The Data Controller, CTS Engtec, processes personal data in compliance with data protection legislation, including the general data protection regulation (679/2016) of the European Union and the Data Protection Act (1050/2018).

Data Controller

CTS Engtec (y-tunnus: 2133526-4)

Kaikukatu 7
45100 Kouvola
puh. +358 10 759 7100
info@ctse.fi

Purpose of use of personal data

Personal data are processed for the purposes of customer relations management, marketing, recruitment-related, or other comparable addressed messaging. The data may be analysed and processed for improved targeting of marketing messages to the data subject.

Personal data groups processed

The register contains information on the following persons:

  • The Data Controller’s customers, the customers’ representatives and contact persons
  • Representatives and contact persons of the Data Controller’s contractors and suppliers
  • Project stakeholders
  • Job seekers

Register data

The following register data necessary from the viewpoint of intended use are processed:

  • Name
  • E-mail address
  • Telephone number
  • Party represented
  • Additional data provided by the data subject, such as job application information and information provided through the website contact form
  • Any changes to the data listed above.

Regular sources of register data

Personal data are mainly acquired from the following sources of information:

  • Directly from the data subject for customer relations management.
  • Directly from the data subject as part of other co-operation relations.
  • Customer self-registrations and communications related to participating in the Data Controller’s electronically arranged marketing campaigns, online surveys and communications, information kit downloads, or filling of job applications, which uses the LAURA™ Recruitment Software.
  • Public/freely accessible sources (such as the Internet and Trade Register).

Personal behavioural data

  • Online visits to CTS Engtec´s website (IP address, browser, time, page visits, and cookie information).
  • Person’s activities on the CTS Engtec website (entry of data into forms on the website and downloading data from the site).
  • Receipt of communications (e-mails, SMS messages) from CTS Engtec and reaction thereto.
  • LAURA™ Recruitment Software.

Disclosure and transfer of information

In principle, the Data Controller will not disclose personal data of data subjects to third parties (with the exception of the project’s customer), unless if this is legally requested by the authorities or if mandatory legislation so requires. In addition, the Data Controller will use reliable service providers for technical implementation of the services, which process personal data on behalf of the Data Controller.

In principle, personal data are not transferred outside the European Union or the European Economic Area. Any transfers of personal data are always carried out in accordance with applicable data protection legislation.

Personal data retention period

The Data Controller will process and retain personal data only for as long as is necessary from the viewpoint of the intended use of the personal data. Any personal data that are no longer required and the storage and processing of which by the Data Controller is no longer justified will be deleted at regular intervals in accordance with the data protection legislation in force and pursuant to the Data Controller’s own data protection procedures.

At LAURA™ Recruitment Software, job application information is retained for 356 days from the date of application or the last update. Data may be processed longer than this, for example if the data subject has been selected as an employee or deputy of the organization.

Register protection and processing of personal data

The databases associated with the register are protected by firewalls, passwords and other technical means generally accepted in the field of information security. Databases, database back-ups and manually maintained documentation are kept in locked premises. Destruction of documentation containing personal data is carried out in keeping with information security.

Only identified employees of the Data Controller and companies operating on its mandate and behalf can have access to the data contained in the register, based on personal right of use granted by the Data Controller.

The Data Controller periodically inspects its personal data processing procedures and the systems and equipment used therein; this includes evaluation of the risks related to personal data processing activity, for example, when introducing new technology.

Rights of the data subject

A data subject has the following rights applicable on a case-by-case basis:

Right of access to personal data: A data subject has the right to receive confirmation from the Data Controller on whether the data subject’s personal data are being processed or not. If the data subject’s personal data are being processed, the subject has the right to access the data.

Right to request correction, deletion, or restriction of processing of the data: A data subject has the right to request from the Data Controller correction of inaccurate data or deletion of some of the personal data concerning the data subject, or request restriction of the processing on basis laid down by law.

Right of objection: A data subject has the right to object to the processing of the subject’s personal data under special circumstances, if the Data Controller processes the personal data based on legitimate interest.

Right of complaint submission to the supervisory authority: In Finland, the supervisory authority is the Office of the Data Protection Ombudsman; visit www.tietosuoja for contact information and instructions.

To exercise your rights as a Data Subject, please contact the Data Controller by sending an e-mail to the address info@ctse.fi.

We will do our best to respond as soon as possible and provide additional instructions or ask further questions regarding your request. Prior to meeting your request, we have the right and obligation to verify your identity, which means that it must be possible for us to identify you in an adequate manner. If your request is clearly unfounded or unreasonable, we may either charge you a reasonable fee based on administrative costs for meeting the request or refuse to take the action requested.