PRIVACY POLICY

1. DATA CONTROLLER AND CONTACT INFORMATION
Flowplus Oy
Etu-Hankkion katu 20, 33700 Tampere
info@flowplus.fi

 

2. GENERAL INFORMATION
This Privacy Policy explains how Flowplus Oy (hereinafter referred to as the “Data Controller”) processes the personal data of its customers, potential customers or their contact persons, job applicants, and visitors to its website.

 

3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
The purposes of processing personal data include:

Personal data is not used for automated decision-making or profiling.

The legal bases for processing personal data under the EU General Data Protection Regulation (GDPR) are:

 

4. CATEGORIES OF PERSONAL DATA PROCESSED

Providing personal data is not a statutory or contractual requirement. However, providing certain personal data is necessary for establishing and fulfilling contracts between the Data Controller and the data subject or their represented organization or for progressing in the recruitment process.

 

5. REGULAR SOURCES OF DATA
Personal data is primarily obtained from the data subject themselves or their represented organization, for instance, when placing orders or submitting job applications. Data may also be collected from publicly available sources such as organizational websites, as well as from trade fairs and similar events. Additionally, cookies used on the Data Controller’s website collect personal data.

 

6. DISCLOSURE OF PERSONAL DATA
The Data Controller may disclose personal data to external service providers (data processors) who process data on behalf of and as instructed by the Data Controller. Such processors include, for example, software service providers and accountants. The Data Controller requires these data processors to comply with data protection legislation and take appropriate measures to protect personal data. Data processors are not authorized to use the personal data for their own purposes.

 

7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
Personal data is not routinely transferred outside the European Union (EU) or the European Economic Area (EEA).

If some of the Data Controller’s data processors or their sub-processors are located outside the EU/EEA, the Data Controller ensures the level of data protection by verifying that the European Commission has issued an adequacy decision for the destination country, or by requiring the data processor to agree to the European Commission’s standard contractual clauses as part of the agreement between the Data Controller and the data processor.

 

8. DATA RETENTION PERIODS
The Data Controller retains personal data only as long as necessary for the purposes described in this Privacy Policy and to comply with statutory obligations:

 

9. DATA SUBJECTS’ RIGHTS
Registered individuals can exercise the rights described in this section by contacting the Data Controller using the contact information provided in Section 1.

The Data Controller will, as a general rule, inform the data subject of the actions taken in response to their request within one month of receiving the request. The data subject will also be informed if the Data Controller, for some reason, does not intend to fulfill the request.

Exercising these rights is generally free of charge.

To fulfill the data subject’s rights, the Data Controller may need to request additional information from the subject to sufficiently verify their identity.

9.1 Right of Access to Personal Data

The data subject can request information from the Data Controller about whether their personal data is being processed. They can also request access to the personal data collected about them.

9.2 Right to Rectification

The data subject can request the Data Controller to correct or complete their personal data if it is inaccurate, incorrect, or incomplete.

9.3 Right to Erasure

The data subject can request the Data Controller to erase their personal data, for example, if the data is no longer necessary for the purposes for which it was collected.

The Data Controller may not be able to delete personal data in all situations if retaining the data is a legal obligation or if there is another lawful basis for its retention.

9.4 Right to Restrict Processing

The data subject can request the restriction of their personal data processing in certain situations defined by data protection laws. For instance, this applies if the data subject disputes the accuracy of their personal data, in which case processing is restricted while the Data Controller verifies its accuracy.

9.5 Right to Object

The data subject can object to the processing of their personal data if the processing is based on the Data Controller’s legitimate interests. In such cases, the Data Controller may no longer process the data unless they can demonstrate compelling and justified grounds for processing that override the individual’s rights.

9.6 Right to Withdraw Consent

If the processing of personal data is based on consent, the data subject can withdraw their consent at any time. If the consent concerns the use of cookies, it can be withdrawn via the cookie banner available on the website.

9.7 Right to Data Portability

Under certain conditions defined by data protection laws, the data subject can request the Data Controller to provide them with the personal data they have provided to the Data Controller, and to transfer this data to another controller.

9.8 Right to Lodge a Complaint with a Supervisory Authority

The data subject can file a complaint with the national supervisory authority if they believe that the Data Controller is not processing their personal data appropriately or is not adequately implementing their rights. In Finland, complaints can be submitted to the national Data Protection Ombudsman via the website www.tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle.

 

10. CHANGES TO THE PRIVACY POLICY
This Privacy Policy may be updated as necessary due to changes in the Data Controller’s operations or legislation. Significant changes affecting the processing of personal data will be communicated to data subjects via email.

 

This Privacy Policy was last updated on April 9th, 2024.

CONTACT US