Skip to content

Privacy policy

Privacy Policy Statement

Hereinafter in this statement, Company

Person responsible for data protection matters and/or contact person

Niina Kangosjärvi

niina.kangosjarvi@laplandstaff.fi

Name of the personal data register

Customer and marketing register

The privacy policy applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.

Collected personal data and data sources

We collect personal data necessary for managing customer relationships.

Data group Examples of data content
Identification and contact information The name and contact details of the customer and/or their representative.
Information related to products and services, orders, and customer communications Information on orders, delivery times, and details related to contracts, billing, customer communications, and complaints.
Marketing (including direct marketing) and events, as well as consents and prohibitions provided by the data subject Contact details for marketing purposes, and information collected in connection with events. Consents and prohibitions related to direct marketing.
Information about the use of websites and other electronic services IP address, identification data of electronic communication, search and browsing data, browser and operating system information, as well as registration data.

We collect personal data from the data subject directly and from publicly available government-maintained registers and other external sources, such as the trade register or other similar public company registers. We also collect data from those who have filled out contact forms and use this data for the aforementioned purposes related to maintaining customer relationships.

Purpose and legal basis for processing personal data

Personal data is processed within the limits allowed by applicable law for the following purposes:

  • Delivery of products and services, and the conclusion of customer contracts (contractual relationship or its preparation)
  • Management of customer relationships (legitimate interest)
  • Information and guidance regarding services (legitimate interest)
  • Testing of online services (legitimate interest)
  • Development of products and services (legitimate interest)
  • Collection and analysis of user statistics (consent, legitimate interest)
  • Improving the user experience of our website and other services (consent, legitimate interest)
  • Invoicing, credit decisions, and debt collection (legitimate interest)
  • Marketing communications (legitimate interest)
  • Direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • Management of stakeholder relationships and cooperation with subcontractors and service providers (legitimate interest, contractual relationship or its preparation)
  • Internal reporting and other administrative actions (compliance with legal obligations)
  • Management of warranty and liability issues, as well as the handling of complaints and legal and administrative proceedings (legitimate interest)
  • Prevention and investigation of misconduct, ensuring the security of information, people, and property (legitimate interest)
  • Compliance with other legal obligations (e.g., accounting and taxation) and reporting obligations

Additionally, when the processing of personal data is based on the individual’s consent, the person can withdraw their consent at any time by notifying the aforementioned contact person.

The processing of personal data may be necessary to fulfill the legitimate interests of the Company and the customer relationship with the data subject. The Company has a legitimate interest in processing personal data for marketing, service, and customer analyses and for service testing. Marketing purposes may also involve profiling. In such cases, the data subject has the right to object to the processing of personal data. When personal data is processed based on legitimate interest, we have assessed the benefits and potential harm to the data subject and determined that the rights and interests of the data subjects do not override the legitimate interest. Upon request, we provide more information about the processing of personal data based on legitimate interest.

Personal data processors

Access to personal data is limited to those responsible for customer relationship management and marketing.

Recipients of personal data

Various service providers and other third parties, such as providers of technical solutions or server space, or providers of accounting and financial management services, may also be used in the processing of personal data. We ensure that the parties we use in the processing of personal data comply with the contracts required by data protection laws.

Personal data may be disclosed to third parties in situations required by law or authority, or to investigate misuse, as well as to ensure security. Personal data may also need to be disclosed in connection with legal proceedings or similar legal processes.

If the Company is involved in a merger, business acquisition, or other corporate restructuring, personal data may be disclosed to the parties involved in the restructuring or those assisting in the process.

We provide additional information about the recipients of personal data upon request.

Transfer of personal data outside the European Economic Area

Personal data is not transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation of the service. In any cases of data disclosure and transfer, we adhere to the level of data protection required by data protection legislation and other necessary safeguards.

We provide more information on data transfers and the security mechanisms used upon request.

Cookies

We use cookies and other similar technologies on our website. A cookie is a small text file that the browser stores on the user’s device. Cookies contain an anonymous, unique identifier that allows us to recognize and count different browsers visiting our website. The purpose of using cookies and other similar technologies is to analyze and further develop our services to better serve users, as well as to target advertising. Users can manage their consent through the cookie tool on our website.

Protection of personal data

We protect personal data with appropriate technical and organizational methods. The data is collected in databases protected by firewalls, passwords, and other technical security measures. The databases and their backups are located in locked and guarded facilities, and only certain pre-named individuals have access to the information.

Retention and destruction of personal data

Personal data is retained for as long as needed for the purpose for which it was collected and processed, or to fulfill the contract, or as long as the law and regulations require. After this, personal data will be properly destroyed.

Rights of the data subject

The data subject has the following rights:

  1. The right to access personal data. The data subject has the right to receive confirmation of whether their personal data is being processed, as well as other information about the processing of personal data in accordance with data protection laws. The data subject has the right to receive a copy of their personal data.
  2. The data subject may request the rectification of their data if it is incomplete or incorrect.
  3. The data subject may request the deletion of their data when there is no reason independent of the data subject’s consent under data protection law to process it.
  4. The data subject has the right to restrict the processing of personal data if the accuracy or legality of the data requires it, or if the data subject requests restriction of the processing of personal data only to data retention based on the right to object. The data subject has the right to object to the processing of data for direct marketing purposes based on the legitimate interest of the Company.
  5. The data subject may request the transfer of data to another data controller. The right to transfer applies primarily to personal data provided by the data subject to the data controller in a structured and machine-readable format, where the processing is based on the data subject’s consent or contract, and/or where the processing is carried out automatically.
  6. The right to withdraw consent. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw their consent to the processing of their personal data. Withdrawal of consent does not affect the processing that was performed before the withdrawal.
  7. The data subject must send their requests regarding their rights in writing or by email to the following contact details:

Company Name
Inspection/other personal data-related request

The identity of the requester may be verified before processing the request. The Company will respond to requests within one month of the request, unless there are special reasons to extend the response time.

The data subject has the right to file a complaint with the competent data protection authority if they believe their personal data has been processed in violation of data protection laws.

The contact details of the Finnish Data Protection Authority can be found here.

Scroll To Top