The purpose of this privacy statement is to provide the InHunt Group, which includes the following companies: InHunt Group Oy, InHunt Executive Oy, InHunt Law Oy and InHunt World Oy, (the “Company”), representatives of customers, potential customers, partners and service providers, and newsletter subscribers. , what personal data the company collects, for what purposes the personal data is used and to whom to whom the personal data may be disclosed. The data protection statement also provides information on the obligations and legislation that the company complies with in the processing of personal data.
The Company protects the privacy of data subjects and complies with all general EU data protection regulations (2016/679) (the “Data Protection Regulation”) as well as other applicable legislation and good data processing practices in all processing of personal data.
Personal data means all data relating to an identifiable or identifiable person (data subject) as defined in the Data Protection Regulation. Personal information includes, for example, name, date of birth and username.
The privacy statement applies to all representatives of the company’s customers, potential customers, partners and service providers, as well as subscribers to the newsletter (“registered”).
There are separate privacy statements for the processing of other personal data related to the company’s business. For more information, contact the registrars below.
2 THE REGISTRAR AND THE DATA PROTECTION OFFICER
Registrar: InHunt Group
Data Protection Officer: Kari Juutilainen
InHunt Group Oy, Äyritie 12 C, 01510 Vantaa
3 LEGAL BASIS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA
With respect to customers and potential customer representatives, the processing of personal data is based on the legitimate interest of the company and / or its customer or potential customer in providing services, cooperating and / or promoting services.
In the case of representatives of partners and service providers, the processing of personal data is based on the legitimate interest of the company and / or its partner or service provider to cooperate.
With regard to newsletter situations, the legal basis for the processing of personal data is the contractual relationship between the company and the data subject regarding the sending of the newsletter and the company’s legitimate interest in informing about its services and other company-related matters.
The processing of personal data is also based on statutory obligations, such as accounting obligations.
The provision of non-essential personal information is voluntary and subject to consent. The data subject has the right to withdraw his consent at any time (see data subject’s rights below).
Personal information can be used in the following ways:
To provide the company’s products and services and to place orders
For the performance of statutory obligations
For the production, maintenance, development and quality assurance of services
For the procurement of goods and services
Monitoring compliance with contractual obligations
Personalized customer service and targeted customer communication and monitoring of the use of the services
For marketing and targeting marketing to customers and potential customers
Business planning and product development
For internal planning, development and reporting
For organizing events
IT management (IT environment with equipment and systems)
Risk management, ensuring the security of services, managing information security and preventing and detecting misuse
4 GROUPS OF PERSONAL DATA TO BE PROCESSED AND DATA CONTENT AND SOURCES OF DATA
The company only collects personal data from data subjects that is relevant and necessary for the purposes described in this privacy statement. This applies to information provided by the data subjects themselves and to information gathered from other possible sources.
Personal data to be processed:
Personal data group
Examples of information content
Name, address, telephone number and e – mail address.
Information related to being a representative
Represented community, contact information of the community such as address, community business ID and the status of the representative in the community
Customer relationship information
Account number, billing and payment information, and other customer-identifying information.
Customer transaction information and contract and product information
Personal data, customer feedback, complaints and other communication between the data subject and the company, as well as other transaction information contained in the agreement and other documentation between the company and the entity representing the data subject.
Management of the data subject’s rights such as consents and prohibitions
Marketing Prohibitions and Consents.
Communication and measures related to the data subject’s rights (see data subject’s rights below).
Other voluntary (additional) information Desires and preferences related to the contract or marketing / marketing event.
Other additional information provided in contacts or appointments.
Personal data, the provision of which is necessary for the performance of contractual and / or legal obligations between the company and the data subject and for the provision of the company’s services, will be communicated to the data subject in each connection.
5 SOURCES OF INFORMATION
Mainly personal data is collected from the data subjects themselves, for example in connection with making an offer, concluding a customer agreement or during a customer relationship, in connection with marketing, in connection with visiting a website or through website forms. The registrant may also have provided the company with information, for example in connection with a competition or lottery, in connection with the use of the website or by subscribing to an electronic newsletter.
Personal data may also be collected from the community on whose behalf the data subject acts. In addition, information may also be collected and updated from registers maintained by third parties, such as Fonecta Oy’s search engine service, in situations permitted by law.
6 RETENTION OF PERSONAL DATA
The Company will retain personal information for as long as necessary to fulfill the purposes set forth in this Privacy Statement, unless required by law to retain personal information for a longer period (e.g., specific legislation, accounting or reporting responsibilities and obligations) or required to prepare, file or defend.
The retention period and retention criteria for personal data vary according to the purpose for which a particular group of personal data is used.
Personal data is processed during the term of the customer-contract relationship and the necessary time after the end of the customer-contract relationship.
Documents related to contracts are kept mainly for 10 years due to statutory (accounting) and contractual obligations and responsibilities, unless there are grounds for keeping the information longer than required by company law or other obligations or rights of the company.
In the case of entities, the retention of personal data of a Community representative is linked to the length of time that data subject acts as a representative of the entity towards the company.
Personal data necessary for marketing will be kept as long as the data subject is the subject of a certain marketing activity, eg participates in an event or is contacted about certain services or products.
Consents, prohibitions and restrictions on the processing of personal data will also be maintained for as long as they are in force.
