Name: Brella Oy
Business ID: 2765076-7
Address: Kivääritehtaankatu 6 C, 40100 Jyväskylä
2) PERSON IN CHARGE OF DATA FILES
Name: Markus Kauppinen
Contact details: email@example.com
3) THE CATEGORIES OF DATA SUBJECTS
3.1) persons who act as contact persons of the organizers;
3.2) persons who use or wish to use the service to attend events as attendees;
3.3) persons who are employed by Brella Oy or seek employment from Brella Oy; and
3.4) other persons who contact Brella Oy via email or through the service.
4) THE CATEGORIES OF PERSONAL DATA
The data files concerning the data subjects of Sections 3.1) – 3.4) may contain the following categories of personal data:
The data files concerning the data subjects of Section 3.1) may also contain the following categories of personal data:
The data files concerning the data subjects of Section 3.2) may also contain the following categories of personal data:
The data files concerning the data subjects of Section 3.3) may also contain the following categories of personal data:
The data files concerning the data subjects of Section 3.4) may also contain the following categories of personal data:
5) PURPOSE OF THE PROCESSING OF PERSONAL DATA
Personal data of the data subjects of Sections 3.1) – 3.4) can be handled for the following purposes:
Personal data of the data subjects of Section 3.1) can also be handled for the following purposes:
Personal data of the data subjects of Section 3.2) can also be handled for the following purposes:
Personal data of the data subjects of Section 3.3) can also be handled for the following purposes:
Personal data of the data subjects of Section 3.4) can also be handled for the following purposes:
Personal data can also be processed by other Brella Oy’s Finnish affiliate companies, if any, in accordance with the Finnish Personal Data Act, the GDPR and the Finnish Data Protection Act.
6) LEGAL BASIS FOR PROCESSING
The controller has the right to process the personal data of the data subjects based on the:
7) REGULAR SOURCES OF INFORMATION
Information regarding the data subjects are regularly gathered:
8) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
The controller shall not store the personal data longer than is necessary, taking into consideration the purpose for the processing of personal data.
If a jobseeker is not chosen for the position she applied for, we shall not store any data of her without her consent. If we do not receive her consent, we destroy her data immediately. If she gives us her consent, we may store her data for six (6) months, after which we will destroy all such data.
The controller inspects monthly the necessity of the personal data stored.
9) CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The recipients of personal data may consist of the following categories:
All other information than information concerning data subjects of Section 3.3) may be disclosed with the data subject’s consent for marketing purposes in accordance with the Finnish Personal Data Act and the GDPR.
10) REGULAR DISCLOSURE OF DATA AND INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA
Information may be transferred and stored to a server outside of EU or the European Economic Area to be processed by the Controller or Controller’s affiliate on Controller’s behalf in accordance with the Finnish Personal Data Act, the GDPR and the Finnish Data Protection Act.
11) DATA SUBJECTS’ RIGHTS
The data subject has a right to use all of the below mentioned rights.
The contacts concerning the rights shall be submitted to the person in charge of the data file stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.
Right to inspect
Having presented the adequate and necessary information, the data subject has the right to know what, if any, data the controller has stored of her/him into this register. While providing the requested information to the data subject, the controller must also inform the data subject of the register’s regular sources of information, to what are the personal data used for and where is it regularly disclosed to.
Right to rectify and erasure
The data subject has a right to request the controller to rectify the inaccurate and incomplete personal data concerning the data subject.
The data subject can request the controller to erase the personal data concerning the data subject, if:
If the controller does not accept the data subject’s request to rectify or erase the personal data, it must give a decision of the matter to the data subject in a written form. The decision must include the reasons for which the request was not granted. The data subject may refer the matter to the relevant authorities (Data Protection Ombudsman).
The controller must inform the party to whom the controller has disclosed the personal data to or has received the personal data from of the rectification or erasure of personal data. However, there is no such obligation where the fulfilment of the obligation would be practically impossible or otherwise unreasonable.
Right to restriction of processing
The data subject can request the controller to restrict the processing of the personal data concerning the data subject where one of the following applies:
If the controller has based the restriction of the processing of personal data on the abovementioned criteria, the controller shall give a notification for the data subject before removing the restriction.
Right to object
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to data portability
The data subject shall have the right to receive the personal data concerning her/him, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to withdraw consent
Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.
12) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.
13) MERGERS AND ACQUISITIONS
In connection with mergers, acquisitions or divestiture of all parts of Brella Oy’s business, the acquiring entity, as well as its business partners will obtain access to data managed by Brella Oy, and this may include personal data. In the aforementioned case, such external parties will enter into a non-disclosure agreement with Brella Oy, which covers the potential disclosure of personal data.
14) DATA PROTECTION PRINCIPLES
Brella Oy uses all reasonable efforts to maintain physical, electronic, and administrative safeguards to protect personal information from unauthorized or inappropriate access, but Brella Oy note that the Internet is not always a secure medium. Brella Oy restricts access to information about data subjects only to the personnel of Brella Oy that need to know the information e.g. for responding to inquiries or requests made by the data subjects.