Privacy Statement
Iisalmen Sahat Oy’s statement on personal data processing and data subject’s rights (EU General Data Protection Regulation (2016/679)
1. Register name
Personal data register
2. Register holder
Iisalmen Sahat Oy, PL 136, 74101 Iisalmi
– Visiting address: Sahatie 6, 74510 Iisalmi
3. Contact person responsible for registry matters
Pirkko Väisänen, pirkko.vaisanen@ipowood.fi / tel: +358 44 7467896
4. Legal basis for processing personal data and purpose of processing
Legitimate interest of the data controller, employment relationship, recruitments, implementation of timber trade agreements.
Personal data is processed in order to manage the recruitment of employees and service relationships and related employer obligations, as well as to manage the obligations of timber trade agreements.
5. Data content of the register
The register contains information about employed persons: wage earners and other fee recipient
In addition, the register contains information about those job applicant, who have given their consent to save their job applications in the register.
The register also contains information on those natural persons who trade in timber with Iisalmen Sahat Oy.
The following information is stored in the register as needed:
– Personal identification information (e.g. name, date of birth, social security number, contact information)
– Information on the location and state of the forest, as well as information on forest resources
– Details of the employment relationship
– Possible job application and CV
– Information related to payment (e.g. account number, salary factors, labor union membership)
– Details of development discussions
– Information on training and qualifications
– Working time monitoring and annual leave information
– >Working time allocation information
– Travel and expense invoices
– Information regarding the employee’s state of health
– Job well-being surveys
Data retention period: The retention period for payroll accounting and timber trade accounting is in accordance with the Accounting Act. Annual leave accounting and pension calculations as well as other information related to the employment relationship are kept for 10 years.
6. Regular data sources
Registered person himself
The registrant’s foreman
Occupational health care
7. Regular transfers of data and transfer of data outside the EU or EEA
The personal data stored in the register is disclosed in the manner permitted and required by the applicable legislation to authorities who have the legal right to receive information from the register, such as tax authorities, pension companies, insurance companies or employers’ associations and the like. Personal data in the register will not be disclosed or transferred outside the European Union or the European Economic Area.
8. Principles of registry protection
Special care is taken in the processing of the register, and the information processed with the help of digital systems is protected by means of appropriate user management and up-to-date information security management.
When register data is stored on an Internet server, their physical and digital data security is properly taken care of. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees who are assigned to do so.
1. Digital material
The information stored in the register is protected by data security so that only authorized employees or other persons can view it. The use of information systems is monitored and access to the systems is limited, and the user is identified by a username and password. The register is stored on a secure server located in Finland.
2. Manual material
The manual material is kept in a locked state and is available only to those entitled to access the information.
9. Right of inspection and right to demand correction of information
The person in the register has the right to check his/her information stored in the register and to demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him/her or demand correction, the request must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month). The inspection request is addressed to the person in charge of registry matters in section 3.
10. Other rights related to the processing of personal data
A person in the register has the right to request the removal of personal data about him/her from the register (“right to be forgotten”). Those registered also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the registrar may ask the requester to prove his identity. The controller responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).