KOSEK’S PRIVACY POLICY
Updated 15 October 2021
This privacy policy describes the principles under which Kokkolanseudun Kehitys Oy (hereinafter “KOSEK”) collects, uses, protects and discloses the personal data of its customers or employees.
This privacy policy does not apply to our partners with respect to various information systems. Please refer to the privacy policies of our partners for information on how they use customer data.
1. Information we collect
We may collect your personal data if you visit our company, use our services or otherwise are in contact with us. The information we collect can be divided into three categories: (a) information you provide directly to us; (b) information
we collect automatically; and (c) information we collect from other sources.
We may combine information you have provided directly to us with information we have collected automatically and with information collected from other sources.
We collect information you provide to us
You can provide the following personal data to us:
– personal data, such as name, mailing and e-mail address, telephone number, date of birth, gender and other
contact details;
– communication and usage details, such as information about which of our events you have participated in.
– profile data, such as your interests or your preferred time to visit us; and
– other personal details you choose to share with us
We collect information automatically
– through social media and website visitor statistics analysis
We collect information from other sources
– We may collect information from other companies and organisations, including other registers of the controller or companies belonging to its group or the same financial consortium. We may also collect publicly available information. For example, we may collect information about you if you contact us via social media.
– The details of the company you have started and its contact details will be transferred in accordance with the lists published by PRH to our customer management system. At this stage, the information is not yet public. Later, subject to the company’s consent (on the basis of contact made by either the company or KOSEK), the company information and contact details may be published on our website at www.kosek.fi in a free-of-charge
company register.
2. How we use the information we collect
We can use the information:
– to respond to your inquiries and to handle (any) payments that may be related to our services;
– to inform you about our products and services, our contests, offers, promotions and special events that may be
of interest to you (if you give us your consent);
– to inform you about the products and services of our partners (if you give us your consent);
– for communication regarding requests, questions and comments;
– to personalise your experience with our company and in our online services;
– to manage our business, including the development of new services, implementation of customer surveys,
sales, marketing and advertising and evaluating their efficiency;
– to maintain, manage and develop our services, online services and other technology;
– to protect against and to identify and proactively prevent fraud and other crimes, claims and liabilities; and
– to comply with the applicable law
We may also use your personal data in other ways, which we will inform you of when collecting the personal data or when we request your consent to the processing of the data.
The basis for processing your personal data is our legitimate interest, which is based on the factual connection between the parties. The data may also be processed on the basis of your consent.
The basis for processing personal data related to employment is agreement and legitimate interest.
3. How we disclose the information we collect
The company does not sell your personal data and will disclose them only as described in this privacy policy.
Your personal data may be disclosed to parties necessary for operative reasons, such as the City of Kokkola
(employment details for payroll services etc.) or business contact details for the development of the business activities at the City of Kokkola and Municipality of Perho.
The parties receiving the personal data are not entitled to disclose the details to other parties in any manner other than as described in this privacy policy.
We may transfer your personal data to suppliers that provide us with services, such as contest fulfilment, information processing and information technology services, promotion, contest and lottery services, opinion and market survey services and customer experience personalisation services. We do not allow such service providers to use the
information or disclose it for any purpose other than to provide services on our behalf.
For strategic or business reasons, we may decide to transfer our business in full or in part. As part of such a transfer, we may relay the information we have collected and retain, including customer details, to the parties involved in the transfer of business.
From time to time, we may disclose information from which you cannot be directly identified. For example, we may disclose anonymised, compiled statistics.
We have the right to use or disclose information if necessary because of a law, regulation or legal request; to protect technology; to defend against legal claims or to present them; to secure the rights, benefits or security of our organisation, employees or the public; or in connection with the investigation of fraud or other crime or a breach of our
rules.
4. Data protection for children
The company does not process the personal data of children.
5. Your rights
You have the right to review the information saved in a register pertaining to you. The review request must be sent to the address Kokkolanseudun Kehitys Oy, Kauppatori 5, 67100 Kokkola, or by e-mail to info@kosek.fi, and must be in writing. The review request can also be made personally with the controller.
If you have given us your consent to send you marketing communication, you can later revoke that consent in accordance with the information we have included in such communication.
We do not disclose personal data to third parties for their own direct marketing purposes unless you give us your consent to this. When we notify you of any such situation and you give us your consent, we will disclose your personal data in accordance with the instructions you give us.
You are in control of all personal data you provide us with. If, at any time, you wish to correct your personal data, please contact us at the address, telephone number or e-mail address specified in section 10 of this privacy policy. In certain cases, you additionally have the right to request that your personal data be deleted from the register and to ask that
they be transferred to another company. You have the right to restrict the processing of personal data and to object to their processing.
However, please note that providing the data and allowing their processing may be a requirement for starting to use or using a service in certain cases. The company reserves the right to suspend the provision of services or prevent access to them if the data subject does not provide information essential to the service or requires that they be deleted.
