LOGIN
REGISTER

Privacy Policy

Updated on 09.02.2022

This People Cloud Oy’s (hereinafter also “we” or “us”) privacy policy describes our personal data processing activities as a controller (hereinafter “Privacy Policy”) for the categories of data subjects described in Section 3 below (hereinafter also “you”).

This Privacy Policy contains our records of processing activities as the controller and is also a privacy notice from us to you of the ways we process your personal data. Thus, this Privacy Policy covers at least the information required in Articles 13, 14 and 30 of the EU’s General Data Protection Regulation (679/2016) (hereinafter “GDPR”).

NB! We also act as a processor for the personal data our customers disclose to us when they use our People Cloud services. When we process personal data on behalf of our customers, we apply the practices that are described in Section 13 below. In addition, we comply with the provisions of our Data Processing Agreement (found in: https://peoplecloudpro.com/data-processing-agreement) or each relevant data processing agreement.

1) CONTROLLER
Name: People Cloud Oy

Business ID: 2940913-3

Address: Sisämaantie 35 B, 02780 Espoo, Finland

2) CONTACT PERSON
Name: Pekka Karvonen

Contact details: +358 50 480 4650, more.karvonen@peoplecloudpro.com

3) Data Subjects and Personal Data

4) Purpose for Processing

5) Legal Basis for Processing

Customers and potential customers:

  • contact details
  • customer relationship data

Management and development of customer relationships.

Direct marketing to our customers and potential corporate customers:

  • emails
  • phone calls

Contract

  • to perform the contracts to which we are a party to


Customer relations management

  • to manage and develop our customer relationships and further develop our business operations


NB! You have a right to opt-out of direct marketing each time we provide marketing to you.

Affiliates and potential affiliates:

  • contact details
  • affiliate relationship data

Management and development of affiliate relationships

Contract

  • to perform the contracts to which we are a party to

Jobseekers:

  • contact details
  • CV
  • possible registration data
  • possible other data the data subject chooses to disclose to us

Management of job applications and jobseeker relationship

 

 

 


Compliance with legal obligations

For the purposes of candidate data processing

  • to manage our jobseekers and possibly employ them


NB! You have a right forbid us from processing your personal data.


Legal obligations

  • to comply with several legal obligations as an employer

Persons who contact us, including social media contacts (e.g. persons who like our Facebook- page)

  • contact details
  • possible other data the data subject chooses to disclose to us

Management of contacts

Marketing and relationship management

  • to manage contacts made to us


NB! You have a right forbid us from processing your personal data.

6) THE PURPOSE AND LAWFULNESS OF PROCESSING
People Cloud Oy collects and processes personal information for the following purposes:

  1. To enable collecting job applications and candidate data to People Cloud’s data storage. This is based on the candidate’s consent when the data is acquired.
  2. Customer relations management
  3. Management of company ownership information


2-3 is based on is based on the GDPR Article 6 (a), (b) and (c) which are copied below for clarity:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

We use 3rd party cookies on our web site as follows:

  1. Google Analytics for collecting analytical visitor data to improve and develop the service.
  2. Additional cookies to improve marketing goals and provide a better user experience for the
    people who visit our website.

The cookies are based on the visitor’s consent when the data is acquired.

CloudBot service on the web site collects user information for marketing and relationship purposes. Data is collected based on voluntary user initiative.

7) REGULAR SOURCES OF INFORMATION
Data regarding the data subject are regularly gathered:

  • from data subjects
  • from our social media pages, if the data subject so chooses (e.g. following our Facebook-page)
  • by our affiliates
  • from the public sources such as websites, Population Register Center/Population Information System, Posti’s address database, phone companies’ databases and other similar private and public registries


8) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

Data subjects

Retention period

8.1) Customers

Necessary data shall be retained for a period of three (3) years following the end of customer relationship.

8.2)

Potential customers

Necessary data shall be retained for a period of three (3) years following the last date of contact, if the relationship has not developed into a customer relationship.

8.3)

Affiliates and
potential affiliates

Necessary data shall be retained for as long as is necessary, taking into consideration the nature of the relationship.

8.4)

Jobseekers

Necessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not turned into our employee.

8.5)

Persons who
contact us (not
including social
media)

Necessary data shall be retained for a period of three (3) years following the contact.

8.6)

Social media
contacts

Necessary data shall be retained for as long as the data subject deletes his/her data.

8.7) However, we may retain only the necessary data of the data subjects for longer than is described above, where we are
required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason. We shall be
careful not to apply this Section in vain.

8.8) We inspect the necessity of the personal data stored regularly and keep records of the inspections.

9) CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of personal data may consist of:

  • our affiliates
  • data storage service providers
  • accounting and auditing service providers


10) INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA
We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data.

11) DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.

The contacts concerning the rights shall be submitted to the contact details stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.

Right

Description

11.1) Right to inspect

Having presented the adequate and necessary information, the data subject has the right to know what, if any, data the controller has stored of her/him. While providing the requested information to the data subject, the controller must also inform the data subject of the controller’s regular sources of information, to what are the personal data used for and where is it regularly disclosed to.

11.2)

Right to rectify and erasure

The data subject has a right to request the controller to rectify the inaccurate and incomplete personal data concerning the data subject.

The data subject can request the controller to erase the personal data concerning the data subject, if:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based on;
  • the personal data have been unlawfully processed; or
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.


Let it be known that the data subjects’ rights to rectify and erase data does not concern the data which the controller must retain due to its legal obligations.

If the controller does not accept the data subject’s request to rectify or erase the personal data, it must give a decision of the matter to the data subject in a written form. The decision must include the reasons for which the request was not granted. The data subject may refer the matter to the relevant authorities (the Data Protection Ombudsman in Finland).

The controller must inform the party to whom the controller has disclosed the personal data to or has received the personal data from of the rectification or erasure of personal data. However, there is no such obligation where the fulfilment of the obligation would be practically impossible or otherwise unreasonable.

11.3)

Right to restriction
of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
  • the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.


If the controller has based the restriction of the processing of personal data on the above mentioned criteria, the controller shall give a notification for the data subject before removing the restriction.

11.4)

Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed on the basis of our legitimate interests, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes.

11.5)

Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or a contract.

11.6)

Automated individual decision- making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

However, the data subject shall not have the aforementioned right if the decision is:

  • necessary for entering into, or performance of, a contract between the data subject and us;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  • is based on the data subject’s explicit consent.

11.7)

Right to withdraw
consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

12) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.

13) COOKIES
Cookies are small text files that a website stores on your device when you browse that website. Cookies store data of your website use.

Our websites use cookies to improve our website. Cookies used to improve websites are a common part of all modern websites.

You can control and/or remove cookies freely at the individual browser level. Instructions can be found for example in here: aboutcookies.org.

14) SECURITY OF PROCESSING
We us all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect personal information from unauthorized or inappropriate access, but we note that the Internet is not always a secure medium. We restrict access to information about data subjects only to those personnel that need to know the information e.g. for responding to inquiries or requests made by the data subject.

15) MODIFICATIONS
We have a unilateral right to modify this Privacy Policy. The modifications take effect immediately when we post the up to date version of our Privacy Policy to our website.