Updated June 6th, 2022.
Furthermore, you always have the right to contact, or complain to the relevant data protection authority with regards to the processing of personal data in connection with the website. In Finland, the relevant authority is the Data Protection Ombudsman: https://tietosuoja.fi/etusivu
For privacy protection purposes, you may be asked to provide proof of identification and other relevant details.
DATA CONTROLLER AND PROCESSORS
Data controller means the party with overall responsibility for data processing. Data processor means a party that processes data on behalf of and under the control of a data controller, subject to an agreement between the two.
Data Controller: TactoTek Oy, Automaatiotie 1, 90460 Oulu, Finland
For the personal data processed in connection with the website, the data controller is the TactoTek. TactoTek may use external data processors, subject to separate agreements with said processors.
NAME OF PERSONAL DATA FILE
Customer, Marketing, Supplier, Job Applicant, Employee and Invention Data Registers.
WHY WE COLLECT AND STORE PERSONAL DATA
We store the data in order to create, maintain and develop our customer relations, to market our technology, products and services and to gain better understanding about the needs of our present and potential customers, business partners and suppliers, whether they are in cooperation with TactoTek or any of its subsidiaries. We also store personal data for marketing purposes and to fulfil business relations, such as invoicing or contractual matters.
We collect and store data of job applicants for evaluation and employment purposes. Please see separate section in the end of the document.
PERSONAL DATA AND LEGAL BASIS FOR PROCESSING
Personal data is processed in compliance with the provisions of the EU General Data Protection Regulation (”GDPR”) and relevant national privacy legislation. Personal data will only be processed for purposes made known to you and for which there is a legal basis for processing in accordance with applicable privacy laws and regulations.
Specifically, legal basis for controlling personal data is:
Performance of contract between you and TactoTek; providing you with any information needed or requested, keeping track of, and answering the contact request/email.
Your consent, in case of job applicant data (please refer to the section in the end of this document).
The legitimate interests of the controller; providing information about TactoTek and its products and services to you. This may be in the form of a newsletter or webinar invitation when you have used contact form or other form of subscription.
The legitimate interests of the controller carrying out error detection and repair, and detecting and preventing misuse of the website or our services with respect to individual website or service visitors’ detection and repair, and detecting and preventing misuse of the website or services with respect to individual visitors.
The data will be removed or permanently anonymized the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. We will erase data as may be requested, in accordance with GDPR and applicable national laws.
WHAT INFORMATION IS STORED
Our data register may contain personal information such as first and last names, job title, phone numbers, office address, email addresses and IP-address. We may also store your employers name, address and other contact information as well as details about your position in your company. Among the information stored may also be summaries of our conversations and meetings with you together with the relevant dates and times. We do not collect or store sensitive personal data.
SOURCES OF DATA
We gather the data directly from you during personal meetings, phone calls and email conversations or any similar encounters. We may also store data gathered from the internet; such as business website and social media services.
We may also collect the data of using website, using contact forms, newsletter request forms or forms for downloading additional material on our websites and using analytics services, internet cookies or similar techniques.
We may collect and store your data with the help of the following services/systems: CRM system(s), Survey tool(s), Mailing list service(s), Marketing and sales tool(s) such as Hubspot, Chat tool(s) and ERP system.
These services/systems may be run internally on our servers or hosted by 3rd party service providers, also called data processors.
We do collect website and social media usage data with the help of following services: Google Analytics and social media channels like LinkedIn, Facebook and Twitter.
WHO HAS ACCESS TO YOUR DATA AND HOW DATA MAY BE DISTRIBUTED
A limited number of our staff have access to your data. All staff having access to such data are bound by confidentiality obligations. Third party services that work as data processors are processing the data according to the GDPR and national laws.
Please note that there can be exceptions based on your country due to local laws or authorities and that we may be obligated to disclose your data to authorities or third parties pursuant to applicable law or an order of a regulatory or statutory authority.
Your personal data may be transferred in connection with a merger, acquisition, reorganization or sale of assets, subject to GDPR regulations.
Your data is kept on servers in the European Union / European Economic Area. However, due to technical reasons and due to service providers’ servers being located outside European Union, some data may be temporarily transferred between data processors outside of European Union or European Economic Area within the meaning of the GDPR. This data is mainly IP-addresses but may include other identifiers. Such data transfers will be either to countries with an adequate level of data protection as approved by the EU Commission, or governed by EU Commission approved standard contractual clauses, please access link for more information (link). In connection with the standard contractual clauses, TactoTek uses appropriate supplementary protection measures where needed. You have the right to request information concerning the data transferred on the basis of the aforementioned standard contractual clauses.