You have the right to be excluded from automated decision-making unless the decision is necessary for the conclusion or fulfilment of an agreement between the company and you, the decision is approved in the legislation or the decision is based on your explicit consent.
We always attempt to settle disputes regarding the processing of personal data directly with the data subject. If, however, you are dissatisfied with the processing of your personal data, you have the right to have the matter investigated by a data protection authority.
6. Information security
We are committed to taking care of the appropriate measures to safeguard your personal data. Our technical, administrative and physical processes have been designed to protect the personal data against accidental, unlawful or unauthorised loss, access, disclosure, use, alteration and destruction. Although we take care of protecting our systems, we cannot guarantee that a website, an information system or the transfer of information over the Internet or another public network is fully secure.
7. Retention of personal data
We retain the personal data for as long as the data can be considered necessary for the purposes described in this privacy policy, unless a longer retention period is required or allowed by legislation.
8. International data transfers
The system we use, Office 365 comply with the Privacy Shield processrequired
by the EU.
9. Changes to the privacy policy
This privacy policy will be applied as of the date specified above. We may make amendments to this policy from time to time. You should check our website regularly for the most recent version of the privacy policy.
10. Contacting us
If you wish to contact us with respect to this privacy policy, use the following contact details:
Kokkolanseudun Kehitys Oy,
Kauppatori 5,
67100 Kokkola
info@kosek.fi
+358 6 824 3400
THE COMPANY’S PRIVACY POLICY
Description of processing activities:
1 Controller
Kokkolanseudun Kehitys Oy/KOSEK
2 Person handling register issues
Pekka Pohjola
3 Names of data files
Hakosalo Business and service directory and newsletter tool. Office space register, KPKuntaraha, Questback Essentials sign-up and survey tool, Unit4 financial administration system, Eura project information system
= register based on customer relationship and factual connection
Intranet, Webtallennus, Populus
= register based on employment
4 Purpose of the use of personal data
The personal data are used for the management, development, administration and analysis of a relationship based on the customer relationship or other factual connection (e.g., electronic customer communication). The personal data are
also processed for marketing and electronically implemented marketing.
The staff’s personal data are processed for the management of the employment relationship.
5 Information content of the data file
A customer relationship or another factual connection comparable to a customer relationship is established with the controller’s activities, for example, when the data subject uses the controller’s electronic services (e.g., adds their details to the business register). The company processes personal data in this data file based on the customer relationship or
other factual connection or the data subject’s consent and based on employment.
The data file may be used for processing the following data types
For the management of issues related to employment
Basic data, such as
– given and last names
– contact details (mail and e-mail addresses and telephone number)
– language
– date of birth
– And, in the case of a file pertaining to employment, personal identity number and account number
Data provided by the data subject in relation to a customer relationship or other factual connection, such as
– commencement and end details related to the customer relationship or other factual connection
– registration data pertaining to electronic services, such as password or other identification data, and data provided via social media service credentials, as well as communication and usage data
– data pertaining to the data subject’s participation in various events and trainings we arrange
– complaints, feedback and other communication pertaining to a customer relationship and factual connection, communication and measures, including activities related to a registered company in social media services
– direct marketing permits and prohibitions
– information about any data breaches
– information about the data subject’s exercising of rights
In addition, the data file is used for processing changes to the above data.
6 Regular data sources
Personal data are collected from the data subject, for example, when the data subject uses the controller’s services or discloses information pertaining to them.
7 Disclosure and transfer of data
Personal data can be disclosed within the limits allowed and required by the legislation applicable at any time, for example, to companies belonging to the same financial consortium as the controller.
Information is not regularly disclosed to other third parties.
As a general rule, personal data are not transferred outside of the European Union’s member states or the European Economic Area unless this is necessary for the purposes of processing personal data described above, in which case the requirements of the personal data legislation are adhered to in the transfer of the data.
The data can be transferred to the controller’s direct marketing registers at the end of the factual connection unless the data subject has prohibited the data transfer in question.
8 Description of the protection and safeguards of the data file
The databases related to the data file are protected against external data breaches by means of firewalls, passwords and other technical measures. The databases and their backups are located in locked premises.
Only uniquely identifiable employees working by commission or on behalf of the company have access to the data contained in the data files with a personal access right granted by the controller.
The company has trained the personnel with respect to data protection and has provided internal instructions (staff instructions, information security instructions, data protection statement and the completion of the data protection video training by the City of Kokkola).
9 Right of review, prohibition and rectification
The data subject has the right to review the information stored in a register pertaining to them. The review request must be sent to the person handling registerissues in writing and must be signed. The review request can also be made personally with the controller.
The data subject has the right to prohibit the processing and disclosure of information pertaining to them by contacting the controller. The data subject has the right to require that erroneous information be corrected by contacting the controller.
10. Removal of information
We will remove the data when no longer necessary for the purposes described in this privacy policy unless a longer retention period is required or allowed by legislation.