1. The Processor
Empere HR Partner (hereafter ”Empere”) has published this information document on data protection in compliance of personal data protection laws (10 and 24 §) and of the General Data Protection Regulation of the European Union (2016/679).
Empere HR Partner (business registration number: 3261861-4), Nummerotie 10, 21210 Raisio.
Contact details for queries regarding this register: Sirpa Mäkipere, sirpa.makipere@empere.fi
When submitting a query, the processor may request the inquirer to clarify or specify the query in writing. The inquirer may also be asked to provide proof of identity before further action can be taken.
2. The Data Subject
The data protection measures described in this document shall be applied to each service offered to all clients of Empere. These measures shall also be applied to managing the personal information of potential clients interested in the services of Empere. The data protection measures shall be applied to the management of personal information of Empere’s clients and the clients current and potential employees.
Personal information refers to all information related to a natural person (“data subject”) from which that person may either directly or indirectly be recognised as defined in the relevant legislation.
3. Processing of personal data
The processing of personal data is based on the registered client relationships, contracts, or any other relevant means. The processing of personal data is based on the consent of the data subject.
The purpose of processing of personal data is to manage the client relationship between Empere and the client and to maintain, develop, analyse, and communications related to the services provided by Empere. The personal data may also be used to fulfil legal responsibilities, including taxation and accounting responsibilities.
Empere may outsource the processing of personal data to an external service provider, in which case Empere shall ensure by the stipulation of contracts and the necessary covenants that the processing of personal data is done according to the data protection legislation and the restrictions imposed by such legislation.
4. Processed personal data
The personal data processed include:
- Client information: Company name, company identification number, name of the contact person and position in the company, address, phone number, and email address.
- Information on the purchased and offered services and any changes in such service.
The access to personal data is necessary for the management of contracts between Empere and the client, for the management of legal responsibilities, and for the production and delivery of Empere’s services and the management of client and business relationships. If the client does not provide the necessary personal data, services including creation of a contract or fulfilment of legal responsibilities may not be possible.
5. Rights of the data subject
The data subject has the following rights, which may be used by request to the Processor.
The data subject is entitled to:
- get confirmation from the processor of whether the data subject’s personal data is used
- access and check the data subject’s own personal data
- decline the use of personal data, when the use of personal data is only based on consent, not for example cliency
- demand the processor to correct errors in the personal data or missing information in the personal data
- request the processor to remove personal data, if the applicable data protection regulation is fulfilled and the processing of personal data is not necessary. The processor may have a legal or some other right to not remove the personal data in question. For example, the processor is obligated to retain accounting data according to the stipulations of the accounting law (chapter 2, 10§) for the required amount of time (10 years). This data related to accounting may not be removed until the end of the term.
- deny the use of personal information for direct marketing
- complain to a data protection officer, if the data subject believes a relevant data protection regulation has been breached
- demand the processor to limit the processing of disputable data until the issue in question has been resolved, if the relevant data protection regulation has been followed
6. Data sources
Empere shall gather the processed data from the client itself during the purchase of services or during other communications, as well as in the creation of contracts and from information presented during the term of a contract. In addition to this Empere may gather data from www-forms, emails, telephone, social media, client meetings, and other situations where the client presents their data.
7. Release of information
Empere shall not release client information to external parties for marketing purposes without the consent of the client.
Personal data may be released to external partners with whom Empere creates services for clients. Empere shall ensure that those external partners also follow the regulations of data protection legislations. Empere may have to release personal data to regulatory bodies in situations where legislation so requires and permits. In addition to this, Empere may have to release personal data, if the client organisation is party to legal proceedings or to proceedings in other dispute settlement bodies.
8. Duration of processing of personal data
Empere maintains personal data for as long as the cliency stands and for the necessary period after the expiration of cliency or contract.
Empere maintains personal data as long as necessary to fulfil the purposes defined in this data protection information document, unless legislation requires the maintenance of personal data for a longer period. Empere shall remove individual identifying personal data, including recruitments, 24 months after the expiration of a contract, unless the client has previously requested the removal of information, under the provisions of article 5, or otherwise requested to maintain personal data to track the provision of services.
Empere shall maintain personal data necessary for marketing for as long as the client remains a marketing target and has not requested the removal of personal data for marketing purposes.
Cookies expire and are removed two years after the most recent visit to the website.
9. Transfer of data outside of the EU or EEA
The personal data gathered by Empere shall generally not be transferred outside the European Union or the European Economic Area. If, for any reason, data is transferred outside the EU or the EEA, Empere shall ensure that the data protection regulation in the external country is sufficient, or takes the necessary action by creating contracts to ensure sufficient data protection and that the data processing is confidential and falls under the relevant legislation. Transfer outside the EU may occur temporarily through the use of various cloud services, for example in using OneDrive, Google Analytics, iCloud, or Dropbox.
10. Processors of personal data
Empere shall ensure that the maintenance of personal data, access to servers, and any other information critical to the secure maintenance of personal data is handled confidentially and only by those employees whose responsibility it is.
Empere may partially outsource the processing of personal data to those third parties with whom Empere provides services for clients. In such cases, Empere shall ensure through contracts that personal data is processed according to the relevant data protection legislation and properly.
11. Principles of protection of personal data
Empere shall act with care and diligence in the processing of personal data and protect the data processed using information systems properly. When personal data is stored on Internet servers, Empere shall ensure the physical and digital information security is adequate.
12. Automated decision making and profiling
The data shall not be used in automated decision making or profiling purposes.
13. All rights reserved
This data protection information may have to be changed to correspond with the development of Empere’s services. Changes may also be due to changes in data protection regulations.
The data protection information is published on 10.05.2022, version 1.0.