Brella Oy's General Privacy Notice
With this Brella Oy’s General Privacy Notice we provide you information on why and how we process your personal data in our in our general business operations (not including Brella service).
If you would like to know how we process personal data in our Brella service, please have a look at our Brella Service’s Privacy Notice.
1. WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?
Controller means a party that is in charge of the personal data processing activities.
Data subject is a term for a human being in accordance with data protection laws.
DPO means an independent representative of a controller or a processor who helps the controller or the processor ensure that it complies with relevant data protection laws.
Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.
Personal data means any data concerning a data subject or data with which a data subject can be identified with.
Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.
Processor means a party that processes personal data for and on behalf of the controller.
Purpose for processing means the reason why the controller processes personal data of a data subject.
2. WHO IS THE CONTROLLER AND/OR JOINT CONTROLLER FOR YOUR DATA?
Brella Ltd. (business ID: 2765076-7) is the controller for all personal data referred to in this Privacy Notice unless otherwise explicitly stated. We are located at Kivääritehtaankatu 6 C, 40100 Jyväskylä.
Our US-based entity Brella Inc. is a joint controller with Brella Ltd. for the personal data that needs to be processed by Brella Inc. (e.g. communications with Brella Inc.).
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process personal in our general business operations to carry out business relationships, recruiting, communications and website control. We process contact details, IP addresses and other data disclosed to us by the data subjects.
Our legal basis for processing personal data depends on the purpose for which we process personal data. Therefore, our legal basis is the performance of a contract in contractual matters, our legitimate interests in recruiting as well as communications and consent in ePrivacy matters (basically meaning cookies).
4. FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data from different sources, depending on our purposes for processing personal data. In our business relationships we collect personal data from the contact person of our business partner, our other business partners and public sources (such as the internet and trade register). In other matters we collect personal data from the data subject themselves as well as the means by which they disclose data to us (e.g. LinkedIn or cookies).
5. DO WE TRANSFER YOUR PERSONAL DATA?
We may transfer your personal data to third party service providers, as it is a normal course of doing business in a digitalized world (i.e. data storage service providers and communications services providers). When personal data is transferred to third parties, we ensure that we conclude adequate personal data processing agreements and safeguards in relation to the data transfers.
As our servers are located within the EU, by default we shall not transfer your personal data outside the EU/EEA. However, if you use our service outside the EU/EEA or to transfer personal data outside the EU/EEA we may transfer personal data outside the EU and the EEA. When doing so, we ensure adequate safeguards for the data transfer, such as standard contractual clauses.
6. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
The retention period of personal data depends on the purposes for which we process personal data. We inspect the necessity of the personal data stored regularly and keep records of the inspections.
We retain personal data for contractual purposes for as long as it is necessary to fulfil the contractual obligations, recruiting purposes for a period of 12 months from the receival day of the job application and other purposes for as long as it is necessary to fulfil the purpose of data processing.
7. WHAT DATA PROTECTION RIGHTS DO YOU HAVE?
You may have the right to use the below listed data protection rights under the GDPR:
- Right to inspect (art. 15)
- Right to rectify (art. 16)
- Right to erasure (art. 17)
- Right to restriction of processing (art. 18)
- Right to data portability (art. 20)
- Right to object (art. 21)
- Automated individual decision-making, including profiling (art. 22)
If you would like to use your rights or inquire something about data protection, please be in touch with our DPO at firstname.lastname@example.org.
You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws.
8. HOW CAN YOU DELETE YOUR DATA FROM BRELLA?
You can request for your personal data to be deleted from Brella by contacting our DPO at email@example.com.
9. WHO CAN YOU CONTACT? DOES BRELLA HAVE A DPO?
We have a DPO, who you can reach by e-mail at firstname.lastname@example.org.
In case you have any questions related to your personal data, please be in contact with our acting DPO.
10. CAN THIS PRIVACY NOTICE BE AMENDED?
We have a unilateral right to modify this Privacy Notice. The modifications take effect immediately when we post the up-to-date version of our Privacy Notice to our website.
Last update on 18 November 2021.