WHERE IS YOUR DATA HOSTED
We host your data on a cloud-based customer relationship management service primarily in the European Union. The cloud services and analytics services may replicate the data to servers outside the European Union and European Economic Area. In these cases, the required means, defined by GDPR and applicable data protection laws and regulations, are carried out to protect the data. Please see the above section for more information.
WHAT ARE THE SECURITY METHODS TO PROTECT YOUR DATA
We undertake to use, and to have our business partners and service providers use, appropriate and commercially reasonable technical and organizational security measures designed to secure your personal information from accidental loss and from unauthorized access or processing, use, alteration, and unauthorized disclosure.
Only the personnel with work related needs have access to your data. The office premises have controlled access. The safeguards TactoTek employs are proportionate to the likelihood and severity of any potential harms or threats, the sensitivity of the personal data, and the context in which it is held as well as development of security technologies.
WHAT ARE YOUR RIGHTS
Under the GDPR, you as a data subject have the following rights with regards to Personal data:
Right of access: you have the right to request confirmation of whether your personal data is processed and access to that personal data.
Right of rectification: you have the right to request the data controller to rectify any inaccurate or incomplete personal data concerning you.
Right of erasure: you have the right to request that personal data concerning you is erased where it is no longer necessary for the purpose for which it was collected or processed, where you object to the processing and there are no overriding legitimate grounds for processing, where your personal data is being unlawfully processed, or where personal data must be erased in order to comply with relevant legislation.
Right of restriction: you have the right to request restriction of processing of your personal data where the accuracy of the personal data is contested, where processing is unlawful or where the personal data is no longer needed by the data controller but you legitimately oppose the erasure of the personal data, or where you object to the processing and it has not yet been verified whether legitimate grounds exist for the processing.
Right to object: you have the right to object to processing of any of your personal data processed in which case the data controller shall be required to demonstrate legitimate grounds for the processing in order to continue processing said personal data.
Right of data portability: you have the right to receive the personal data concerning you and to transmit the personal data to another controller.
Written request to execute any of these rights, shall be submitted to firstname.lastname@example.org.
YOU MAY CHOOSE TO UNSUBSCRIBE FROM DIRECT MARKETING
You may manage your preferences or unsubscribe from direct marketing messages and to request that we stop processing your personal data for direct marketing purposes by using the links provided to you with the direct marketing messages you have received. Please note that critical alerts may still be sent to you even if you opt-out from marketing and other communications from TactoTek.
SPECIFICALLY ABOUT JOB APPLICANT DATA COLLECTION AND STORAGE
WHY DO WE COLLECT AND STORE THE DATA
We need to collect and process the job applicant data in our recruitment process in order to be able to evaluate the applicant’s suitability for the applied position and later on in order to enter into a contract with the applicant. You are under no obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
WHAT INFORMATION IS STORED
The job applicant register can include name, phone number, address, email address, photo, date of birth, curriculum vitae and recruitment process status. Due to the continuous growth of our organization and similarity of our open positions we will store this information for a period of 12 months if you give your consent. CVs that are sent speculatively are also kept on file for future recruitment purposes for a period of 12 months. At the end of the recruitment cycle your data will be deleted or destroyed. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment.
SOURCES OF DATA
We collect the job applicant data only from the applicant him/herself and from the referees supplied by the applicant. The information can be collected in a variety of ways, for example, through application forms, CVs or resumes, or collected through interviews.
WHO HAS ACCESS TO YOUR JOB APPLICANT DATA DATA AND HOW DATA MAY BE DISTRIBUTED
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Data is stored in our HRM system and may be shared internally for the recruitment purposes. This includes members of the HR and recruitment team and interviewers involved in the recruitment process. We will not share your data with any third parties, unless your application for employment is successful and we enter in the employment contract.
We host your data on a cloud based HRM system primarily in the European Union. The cloud service may replicate the data to servers outside the European Union. In these cases, the required means, defined by GDPR and the applicable national data protection laws and regulations, are carried out to protect the data. By submitting your personal data, you’re agreeing to this transfer, storing or processing. Please see above sections for more information.