Privacy Policies

Supplier register

Public privacy notice regarding the supplier register

Controller
Name: PRT-Forest Oy
Address: Leiviskäntie 2, FI-92930 PYHÄNTÄ
Email address: tietosuoja@prt-forest.fi

Contact person in matters regarding the register

Name: Ilkka Sydänmetsä
Telephone number: +358 40 5616 939
Email address: ilkka.sydanmetsa@prt-forest.fi

Name of the register:

PRT-Forest Oy’s supplier register

The purpose of and the grounds for the processing of personal data

Personal data is being processed based on the law in order to implement contracts, assignments, and orders between the Controller and the supplier or an agent.

The grounds for the processing is the relationship established between the parties at any given time by contracts, orders, or assignments.

The personal data that will be processed and storage times

  • Name and contact details of the supplier
  • Name and contact details of the contact person
  • Invoicing instructions

Data will be stored permanently. The name of the contact person can be changed or removed.

Regular sources of information

Public registers, the data subjects themselves.

Regular transfers of data

No regular transfers of data.

Transfer of data outside the EU and EEA

Data can be transferred outside the EU/EEA for system maintenance and financial management purposes, and the Controller has a valid and appropriate contract terms regarding the transfer of personal data, as required by the data protection regulation, the purpose of which is to ensure the protection of privacy.

Principles of register protection

  • Manual material is stored in separately locked storage cabinets or boxes in locked premises that can only be accessed by persons whose work tasks require the processing of the said material. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The storage of electronic material has been centralised to servers that are protected by a firewall. Traffic has been encrypted. Access to files and personal data records has been protected by means of a username and password, and access can be restricted based on the processing need. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The persons processing personal data are required to apply protection principles that are, at the minimum, of a similar level, in addition to which the instructions and protection requirements provided separately in a processing contract must be implemented.

Inspection right

Everyone has the right to know which data concerning themselves has been saved in the register. Exercising the inspection right requires that the request is made in writing and, where required, sufficient information in provided in connection to the request to verify the identity of the person who made the request. The request must be sent to the contact person of the Controller specified in section 2. One inspection request can be made in a calendar year free of charge; for any additional requests, a reasonable fee can be charged (€50 + VAT).

The right to request that information be corrected

Data subjects have the right to request that any incorrect information concerning themselves be corrected. The Controller can also correct information that is found to be incorrect at its own initiative. The request to correct information must be made in writing and sufficient information must be provided in connection to the request to verify the identity of the person who made the request. The correction request must be sent to the contact person of the Controller specified in section 2.

The right to request that data be removed

Data subjects have the right to request that any information concerning themselves be removed from the register. The removal of information can be restricted by statutory or technical reasons. The request must be made in writing and sufficient information must be provided in connection to the request to verify the identity of the person who made the request. The request must be sent to the contact person of the Controller specified in section 2.

Customer register

Public privacy notice regarding the customer register

Controller
Name: PRT-Forest Oy
Address: Leiviskäntie 2, FI-92930 PYHÄNTÄ
Email address: tietosuoja@prt-forest.fi

Contact person in matters regarding the register

Name: Ilkka Sydänmetsä
Telephone number: +358 40 5616 939
Email address: ilkka.sydanmetsa@prt-forest.fi

Name of the register

PRT-Forest Oy’s customer register

The purpose of and the grounds for the processing of personal data

Personal data will be processed based on the law in order to implement customer contracts, assignment, and orders, and for the purposes of customer communication.

The grounds for the processing is the customer relationship established between the parties at any given time by contracts, orders, or assignments.

The personal data that will be processed and storage times

  • Name and contact details of the customer
  • Name and contact details of the contact person (in case of corporate customers)
  • Invoicing instructions
  • Customer details will be stored permanently. The name of the contact person can be changed or removed.

Regular sources of information

Public registers, the data subjects themselves.

Regular transfers of data

No regular transfers of data.

Transfer of data outside the EU and EEA

Data can be transferred outside the EU/EEA for system maintenance and financial management purposes, and the Controller has a valid and appropriate contract terms regarding the transfer of personal data, as required by the data protection regulation, the purpose of which is to ensure the protection of privacy.

Principles of register protection

  • Manual material is stored in separately locked storage cabinets or boxes in locked premises that can only be accessed by persons whose work tasks require the processing of the said material. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The storage of electronic material has been centralised to servers that are protected by a firewall. Traffic has been encrypted. Access to files and personal data records has been protected by means of a username and password, and access can be restricted based on the processing need. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The persons processing personal data are required to apply protection principles that are, at the minimum, of a similar level, in addition to which the instructions and protection requirements provided separately in a processing contract must be implemented.

