Q-Factory Oy – Privacy notice

Updated 23.9.2021

 

On this page you will find general information about Q-Factory Oy’s data protection policies as well as data protection and privacy notice in accordance with the EU’s general data protection regulation (GDPR, 679/2016).

 

GENERAL

Q-Factory Oy is a consulting company producing IT services and software solutions. Our solid know-how and the long experience of our staff lead to high-quality and secure solutions in which a person’s data protection is taken into account responsibly as required by law and regulations.

Q-Factory Oy constantly strives to improve the level of Data security and data protection management and to prevent threats to it. We do this together with all our staff and all our stakeholders.

The goals of Data security and data protection are defined in our company’s information security policy, and it is part of our company’s risk management based on ISO-27001 and ISO-9001 standards, VAHTI recommendations and best practices in the field of information technology.

Q-Factory Oy monitors standards, legislation and regulations related to data security and data protection and takes measures required by these changes if necessary.

 

The key objectives of our security policy are:

  • Uninterrupted and secure operation of Data systems that support the company’s operations
  • Uninterrupted and secure operation of the company’s services to customers
  • Prevention of destruction and unauthorized alteration of data content
  • Preventing intrusion into and unauthorized use of information systems
  • Ensuring personal data protection and rights
  • Ensuring business continuity in exceptional circumstances through continuity planning and contingency arrangements
  • Our personnel are required to participate in relevant training and commit to complying with the information security policy and guidelines.

 

MARKETING REGISTER

 
1. THE CONTROLLER

Q-Factory Oy (Business ID 2317171-8)

Kauppaneuvoksentie 8, 00200 Helsinki

+358 10 336 2600

 

2. CONTACT IN DATA PROTECTION MATTERS

Data Protection Officer

Tuomas Huokuna

phone: +358 (50) 466 2727

e – mail: tuomas.huokuna (at) q-factory.fi

Contacts in matters concerning data protection are addressed to the e-mail address data protection (at) q-factory.fi

 

3. NAME OF THE REGISTER

Q-Factory Oy’s marketing register

 

4. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data is the legitimate interest of the controller.

In the case of cookies, the processing is based on the user’s consent or, in the case of cookies necessary for the operation of the site, a legitimate interest. The user can manage their cookie settings on the website.

Personal data is used to market the controller’s services and events, as well as to communicate with potential and current customers and partners, and to maintain customer and partnership relationships.

Necessary cookies are used to ensure the operation of the site. Other cookies are used to develop the controller’s services and website.

 

5. DATA CONTENT OF THE REGISTER

The register may contain the following Data

  • First and last name
  • Title/position
  • employer and employer contact Data
  • email address
  • telephone number
  • cookies

In addition, the register may collect Data on the data subject’s participation and registration for events organized by the controller.

 

6. REGULAR SOURCES OF DATA

The Data contained in the register is collected through a customer or partnership relationship, through the website’s contact form, and from registrations and participation in events.

Cookies are stored when you use the website.

In addition, Data may be collected from the registers or public sources of other controllers providing search or similar services.

 

7. DISCLOSURE OF THE CONTENTS OF THE REGISTER

The contents of the register will not, in principle, be disclosed or transferred outside the EU and the European Economic Area. However, Data may be disclosed to authorities, for example, on the basis of a legal requirement.

 

8. PROTECTION OF THE REGISTER

The register exists only in electronic form in the company’s high-security cloud service and is protected by appropriate administrative and technical security measures.

Access to the register is only possible with an encrypted connection and a personal username and password. The use of the register is confidential and its access is limited to persons belonging to the controller’s own staff whose duties require access to the register. The staff of the controller has a duty of confidentiality and has received appropriate training in data security and data protection.

 

9. DATA RETENTION PERIOD

The Data collected in the register shall be kept only for as long and to the extent necessary in relation to its purpose. The Data content of the register, the legal basis for use and the need for processing shall be assessed at least every three (3) years.

 

10. RIGHTS OF THE DATA SUBJECT

a) The right of access to personal data

The data subject has the right to receive confirmation as to whether personal data concerning him or her are being processed and, if so, the right to receive a copy of his or her personal data.

 

b) Right to rectification of data

The data subject has the right to request that incorrect or inaccurate personal data concerning him or her be corrected or supplemented.

 

c) Right to delete data

The data subject has the right to request the deletion of personal data concerning him or her if: – the personal data are no longer needed for their original purpose – the personal data have been processed unlawfully

 

(d) Right to restrict processing

The data subject has the right to restrict the processing of personal data concerning him if: – the data subject denies the accuracy of the data – the processing is unlawful and to defend

 

e) Right to object

The data subject shall have the right to object to the processing of his data on the basis of his personal situation if the controller cannot demonstrate that there is a substantial and justified reason for the processing which overrides the data subject’s interests, rights and freedoms.

