Privacy Statement

Privacy Statement for Business Kristinestad (Ab Kristinestads näringslivscentral-Kristiinankaupungin elinkeinokeskus Oy)

Data controller

Ab Kristinestads näringslivscentral-Kristiinankaupungin elinkeinokeskus Oy (2373314-3)

Contact information:

Ab Kristinestads näringslivscentral-Kristiinankaupungin elinkeinokeskus Oy
Koulukatu 3, FI-64100 KRS
+358 (0) 40 569 3796
business@krs.fi

Purpose of the processing of personal data

Personal data is processed for the management and administration of the functions and services provided by the website (publishing and editing of job advertisements).

The information will not be disclosed to outsiders.

Categories of personal data processed

Basic information and contact details of the person (first name, surname, email address, telephone number, employer and position)

Lawful sources of information

Personal data is collected from the data subjects themselves.

Personal data storage period

The data is stored for as long and to the extent necessary in relation to the purpose for which the personal data was collected (e.g. customer relationship, offered solutions / services, subscription to newsletters).

The data is stored at least for the period specified in law.

The data is not disclosed to third parties. However, data may be disclosed to the authorities upon request in accordance with the law.

Transfer of data outside the EU or EEA

The principle is that personal data is not transferred outside the EU or the EEA.

The provision of certain products and services requires the transfer of data outside the EU, these services include:

  • Web Analytics: Google Analytics
  • Newsletter: Mailchimp

The basis for transfers are standard clauses approved by the European Commission. We have considered that the transfer of data with respect to these services does not compromise personal data.

Data protection policies

Databases containing personal data are located on a server stored in a locked space accessible only to designated persons who are authorized to access them because of their duties. The server is protected by technology and a proper firewall.

Databases and systems can only be accessed using personal usernames and passwords issued separately. The controller has limited access and permission to use information systems and other storage platforms allowing data only to be viewed and processed by persons needed for their lawful processing.

Employees and other persons connected to the controller have by separate agreement agreed to observe professional of secrecy and to conceal data received in connection with the processing of personal data.

Rights of the data subject

According to the General Data Protection Regulation (GDPR), data subjects have the right

  • to obtain information on and access personal data: The data subject has the right to inspect data related to the data subject and require correction of any inaccuracies and supplementation of the data.
  • to object: The data subject has the right to object to the processing of the data if the data processing has been unlawful or unauthorised.
  • to erasure: The data subject has the right to request the deletion of personal data concerning the data subject to the extent that the data is not necessary for the duties of the controller.
  • to data portability: The data subject has the right to receive the personal data that he or she has provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller.
  • to appeal: The data subject has the right to lodge a complaint with the Data Protection Ombudsman if the data subject considers the processing of their personal data to be unlawful.