Creation date 1.6.2018
Data controller
Oy Tamware Ab (UK)
Yrittäjänkulma 5
040 1393 723
jussi.hilden@tamware.uk
Contact person in matters related to the filing system
Jussi Hilden
Yrittäjänkulma 5
040 1393 723
jussi.hilden@tamware.uk
Name of filing system
Access control register
Purpose of personal data processing
Legal bases of processing data is legal obligation.
Personnel access and (working hours, if combined) monitoring.
Categories of personal data in question
Name, location
Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.
Data content of filing system
Person’s first and last name (number?) Number of access pass
Unit
Premises in which office is located
Access pass validity permanent/temporary Access permission group
Working hours monitoring group
Regular data sources
System contact persons for units. Access grant applications. Clock-ins at working hour recorders.
Storage time
The data is kept for 10 + 1 years from the end of the employment.
Regular disclosure of data
For the part of working hour monitoring, realisation and deviation reports to supervisors by month of by wage period.
Data in the filing system will not be disclosed to third parties unless disclosure is required for the maintenance of employee relations of the payment of wages.
Transferring data outside the EU or the EEA
Data in the filing system will not be transferred outside the EU or the EEA.
Filing system’s principles of protection A: Manual material
Manual materials are stored in locked premises.
The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.
Filing system’s principles of protection B: Electronically processed functions
Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of employee supervision, monitoring, payroll tasks or other tasks related to the maintenance of employee relations. The filing system is kept on a protected server which is located in Finland.
The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.
Rights of the data subject
According to the General Data Protection Regulation (GDPR), data subjects have the right
to obtain information on the processing of their personal data of access to their data
to rectification of their data
to the erasure of their data and to be forgotten
to restrict the processing of their data
to data portability
to object to the processing of their data
not to be subject to a decision based solely on automated processing.
Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.
Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.
The following types of data are collected using cookies:
– visitor’s IP-address
– time of visit
– browsed pages and time of browsing – visitor’s browser
– other?
Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved.
Disabling cookies may affect the functionality of the website.
GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.
Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads
Google Analytics -monitoring can be disabled with a Chrome add-on.
Right of access
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.
Right to lodge
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.
The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.
Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 tietosuoja@om.fi www.tietosuoja.fi/en/
Right of portability
The data subject has the right to transfer his or her own data from one system to another.
The transfer request can be addressed to the registry contact person.
Right to rectification
Taking into account the purposes of processing, any data stored
in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.
A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.
The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.
Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.
If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten after employment is terminated.