PRIVACY STATEMENT
Updated on 17.8.2023
Netum Group Plc (hereinafter referred to as Netum), consisting of Netum Ltd, processes and protects personal data in accordance with the appropriate laws and regulations. This privacy statement presents the situations in which we can process your personal data as well as the principles and procedures we follow when processing personal data.
DATA CONTROLLER
Netum Group Plc
Business ID 2804021-5
Yliopistonkatu 58 B
33100 Tampere
CONTACT INFORMATION
Contact details of the data protection officer: tietosuoja(at)netum.fi, tel. +358 41 5295 555 (switchboard).
Requests regarding the rights of the data subject: tietopyynnot(at)netum.fi.
GENERAL DESCRIPTION OF OUR PRIVACY POLICY
Netum processes personal data in accordance with the applicable legislation, including the EU's General Data Protection Regulation GDPR (2016/679) and this privacy statement.
We take into account requirements set by data protection legislation in all our business operations and expect the same from our subcontractors and other business partners.
We also train our staff about data protection requirements and guidelines to ensure our compliance.
Personal data is, as a rule, collected from the persons themselves.
In some cases, information can be obtained from someone other than the person him/herself. In these cases, the processing of data will be communicated in a suitable context.
WHAT PERSONAL DATA DO WE PROCESS, AND FOR WHAT PURPOSE?
Personal data is any piece of information, or a piece of information combined with other information that allows us to identify a person either directly or indirectly. At Netum, we collect personal data only when necessary and process it only for predefined purposes, specified in more detail below. If the situation requires, personal data may be processed in addition to the situations described below to defend the rights of the company and its personnel and to prepare related legal claims.
JOB APPLICANTS
In connection with our recruiting activities, we process personal data, such as the applicant’s first and last name, email address and telephone number. We also process the following data to the extent to which the job applicants themselves give them to Netum: postal address and home municipality, education and employment history, skills and professional expertise and other data included in the CV, and any other data provided by the applicant also including data in possible appendices.
We can also store the following data during the recruitment process: any suitability assessment for the position applied, communication with the applicant, any data provided by the applicant’s referee, and data on how the recruiting process proceeded and ended.
During recruitment activities, personal data is, as a rule, only collected from the applicants themselves. With the applicant’s consent, data may also be obtained from other sources, such as the applicant’s referees. For more information, see Privacy Statement for Job Applicant Register.
Purposes: This data is used in the recruiting process, in the processing of job applications, in order to remain in contact with the applicant.
Legal basis: Processing of personal data based on the consent of the job applicant.
CLIENTS, SUBCONTRACTORS AND OTHER COLLABORATION PARTNERS
Netum may process the following personal data concerning their clients, subcontractors, or other collaboration partners:
- The person’s identity data: first and last name, person’s position in the organisation, contact details (email address and telephone number),
- contact details of a client or a partner company,
- photo of a person (in publications)
- other data submitted by the person.
This data is used to manage client and partner relationships, to measure customer experience and for marketing, execution, and development of Netum services as well as organising events. We collect personal data of our clients and business partners as a part of our collaboration and agreements. We also collect data from the persons themselves, for example, when people sign up for an event organised by Netum or when they order a newsletter or a bulletin.
For the electronic signing of contracts, we can use software (AtomiSign) where a service provider outside the EEA area processes contacts information. AtomiSign uses the US-based Twilion SendGrid service to send e-mails, where the data (e-mail address, the content of the attachment and message title and, in case of identification by text message, phone number and one-time password) are stored for seven days.
Purposes: As agreed, the data is used to manage the customer and partnership relationship, provide services, measure customer experience and market, implement and develop Netum's services and events. As agreed, the data may be used for Netum publications, customer stories, news, and information and, where appropriate, for investor communications.
Legal basis: The publication and disclosure of information for publication is based on consent. During the contractual relationship, the data will be processed as required by the contractual relationship, based on consent and/or agreement.
OTHER CONTACTS
If a person is in contact with Netum, for example:
- to enquire about our services,
- by making a request for information,
- by downloading a digital guide or a brochure from the website,
- by registering for an event, we have organised, or
- by ordering a newsletter
we can process the following personal data given by the persons themselves: first and last name, email address, telephone number, organisation name including contact details, the person’s position, and any other given information.
Purposes: This information is used to process the contact or other request, to organise events and for communication between Netum and the person. We also use the information to market, provide and develop Netum services and events.
Legal basis: Informed consent in the context
VISITING THE OFFICE
We process access control data and video or other image material for safety purposes about persons who move in camera-monitored areas within Netum premises. This material is recorded with date and time stamps. Video surveillance in these areas is indicated with signs. From those who visit the premises, we collect the name and the company/organization of the visitor.
