Privacy statement

This is the Register and Privacy Statement of Craftman Oy, in accordance with the EU General Data Protection Regulation (GDPR).

 

Registrar

Craftman Oy (Business ID 2421301-9), Louhimontie 10 A 5, 90630 Oulu, +358400156425, www.craftman.fi.

Personal data controllers

CEO: Jari Kähkönen, +358400156425, jari.kahkonen@craftman.fi

COO: Miika Heikkinen, +358400153726, miika.heikkinen@craftman.fi

Name of the register

Craftman Oy’s customer and job applicant register

Data subjects

The register contains data of Craftman Oy’s job applicants, customers and potential customers.

Purpose of use of personal data

Implementation, development and marketing of services provided by Craftman Oy as well as the recruitment of employees.

Personal data recorded in the register

The following data subject information can be collected for the register:

  • The data subject’s basic information such as: name, date of birth, contact details and professional title.
  • Information about the data subject’s education, professional experience and competence.
  • Job application, CV, photo and any other applicant information submitted to Craftman Oy.
  • Information related to providing services and handling customer relationships such as contact, billing, order and shipping information.
  • Information about the Craftman Oy website visitor online behaviour.
  • Information deemed necessary for marketing and sales promotions, such as customer feedback and newsletter recipient statistics.
  • Other customer or job applicant information collected with separate consent.

Information sources

The information processed in the register is primarily collected from data disclosed to Craftman Oy, data processed through services, and data provided through customer relationship management. Data describing online behaviour is automatically stored in the register through use of the website www.craftman.com.


Disclosure of data

Data collected in the register shall not be disclosed to third parties for marketing purposes without separate consent of the data subject. With the consent of the job applicant, information provided by applicants and other information with relevance to the recruitment process, such as education and skills, may be handed over to a client company of Craftman Oy, to which a job applicant is referred. Personal data stored in the register may also be disclosed to authorities with a statutory right to obtain information from the register.

Transfer of data outside the European Union (EU) or European Economic Area (ETA)

Personal data is not transferred outside the EU or the EEA.

Registry protection and retention of personal data

The information contained in the register is kept from external parties, in a locked state, protected by a password and username. Only those Craftman Oy internal employees, whose job description entitles them to process customer data, are entitled to process the register data. When processing the data, these employees must adhere to the content of this Privacy Statement and keep the information confidential from third parties. Unnecessary and irrelevant information will be discarded from the register in an appropriate manner. The information contained in the register will be disposed of at the latest when the information no longer serves the purpose of the personal data of this Privacy Statement.


The right of inspection  

According to the Personal Data Act, everyone has the right to inspect their own data stored in a personal register or determine no data about him or her is stored in a register. The controller shall, upon request, provide the above information in writing. The applicant requesting inspection of data must verify his or her identity and the request must be sent to the registrar in writing The request for inspection of data is free of charge at most once a year (12 months).

Right to rectification

Every data subject has the right to claim rectification of inaccurate data or have incomplete data completed. The applicant requesting rectification or completion of data must verify his or her identity and the request must be sent to the registrar in writing. The request should also identify faulty and corrected data.