifications for access rights to hosted systems.
SprintIT Finland Oy has accepted the statements received regarding its own operations.
Processing of Personal Data
According to the GDPR regulations, SprintIT Finland Oy acts as a processor of personal data at most, if it has one access to that information. However, SprintIT Finland Oy does not participate in the client system's personal data depositing, processing or accumulating in any way. For each client system access to personal data (personal data processor) has been authorized in writing by the client or access is separately agreed in the supply contract.
SprintIT Finland Oy also has its own personal registers that are only used by the company, such as Employee Register and Recruitment System. Only specified persons have access to these registers.
Access to Personal Data and Processors of Personal Data
SprintIT Finland Oy's personnel have limited access to the personal data of client systems on a project-by-project basis, however, affecting the entire staff. Access is only allowed from inside the EU, unless no other written agreement has been reached with the client.
Risk Assessment
The risk assessment has been performed for own systems and third parties providing hosting services.
Implementing Security
The security of personal data is properly taken care of. The security level of SprinIT Finland Oy's equipment can be viewed on the F-Secure portal and the security level is managed centrally. Computer hard drives are encrypted with “BitLocker,” “FileVault,” or similar.
The ID register used for product development and maintenance has been implemented in an encrypted manner with a system that is maintained on an ongoing basis. The system logs all requests and activities.
Action in Case of Possible Security Breach or Intrusion
The operation is described in a document intended for SprintIT Finland Oy's internal use.