- The controller
- For what purposes can personal data be processed and what is the basis for processing the data
- What personal information can be collected and where is the data collected from
- Who has access to your personal information and who we may disclose it to
- How is personal information protected
- Privacy rights
- How long will your data be stored for
- Data transfer outside the EU or the EEA/Notification of international transfers
- Collecting customer feedback
- Website monitoring
- Contact forms on the website
- Using the email system
- How to contact
- Automatic profiling
”The controller” means Checkfin Oy, who determines the purposes and means of processing Personal Data.
“Registered User” means a natural person whose Personal Data is processed by Checkfin.
“Legislation” means any national data protection laws, the European Union Data Protection Regulation (2016/679, “GDPR”) from the date of its application (25 May 2018), and any future data protection legislation in force at any given time.
“Model contract clauses” refer to the standard contract terms adopted by the European Commission for the transfer of personal data from EU controllers to third-country processors (Decision 2002/16 EC).
“Personal data” means any information relating to an identified or identifiable natural person; identifiable means a natural person who can be identified, directly or indirectly, in particular by reference to identification, such as name, identity number, location, online identification, or one or more specific physical, physiological, genetic, mental, economic, cultural or social factors.
“Processing” means any activity or activities in which Personal Data is processed.
2. The controller
3. For what purposes can personal data be processed and what is the basis for processing the data
Checkfin collects and processes your information in connection with the registration and completion of training, as well as in connection with document review requests and assignments received from Checkfin’s partners. Personal information is used to ensure the operation of the online training platform used by Checkfin and to enable Checkfin to provide advice and service related to its operation.
In addition, customer information can be used for training communication and marketing. If personal data is to be used for marketing, a marketing permit will be requested separately in connection with the collection of personal data.
Consent to marketing
If we intend to carry out customer marketing, we will ask for separate marketing authorization in connection with the collection of personal data. The maintenance of marketing bans is automated and it is easy for the customer to leave our marketing list. We do not use the mass mailing features of email programs in e-marketing, but each message is sent individually and individually to a person. This way, the recipient’s email address will not be visible to anyone other than the recipient.
4. What personal information can be collected and where is the data collected from
Checkfin collects information either from you, your employer, or from Checkfin Oy’s partners or authorities. Your information may also be collected from other reliable sources such as Digital and population data services agency.
We may collect the following personal information:
- First name
- Email address
- Employer company
- Company name
- Telephone number
5. Who has access to your personal information and who we may disclose it to
We do not sell or share your personal information with third parties.
Checkfin may however transfer your personal information to its service partners or these partners may be granted access to Checkfin’s systems that contain your personal information. In such a case, that partner will process your personal data on behalf of Checkfin in accordance with its instructions and has contractually agreed to, among other things, keep the data confidential. In addition, within Checkfin, access is only granted to persons who need your personal information to perform their duties.
6. How is personal information protected
Information will be treated with the highest standards of security and confidentiality. The register is stored in a database that is protected by firewalls, passwords, and other technical means and can only be accessed by persons authorized by Checkfin.
Registered users log in to the system using an email address as a username and select the password themself. Administrators see the email addresses of registered users but not the password.
7. Privacy rights
The registered users have rights in relation to the personal data held by Checkfin. These rights are:
- The right to request access to the personal information in Checkfin’s possession.
- The right to request correction of incorrect or incomplete information.
- In certain situations, the right to request a restriction on the processing of personal data or to object to the processing
- The right to request the deletion of data from the registers.
- The right to prohibit the collection of personal data for direct marketing purposes as well as direct marketing.
- The right to receive personal data in our registers in electronic form.
Notwithstanding the above rights, the information provided by the customer may still be processed in order to fulfill legal obligations.
8. How long will your data be stored for
Checkfin will retain your personal information for at least the duration of the contractual relationship between Checkfin and its contracting partner, after which Checkfin will review the need to retain your personal information.
In any case, your personal data will be deleted no later than 10 years after the end of the contractual relationship between Checkfin and the service subscriber.
9. Data transfer outside the EU or the EEA/Notification of international transfers
As a general rule, your personal information will not be transferred outside the EU or the EEA.
We may however use subcontractors who may have access to your personal information from outside the EU / EEA, such as the United States, to process your personal information related to the completion of online courses provided by Checkfin. We ensure the proper and lawful execution of transfers in accordance with the legislation on the processing of personal data.
We would only ever transfer your personal data outside the EU / EEA area on any of the following legitimate grounds:
- The European Commission has decided that an adequate level of data protection has been ensured in that recipient country;
- We have taken appropriate safeguards to the transfer of your personal data using standard data protection clauses approved by the European Commission. In that case, you have the right to obtain a copy of those standard expressions by contacting us; or
- You have given your explicit consent to the transfer of your personal data, or the transfer of your personal data outside the EU / EEA area, there is another legal basis, such as the Privacy Shield Arrangement approved by the European Commission for the United States.
10. Collecting customer feedback
Checkfin collects customer feedback on its services. Giving feedback is voluntary. No personal information will be collected in connection with the provision of feedback that could identify an individual registered user. Statistically collected data cannot be linked.
11. Website monitoring
Checkfin’s website is open to everyone and no registration is required to browse the pages. The site collects statistics on the use of the online service to support the development of the site. Website tracking is performed using Google Analytics and the statistical data it enables.
No personal information is collected about the use of the online service that could identify an individual visitor. Statistically collected data cannot be linked.
13. Contact forms on the website
The website may have contact forms that allow visitors to submit a contact or quote request. The following information may be asked on the contact form:
- Email address
- Telephone number
- Company name
- Free text
The information on the contact form is automatically transferred to Checkfin’s email address.
14. Using the email system
Inquiries sent to Checkfin’s email address firstname.lastname@example.org and other emails requiring Checkfin’s actions will be sent to a shared email inbox. Emails are readable by Checkfin staff only and require staff members to log in to a computer or email program with a username and password. The username and password are stored behind locked doors or lockers or in electronic systems that require login.
The provisions of the Electronic Communications Data Protection Act on the confidentiality of communications apply to emails and identification data stored in the email system. A person who has received or otherwise gained information about a confidential message or identification information not intended for him or her may not disclose or use the content of the message, identification information, or information about the content of the message without the consent of the party to the communication unless otherwise provided by law.
Personal emails are subject to the provisions on the confidentiality of communications, which means that neither the employer/employer’s representative nor other third parties can view or open the messages without the consent of the person concerned. The Act on the Protection of Privacy in Working Life (759/2004) specifies the exceptional situations and ways in which a message received in a personal email may be opened without the consent of the person concerned.
15. How to contact
If you have any questions or concerns regarding your privacy, please contact Checkfin Oy by sending an email to email@example.com
You also always have the right to make a complaint with the relevant supervisory authority or the supervisory authority of the EU Member State where you reside or work if you consider that we have not processed your personal data in accordance with the applicable data protection law. More information can be found at: http://tietosuoja.fi
16. Automatic profiling
The customer is not subject to automatic profiling on the basis of the personal information provided.