Customer identification information is retained for the period required by law. When personal data are no longer required as defined above, the data shall be deleted within a reasonable time.
7 RECIPIENTS OF PERSONAL DATA
The company may transfer personal data internally between companies belonging to the group.
The Company may disclose personal information to third parties and utilize external processors such as service providers and subcontractors. The company ensures, with adequate contractual obligations, that the processors of personal data process personal data legally and otherwise properly.
The company uses external service providers and subcontractors to process personal information. For example, service providers that provide the company with IT systems and financial management services / payroll, collection and legal services, deliveries of goods and other services participate in the processing of personal data. An appropriate agreement on the processing of personal data has been drawn up with all parties involved in the processing of personal data.
Further information on the parties to whom personal data will be transferred can be obtained from the company, if necessary (see contact details at the beginning of this privacy statement).
Personal data may also be disclosed to authorities in situations required and justified by law.
The company may also be required to disclose the personal data of data subjects in the event of an emergency or other unexpected situation in order to protect people’s lives and health and property. In addition, the company may have to disclose the personal data of data subjects if the company is involved in litigation or other dispute resolution proceedings.
If the company is involved in a merger, business transaction or other corporate reorganization, it may have to disclose the personal data of the registered persons to third parties. The data protection of the data subject is also protected. arrangements and shall be duly notified.
Personal data will not be disclosed for the direct marketing purposes of others or for opinion and market research and other similar surveys.
The transfer of data to a third party takes place mainly by means of electronic data transmission connections, but the data may also be transferred by other means, such as by telephone or letter.
8 TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA OR TO INTERNATIONAL ORGANIZATIONS
Data will not normally be transferred outside the European Union or the European Economic Area or to international organizations. If personal data is transferred, the person will be notified in advance.
9 PRINCIPLES FOR THE PROTECTION OF PERSONAL DATA AND SECURITY OF PROCESSING
The Company processes personal information in a manner that seeks to ensure the proper security of personal information, including protection against unauthorized processing and accidental loss, destruction or damage.
The Company will use appropriate technical and organizational safeguards to ensure this, including the use of firewalls, encryption technologies, secure equipment facilities, proper access control, guidance to personnel involved in the processing of personal information, and subcontractors.
The company’s network and servers and cloud services are protected by a firewall and other technical measures as well as passwords. Staff have been instructed in the secure use of passwords.
Data is printed only when necessary, and paper prints are securely destroyed. The staff has been instructed that the personal identification number of the registered persons should not be unnecessarily entered in the documents.
Access to personal data is limited to the necessary persons.
All parties processing personal data have a duty of confidentiality in matters related to the processing of registered personal data on the basis of the Employment Contracts Act and the confidentiality provisions of the company’s agreements.
In accordance with this privacy statement, the company may outsource the processing of personal data to service providers or subcontractors, in which case the company will ensure, with adequate contractual obligations, that personal data is processed properly and lawfully.
10 RIGHTS OF EXHIBITORS AND EXERCISE OF RIGHTS
Data subjects have rights guaranteed by data protection law.
Right of access to data and right of inspection
The data subject has the right to receive confirmation as to whether the data subject’s personal data will be processed.
The data subject also has the right to check and see information about himself and, upon request, the right to receive the information in writing or electronically.
Right of rectification and erasure
The data subject has the right to demand the correction of incorrect or inaccurate information. In addition, the data subject has the right under applicable data protection law to request the deletion of his or her data.
The company also removes, corrects and supplements personal data that it detects on its own initiative that is incorrect, unnecessary, incomplete or out of date for the purpose of the processing.
The right to transfer data and to restrict and oppose processing
The data subject has the right to request the transfer of his or her data to another controller in accordance with data protection legislation.
In addition, the data subject has the right to request a restriction on the processing of personal data in accordance with the conditions set out in data protection law. In addition, in a situation where personal information suspected to be incorrect cannot be corrected or deleted or there is ambiguity about the request for deletion, the company will restrict access to the information.
The data subject has the right to object to the use of the data for a certain type of processing. The data subject has the right to refuse the disclosure and processing of his data for direct marketing purposes.
Right to withdraw consent
If the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw his or her consent at any time. The cancellation has no effect on the processing previously performed.
Exercise of rights
Requests for data subjects’ rights will be made in person, by post or electronically, and will be addressed to the controller mentioned in this privacy statement (contact details in section 2 Data controller). Identity is verified before providing information. The request shall be answered within a reasonable time and, if possible, within one month of the request and verification of identity.
If the data subject’s request cannot be accepted, the data subject shall be notified of the refusal in writing. The Company may refuse upon request (such as deletion of information) due to a statutory obligation or a statutory right of the Company.
11 RIGHT TO APPEAL TO THE SUPERVISORY AUTHORITY
The data subject has the right to lodge a complaint with the competent data protection authority if the data subject considers that his or her personal data have been processed in breach of applicable law. In the European Union, a complaint may be lodged, in particular, in the State where the data subject has his habitual residence or place of employment or where the alleged infringement has taken place.
12 AMENDMENT TO THE PRIVACY STATEMENT
The Company may need to amend and update this Privacy Statement as necessary. Changes may also be based on changes in data protection legislation. We recommend that you read the contents of this privacy statement regularly. If the changes involve new purposes for the processing of personal data, the company will notify them in advance and, if necessary, request consent.