Inspection right

Everyone has the right to know which data concerning themselves has been saved in the register. Exercising the inspection right requires that the request is made in writing and, where required, sufficient information in provided in connection to the request to verify the identity of the person who made the request. The request must be sent to the contact person of the Controller specified in section 2. One inspection request can be made in a calendar year free of charge; for any additional requests, a reasonable fee can be charged (€50 + VAT).

The right to request that information be corrected

Data subjects have the right to request that any incorrect information concerning themselves be corrected. The Controller can also correct information that is found to be incorrect at its own initiative. The request to correct information must be made in writing and sufficient information must be provided in connection to the request to verify the identity of the person who made the request. The correction request must be sent to the contact person of the Controller specified in section 2.

The right to request that data be removed

Data subjects have the right to request that any information concerning themselves be removed from the register. The removal of information can be restricted by statutory or technical reasons. The request must be made in writing and sufficient information must be provided in connection to the request to verify the identity of the person who made the request. The request must be sent to the contact person of the Controller specified in section 2.

Personnel register

Public privacy notice regarding the personnel register

Controller
Name: PRT-Forest Oy
Address: Leiviskäntie 2, FI-92930 PYHÄNTÄ
Email address: tietosuoja@prt-forest.fi

Contact person in matters regarding the register

Name: Ilkka Sydänmetsä
Telephone number: +358 40 5616 939
Email address: ilkka.sydanmetsa@prt-forest.fi

Name of the register

PRT-Forest Group’s personnel register

The purpose of and the grounds for the processing of personal data

Personal data will be processed in order to fulfil the tasks and obligations of the employer specified in legislation, to implement other tasks of the employer as regards employment relationships, such as employee benefits, and in recruitment.

The personal data that will be processed and storage times

  • Basic information of the employees, such as the name, personal identity code, address, and other contact details;
  • Information of the next of kin, if any;
  • Account and tax card details for the payment of wages and for taxation purposes;
  • Information concerning holidays, paid and unpaid days off, and sick leaves;
  • Training and course details;
  • Information of trade union memberships, diagnoses contained in sick leave certificates;
  • Employment information of employees and job-seekers (such as recruitment-related merit ratings, development discussion information, information regarding the duration of the employment and training, courses, absences, and holidays);
  • Employee data will be stored for 10 years after the employment has ended unless a longer storage period is required by law. Breakdowns provided by occupational healthcare services cannot be linked to individual employees.
  • In recruitment, job-seekers submit free-form applications by email and the required details, such as training and course data, will be collected during the process. Recruitment data will be stored for 6 months from the date of the application, unless a longer storage period has been agreed upon.

If the recruitment process leads to employment, the data collected during the recruitment process will be included in the employee data.

Regular sources of information

Own activities of the Controller, the data subjects themselves, persons implementing merit ratings (if any), tax card data from the Finnish Tax Administration’s register.

Regular transfers of data

  • Information is transferred regularly in the required extent to authorities and cooperation partners in order to implement statutory obligations related to employment (incl. taxation) and the benefits granted by the employer (incl. pension and other insurances and employee benefits).
  • In the case of new employees, the necessary data (such as the name, contact details, and personal identity code) will be conveyed to occupational healthcare services in order to ensure the availability of services.
  • In recruitment, data can be conveyed to the person implementing the merit rating subject to the consent of the job-seeker. 

Transfer of data outside the EU and EEA

As regards the financial management system, data can be transferred outside the EU and EEA and such transfers have been protected by means of contract terms required by the data protection regulation, as required by Article 46.

Principles of register protection

  • Manual material is stored in locked premises (where required, in separately locked storage cabinets or boxes) that can only be accessed by persons whose work tasks require the processing of the said material. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The storage of electronic material has been centralised to servers that are protected by a firewall. Traffic has been encrypted. Access to files and personal data records has been protected by means of a username and password, and access can be restricted based on the processing need. Data will be processed confidentially and by complying with statutory confidentiality requirements.
  • The persons processing personal data are required to apply protection principles that are, at the minimum, of a similar level.

Inspection right

Everyone has the right to know which data concerning themselves has been saved in the register. Exercising the inspection right requires that the request is made in writing and, where required, sufficient information in provided in connection to the request to verify the identity of the person who made the request.

The right to request that information be corrected

Data subjects have the right to request that any incorrect information concerning themselves be corrected. The Controller can also correct information that is found to be incorrect at its own initiative. The request to correct information must be made in writing and sufficient information must be provided in connection to the request to verify the identity of the person who made the request. The correction request must be sent to the contact person of the Controller specified in section 2.

The right to request that data be removed

Data concerning employees will not be removed.