 

f) The right to transfer data from one system to another

The data subject shall have the right to obtain his or her register data in a commonly used and machine-readable form and to transfer such data to another controller.

 

(g) Right of appeal to the supervisory authority

The data subject has the right to lodge a complaint with the national supervisory authority, which is the Data Protection Officer attached to the Ministry of Justice, if the data subject considers that the processing of personal data concerning him or her has infringed the relevant legislation.

 

 

FOR MORE INFORMATION

All requests for information and other contacts must be forwarded to the person responsible for the register at the access point mentioned in point 2.

 

 

RECRUITMENT REGISTER

 
1. THE CONTROLLER

Q-Factory Oy (Business ID 2317171-8)

Kauppaneuvoksentie 8, 00200 Helsinki

+358 10 336 2600

 

2. CONTACT IN DATA PROTECTION MATTERS

Data Protection Officer

Tuomas Huokuna

phone: +358 (50) 466 2727

e – mail: tuomas.huokuna (at) q-factory.fi

Contacts in matters concerning data protection are addressed to the e-mail address data protection (at) q-factory.fi

 

3. NAME OF THE REGISTER

Q-Factory Oy’s recruitment register

 

4. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data is the consent of the data subject. Consent is considered to be the job application submitted by the data subject and any appendices thereto.

Personal information is used in the recruitment process of the controller.

 

5. DATA CONTENT OF THE REGISTER

Due to its nature, the content of the register cannot be fully determined in advance, as it may contain Data provided freely by the individual. In general, the register contains at least the following Data:

  • First and last name
  • contact Data (such as address, email address, phone number)
  • date of birth
  • wishes about the job and salary
  • information on education, work experience and competence profile
  • other additional information freely provided by the data subject
  • additional information to be provided as an attachment, such as CV, work samples, etc.

 

6. REGULAR SOURCES OF DATA

As a rule, the data source is the data subject himself. In addition, more limited Data can be collected about potential recruiting candidates to be contacted, for example through information published by partners, own staff or individuals themselves (professional social media such as LinkedIn).

 

7. DISCLOSURE OF THE CONTENTS OF THE REGISTER

The contents of the register collected with the consent of the registrant may be handed over to Q-Factory Oy’s personnel participating in the recruitment process as well as to potential registered person’s clients who are Q-Factory Oy’s customers.

Information collected from a source other than the data subject will not be disclosed to Q-Factory Oy personnel other than those involved in the recruitment process.

In addition, data may be disclosed to authorities, for example, on the basis of a legal requirement.

The contents of the register will not be transferred outside the EU and the European Economic Area.

 

8. PROTECTION OF THE REGISTER

The registry exists in electronic form in the company’s high-security cloud service and is protected by appropriate administrative and technical security measures. In addition, parts of the register can be printed as hard copies.

Access to the register located in the cloud service is only possible with an encrypted connection and a personal username and password. The use of the register is confidential and its access is restricted to persons belonging to the controller’s own staff whose duties require the use of the register. access. The staff of the controller has a duty of confidentiality and has received appropriate training in data security and data protection.

Paper copies shall be kept in a locked room to which only persons belonging to the controller’s own staff whose duties require access to the register shall have access.

 

9. DATA RETENTION PERIOD

The data collected in the register will be reviewed annually, and in connection with the review, Data for which the recruitment process has not resulted in an employment relationship will be deleted. When the recruitment process leads to employment, the Data in the recruitment register is deleted immediately.

 

10. RIGHTS OF THE DATA SUBJECT

a) The right of access to personal data

The data subject has the right to receive confirmation as to whether personal data concerning him or her are being processed and, if so, the right to receive a copy of his or her personal data.

 

b) Right to rectification of data

The data subject has the right to request that incorrect or inaccurate personal data concerning him or her be corrected or supplemented.

 

c) Right to delete data

The data subject has the right to request the deletion of personal data concerning him or her if: – the personal data are no longer needed for their original purpose – the personal data have been processed unlawfully

 

d) Right to restrict processing

The data subject has the right to restrict the processing of personal data concerning him if: – the data subject denies the accuracy of the data – the processing is unlawful and to defend

 

e) Right to object

The data subject shall have the right to object to the processing of his data on the basis of his personal situation if the controller cannot demonstrate that there is a substantial and justified reason for the processing which overrides the data subject’s interests, rights and freedoms.

 

f) The right to transfer data from one system to another

The data subject shall have the right to obtain his or her register data in a commonly used and machine-readable form and to transfer such data to another controller.

 

g) Right of appeal to the supervisory authority

The data subject has the right to lodge a complaint with the national supervisory authority, which is the Data Protection Officer attached to the Ministry of Justice, if the data subject considers that the processing of personal data concerning him or her has infringed the relevant legislation.

 

 

FOR MORE INFORMATION

All requests for information and other contacts must be forwarded to the person responsible for the register at the access point mentioned in point 2.