The Privacy Notice

1    Controller and contact information

Sitowise Oy
Linnoitustie 6, 02600 Espoo, Finland
tietosuoja@sitowise.com

2    Purposes of processing personal data

The controller, Sitowise Oy, processes personal data in compliance with the applicable data protection legislation, including the EU General Data Protection Regulation (2016/679) and the Data Protection Act (1050/2018).

The purposes of processing personal data are:

  • fulfilling the rights and obligations of the customer and the controller
  • processing the personal data of stakeholders (suppliers, other partners in cooperation)
  • processing personal data for purposes related to the products and services of the controller, such as developing, offering and implementing products and services.

3    Legal basis for processing personal data

Depending on the purposes of the processing of personal data, the legal bases for processing personal data are the statutory obligations of the controller, agreement, consent and the legitimate interest of the controller.

The processing of personal data is based on the legitimate interest of the controller when there is a relevant relationship between the data subject and controller. Such a relevant relationship may be established, for example, when the data subject has contacted the controller on his/her own initiative, or when the controller processes the data subject’s personal data in connection with business or cooperation between the data subject’s employer and the controller, for example.

4    Categories of personal data

The register contains data on the following persons:

  • The customers of the controller and the representatives and contact persons of customers
  • Representatives and contact persons of the controller’s subcontractors and suppliers
  • Project stakeholder groups

The following data necessary for each of the abovementioned purposes is processed on the data subject:

  • Name
  • Email address
  • Telephone number
  • Party represented
  • Additional data provided by the data subject

5    Regular sources of data

As a rule, personal data has been obtained from the following sources:

  • Directly from the data subject to manage the customer relationship
  • Directly from the data subject as part of another cooperation relationship
  • From public/publicly available sources (such as the Internet and the Trade Register)

6    Recipients of personal data

In principle, the controller will not disclose the personal data of data subjects to third parties (excluding the project client) unless legally required to do so by the authorities or if mandatory legislation so requires. In addition, in the technical implementation of its services, the controller uses reliable service providers that process personal data on behalf of the controller.
In principle, personal data is not transferred outside the European Union or the European Economic Area.  Any transfers of personal data are always carried out in compliance with applicable data protection legislation.

7    Retention of the personal data

The controller shall process and store personal data only for as long as is necessary for the predetermined purpose of the personal data. Personal data that has become redundant and which the controller no longer has the grounds to store or process will be erased at regular intervals in accordance with the controller’s own data protection practices. 

8    Rights of the data subject

The data subject has the following rights, applicable on a case-by-case basis:

Right Discription
Right of access to personal data The data subject has the right to obtain confirmation from the controller on whether personal data concerning him/her is being processed or not.  If personal data is processed, the person has the right to access it.
Right to request rectification, erasure or restriction of processing of personal data The data subject has the right to request the controller to rectify erroneous data on him/her as well as to request the controller to erase certain data on him/her or request that processing be restricted on the grounds provided by law.
Right to object The data subject has the right to object to the processing of his/her personal data relating to his/her particular situation when the controller processes personal data on the basis of a legitimate interest.
Right to lodge a complaint with a supervisory authority In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact information and instructions are available at www.tietosuoja.fi/en.

Exercise of rights

You may exercise your rights as a data subject, as detailed above, by contacting the controller by email: tietosuoja@sitowise.com. We will seek to answer you as soon as possible. If necessary, we will provide additional instructions or ask additional questions regarding your request.

Please note that before implementing the request, we have the right and obligation to verify your identity. This means that we must be able to adequately identify you.

If your request is clearly unfounded or unreasonable, we may either charge a reasonable fee based on administrative costs for the implementation of the request or refuse to carry out the requested action.

9 Processing personal data and profiling

The controller does not use automatic decision-making, such as automated profiling, as part of the processing of personal data.

10 General description of the relevant technical and organisational security measures of the controller

A limited group of persons has been granted access to the personal data registers. The controller has issued instructions to its employees on the processing of personal data and data protection.

The information security of IT systems has been appropriately ensured using a variety of techniques. The controller’s data network and the hardware on which the register resides have been protected with a firewall and other technical measures. Materials containing personal data are disposed of in a secure manner. The controller checks its personal data processing functions and the systems and hardware used for these purposes at regular intervals, and assesses the risks to personal data processing when deploying new technology, for instance.

11 Further information

If you have any questions regarding the processing of personal data by the controller, please contact us via the means set out at the beginning of this Privacy Notice.

The Privacy Notice was last updated on 20 November 2020.