Data Protection Notice for the Medikumppani Oy Personnel Register
Date: 3 August 2021
1. DATA CONTROLLER
Business ID: 1595673-4
Hämeenkatu 30 C 32
20700 Turku, Finland
2. REGISTER CONTACT PERSON
3. REGISTER NAME
Medikumppani Oy Personnel Register
4. PURPOSE AND BASIS OF THE REGISTER
Medikumppani Oy uses the personnel’s personal data for personnel administration and employment matters and the related employer obligations.
The basis for processing personal data is the employment relationship between Medikumppani Oy and its employees. Other reasons include a commission given to Medikumppani Oy, employee’s consent or other appropriate reason.
Medikumppani Oy does not outsource personal data processing to companies in the same group. Medikumppani Oy may outsource personal data processing to third-party service providers according to and within the limits of applicable data protection legislation.
5. REGISTER’S DATA CONTENT AND PERSONAL DATA GROUPS
The groups of persons whose personal data may be processed comprise the employees of Medikumppani Oy.
The register contains data belonging to the above group which are necessary for the purpose of the register. These data include basic personal information (name, date of birth, personal identity number, address, email address, telephone number, etc.), employment information (start and end date, position, customer feedback, etc.), education and professional skills, health insurance number, health-related information, emails, payroll data (amount of salary, fringe benefits, tax and other withholding data, debt recovery information, accounting data, etc.), tracking of working hours and annual leave information. Medikumppani Oy also processes other identifying information about the data subject, such as ID certificate, next of kin, IP address and other information related to Internet use, as well as changes to the aforementioned information. With regard to specific groups of data, Medikumppani Oy also processes personnel’s personal data related to trade union membership and criminal record data of those working with children.
6. STORAGE PERIOD OF PERSONAL DATA
Medikumppani Oy stores personal data in its Personnel Register until there is no legal basis for keeping the data.
7. REGULAR SOURCES OF DATA
Medikumppani Oy collects data primarily from the employees personally. Medikumppani Oy may also collect personal data, with the employee’s consent, through evaluation of performance and professional competence based on the employee’s feedback and feedback from the client company.
8. PERSONAL DATA RECIPIENTS AND REGULAR TRANSFERS
Medikumppani Oy regularly discloses personal data to client companies, pension companies, insurance companies, the tax administration, employers’ federations, etc.
Medikumppani Oy does not disclose personal data to third parties other than the companies in the same group and to authorities for legal reasons in accordance with data protection legislation and the limits set by it.
Personal data may be transferred or disclosed to parties involved in the production, development or maintenance of Medikumppani Oy’s services and communications, or to a party operating on behalf of Medikumppani Oy, for example in a server environment. In this case, however, personal data are in fact used only by Medikumppani Oy’s employees (e.g. when compiling newsletters).
9. DATA TRANSFER OUTSIDE THE EUROPEAN UNION (EU) OR THE EUROPEAN ECONOMIC AREA (EEA)
As a rule, personal data are not transferred outside the EU or EEA, but it may be possible, for example, when Medikumppani Oy uses subcontractors to process the data. Personal data are not disclosed to parties other than those involved in the production, development and maintenance of the services and communications of the contractual partners providing Medikumppani Oy’s services, except on the basis of an agreement or other consent. Transfers are always made in accordance with data protection legislation and the limitations thereof.
Data are also disclosed to authorities for legal reasons, such as in the investigation and prevention of misconduct.
If we use non-EU services, we will only use Privacy Shield certified service providers who are committed to complying with the EU General Data Protection Regulation by signing a Privacy Shield agreement (including Google Analytics).
10. REGISTER PROTECTION PRINCIPLES
Medikumppani Oy has taken appropriate technical and organisational measures to protect personal data from accidental or unlawful loss, disclosure, misuse, alteration, destruction, or unauthorised access.
Medikumppani Oy stores personal data in printed and digital form. Any printed material is kept in a locked room, which can only be accessed by persons who have been specifically authorised to do so. Digital material can be accessed only with a personal username and password of an authorised employee or partner. There are different levels of access, and each user is given sufficient, but limited access, depending on the task. Unauthorised access to the Personnel Register is also prevented with firewalls and other technical protection. Information on employee health is kept separate from other personal data. All register users are bound by confidentiality. Backup copies of the register are made regularly, and the data can be restored if necessary.
11. DATA SUBJECTS’ RIGHT TO OBJECT TO PERSONAL DATA PROCESSING (RIGHT TO OBJECT)
Data subjects have the right to object to Mediakumppani Oy’s processing measures on grounds related to their particular situation insofar as the data processing is based on employment with Medikumppani Oy. Data subjects may present their objection as stated in section 13 of this notice. Data subjects must specify in their objection the data which are not to be used. However, Medikumppani Oy may deny the objection due to legal reasons.
12. DATA SUBJECTS’ OTHER PERSONAL DATA PROCESSING RIGHTS
12.1. Right of access
Apart from the exceptions laid down in the Personal Data Act, data subjects are entitled to access and check their personal data stored in the Mediakumppani Oy Personnel Register. They must make their request for access in accordance with section 13 of this notice. The right of access may be denied due to legislative reasons. As a rule, right of access is free of charge.
12.2. Rectifying and erasing data or restricting processing
If a data subject notices or is informed about an error in the register, (s)he must, without undue delay and on his/her own initiative, rectify, erase, or supplement the incorrect information.
Data subjects should make a request for rectification to Medikumppani Oy according to section 13 of this notice.
Data subjects have the right to restrict the data controller from processing personal data, for example when waiting for a response to a request for rectification or erasure of their data.
12.3. Data subjects’ right to data portability and right to lodge a complaint with the supervisory authority
Insofar as the data subject has personally provided Medikumppani Oy with personal data, which are processed in the Personnel Register with the data subject’s consent, the data subject has the right to access such information, primarily in electronic format, and the right to transfer the information to another register.
If the data controller has not complied with the applicable data protection regulations, the data subject has the right to lodge a complaint with the competent supervisory authority.
12.4. Other rights
If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw his or her consent by notifying Medikumppani Oy in accordance with section 13 of this notice.
Data subjects should contact Medikumppani Oy in all personal data processing matters and in exercising their personal data rights by post at the following address: Medikumppani Oy / Henkilörekisterit, Hämeenkatu 30 C 32, 20700 Turku, Finland. If necessary, Medikumppani Oy may ask the data subject to provide further details in writing about a request. Medikumppani Oy may request verification of the data subject’s identity, as needed, before other measures are taken.