The Data Controller, CTS Engtec, processes personal data in compliance with data protection legislation, including the general data protection regulation (679/2016) of the European Union and the Data Protection Act (1050/2018).
CTS Engtec (y-tunnus: 2133526-4)
puh. +358 10 759 7100
Personal data are processed for the purposes of customer relations management, marketing, recruitment-related, or other comparable addressed messaging. The data may be analysed and processed for improved targeting of marketing messages to the data subject.
The register contains information on the following persons:
The following register data necessary from the viewpoint of intended use are processed:
Personal data are mainly acquired from the following sources of information:
In principle, the Data Controller will not disclose personal data of data subjects to third parties (with the exception of the project’s customer), unless if this is legally requested by the authorities or if mandatory legislation so requires. In addition, the Data Controller will use reliable service providers for technical implementation of the services, which process personal data on behalf of the Data Controller.
In principle, personal data are not transferred outside the European Union or the European Economic Area. Any transfers of personal data are always carried out in accordance with applicable data protection legislation.
The Data Controller will process and retain personal data only for as long as is necessary from the viewpoint of the intended use of the personal data. Any personal data that are no longer required and the storage and processing of which by the Data Controller is no longer justified will be deleted at regular intervals in accordance with the data protection legislation in force and pursuant to the Data Controller’s own data protection procedures.
At LAURA™ Recruitment Software, job application information is retained for 356 days from the date of application or the last update. Data may be processed longer than this, for example if the data subject has been selected as an employee or deputy of the organization.
The databases associated with the register are protected by firewalls, passwords and other technical means generally accepted in the field of information security. Databases, database back-ups and manually maintained documentation are kept in locked premises. Destruction of documentation containing personal data is carried out in keeping with information security.
Only identified employees of the Data Controller and companies operating on its mandate and behalf can have access to the data contained in the register, based on personal right of use granted by the Data Controller.
The Data Controller periodically inspects its personal data processing procedures and the systems and equipment used therein; this includes evaluation of the risks related to personal data processing activity, for example, when introducing new technology.
A data subject has the following rights applicable on a case-by-case basis:
Right of access to personal data: A data subject has the right to receive confirmation from the Data Controller on whether the data subject’s personal data are being processed or not. If the data subject’s personal data are being processed, the subject has the right to access the data.
Right to request correction, deletion, or restriction of processing of the data: A data subject has the right to request from the Data Controller correction of inaccurate data or deletion of some of the personal data concerning the data subject, or request restriction of the processing on basis laid down by law.
Right of objection: A data subject has the right to object to the processing of the subject’s personal data under special circumstances, if the Data Controller processes the personal data based on legitimate interest.
Right of complaint submission to the supervisory authority: In Finland, the supervisory authority is the Office of the Data Protection Ombudsman; visit www.tietosuoja for contact information and instructions.
To exercise your rights as a Data Subject, please contact the Data Controller by sending an e-mail to the address firstname.lastname@example.org.
We will do our best to respond as soon as possible and provide additional instructions or ask further questions regarding your request. Prior to meeting your request, we have the right and obligation to verify your identity, which means that it must be possible for us to identify you in an adequate manner. If your request is clearly unfounded or unreasonable, we may either charge you a reasonable fee based on administrative costs for meeting the request or refuse to take the action requested.