JJS KONSULTTIVERKKO OY
Data Protection and Privacy Statement 2022
Drawn up: 20.11.2018
Updated: 29.4.2022

1. CONTROLLER

JJS Konsulttiverkko Oy
Business ID: 2869647-6
Address: Lönnrotinkatu 5, 00120 Helsinki

2. CONTACT PERSON MANAGING THE REGISTER

Partner: Jussi Järvinen
Email: info@konsulttiverkko.fi
Phone: +358 (0)40 772 5840

3. NAME OF THE REGISTER

JJS Konsulttiverkko Oy’s Data Protection and Privacy Statement

4. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA

The legal basis for the processing of personal data in accordance with the EU's General Data Protection Regulation (GDPR) is the legitimate interest of the controller; the creation and maintenance of existing and new customer relationships, as well as actions related to job applications and recruitment.

We may use personal data for marketing and direct marketing within the limits of applicable legislation. This may include, but is not limited to, the use and analysis of personal data to target marketing and service offerings.

For subcontractors, we collect sufficient information about our subcontractors for the purpose of offers, assignments, and invoicing. We may collect contact information for networking purposes.

Personal data related to those interested in the network and job applicants is collected and used primarily for human resources purposes, fulfilling the rights and obligations related to employment and cooperation agreements, fulfilling statutory requirements related to employment relationships, and the evaluation and selection of candidates. The purpose of processing personal data is communication with customers, partners, and subcontractors, maintaining customer and cooperation relationships, marketing and invoicing, as well as business development. The data is not used for automated decision-making.

5. DATA CONTENT OF THE REGISTER

The data stored in the register includes: person's name, position, organization, contact information (phone number, email address, organization address), website addresses, invoicing information, other information related to the customer relationship, services, or recruitment; application, CV, and reference information of a job applicant or subcontractor obtained with the applicant’s consent, as well as necessary information for paying salaries and subcontractor invoices. The data will be destroyed no later than ten (10) years after the last invoicing or contact.

6. REGULAR SOURCES OF DATA

Contact persons of our customers, potential customers, job applicants, and parties interested in us can contact us through the forms on our website, e.g., contact requests or requests for quotation.
The register records information on the customer's self-initiated contacts via email, telephone, social media services; executed agreements, customer meetings, and other situations where the customer provides their information.

We use customer registers in the following programs, whose privacy policies can be reviewed by clicking on the name:
Pipedrive, MailChimp, Leadfeeder, WordPress, Google Analytics.

7. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA

Data is not regularly disclosed to other parties.
Data is not transferred outside the EU or the EEA, except in cases where the home location of the information systems is outside the EU or the EEA. All information systems we use are committed to complying with EU data protection law.
Data may only be published or disclosed to the extent agreed upon with the customer.
Data is only disclosed to authorities, e.g., in cases of suspected crime.

8. PRINCIPLES FOR PROTECTING THE REGISTER

Care is exercised in the processing of the register, and data processed using information systems is protected appropriately. When registered data is stored on an internet server, the physical and digital data security of the hardware is appropriately managed.

The controller ensures that access rights to the stored data and servers and other information critical to the security of personal data are handled confidentially and only by those employees and partners whose job description requires it.

9. RIGHT OF ACCESS AND RIGHT TO REQUEST CORRECTION OF DATA

Every person in the register has the right to check the information stored about them and to demand the correction of any inaccurate information or the completion of incomplete information.

If a person wishes to check the information stored about them or demand its correction, the request must be made directly and personally to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller shall respond to the customer within the time stipulated in the EU Data Protection Regulation (usually within 1 month).

10. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

A person in the register has the right to request the erasure of personal data concerning them from the register (the so-called "right to be forgotten"). The data subject also has other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations.

Requests must be made directly and personally to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller shall respond to the customer within the time stipulated in the EU Data Protection Regulation (usually within 1 month).

11. COOKIES AND LOG DATA FROM VISITS

We use cookies on the website and mobile applications. A cookie is a small text file that a computer, phone, or tablet stores on the user's device. The systems we use collect the following log data from visits: IP address, browser type, time of visit, operating system, the network address used by the person, and pages visited. The visitor cannot be identified by cookies alone, and these do not harm the user's device or files.

A new user is shown a cookie message, and by accepting it, the user accepts the cookies and gains access to all sections of the online service.
If desired, the website user can instruct their browser to reject all cookies or to notify when a cookie is sent. If the user does not accept cookies, we cannot guarantee that the entire content of the site is available.

12. WEBSITE PROTECTION

We use a secure SSL connection on our pages, which is indicated by the site's URL starting with "https". This avoids unprotected connections and ensures that visitors' data does not fall into the wrong hands.

13. ADDITIONAL INFORMATION ABOUT THE PRIVACY STATEMENT

This page is updated in connection with changes; the date of the last update can be found at the top of the statement.
More information about the current data protection law can be read on the website of the Data Protection Ombudsman.