Purposes: The purpose of access control and camera surveillance is to protect Netum, and the property of customers located at Netum's premises, to prevent misuse and crime, and to assist in the investigation of alarms, misuse and suspected crime that have already occurred. In addition, the purpose of the surveillance is to ensure and enhance the security of Netum staff and customers.
Legal basis: The processing is based on the legitimate interest of the controller and on a legal obligation relating, inter alia, to the Occupational Safety and Health Act (738/2002) and the regulations on classified information.
VISITING THE WEBSITE
Anyone visiting the Netum website will be notified of the cookies being used. The collection of non-essential information can be controlled by the visitor through the management of their own consent. Necessary cookies ensure the functionality, usability, and security of the website. When consent is requested, the purposes for which cookies are used are explained in relation to the functionality of the website, statistics, and marketing. A functional cookie can, for example, be related to watching a video. First-party cookies are only used by Netum. Third-party cookies require the consent of the visitor to the website, and Netum has no control over the conditions associated with them. Data may also be processed outside the EEA.
On Netum's website, you can fill in contact forms, which will be processed as described in this Privacy Policy. The use of the website generates a log of transactions, and the IP address may be stored if the user's browser allows it.
Netum statistics the use of the website using an open-source service (Matomo). This information is not transferred outside the EEA or for commercial purposes. Netum collects:
- the number of visits to the website,
- which pages have been read,
- the average time spent on the page,
- from which channels or campaigns the pages have been accessed
Purposes: Site maintenance, provision, and development of services as well as marketing planning and development. IP address and site transaction data may be processed to prevent and investigate errors and crimes.
Legal basis: Visiting the site, filling in online forms and allowing cookies is based on consent. The processing is based on a legitimate interest in the maintenance, functionality, design, and development of the website, as well as in the investigation of error situations and abuse.
SOCIAL MEDIA CHANNELS
Netum and social media channels are co-registrars in social media communities. Netum cannot influence all processing purposes. Netum uses the following channels: LinkedIn (Microsoft), X (X, ex Twitter), Facebook (Meta), Instagram (Meta) and Youtube (Google). Netum uses the LinkedIn pixel to measure the effectiveness and profitability of advertising. Otherwise, by clicking on the links of the channels, you will be redirected to the page of the service in question, which has its own privacy policies. Netum uses targeted advertising on social media pages, which means that a social media user can receive Netum advertising based on the area in which you use the service or the interests that Netum targets advertising to. Netum is not able to link such targeting to the individuals who receive the advertising.
Channels allow Netum to manage followers and respond to or comment on comments or posts by individuals. Netum will process the information obtained through social media only for its own purposes and will not store personal information obtained through the channels in any other context without the consent of the service user.
You can restrict the processing of your personal data by removing yourself from the community page by unsubscribing and/or unfollowing or by requesting the deletion of a thread.
Purposes: Marketing planning and development, information sharing, and increasing awareness.
Legal basis: Informed consent in the context
HOW LONG IS PERSONAL DATA PROCESSED?
We regularly assess the necessity of the personal data we store and delete data that is no longer necessary. Examples of storage criteria:
- Customer and partnership data: for the duration of the contractual relationship and in accordance with accounting regulations.
- Website disclosure: approx. 5 years, based on the obligations of a listed company.
- Other publications: evaluated at least every 5 years or removed for other justified reasons, such as when the employee leaves the company or at the request of the consenting party.
- Data on job applicants: see Privacy Statement for Job Applicant Register.
RIGHTS OF THE DATA SUBJECT
You have certain rights regarding your personal data – see details below – that you may exercise by contacting us at tietopyynnot(at)netum.fi.
- Right to access your personal data. You can request Netum to confirm whether we are processing your personal data and a copy of any such data.
- Right to have your personal data rectified and/or erased. You have the right to request us to rectify any incorrect or inaccurate personal data regarding you, and you also have the right to request us to erase your personal data.
- Right to restrict the processing of your personal data. In certain situations, you have the right to request that processing of your personal data is limited.
- Right to object to the processing of your personal data. You may object to certain processing of your personal data if the basis for personal data processing is a legitimate interest of Netum (for example, use of your data for marketing purposes).
- Right to have your personal data transferred to another system. You have the right to obtain your data from Netum in a structured and commonly used format so that you can transfer your data to another controller by sending a request about it to the address given in this privacy statement. This right concerns data in an electronic format and the processing of which is based on consent given by you or in the performance of an agreement.
- Right to withdraw your consent. If the basis for processing your personal data is consent given by you, you may withdraw such consent at any time.
- Right to file a complaint with a supervisory authority. If you consider that our processing of your personal data infringes the GDPR, you may file a complaint by contacting your local supervisory authority. In Finland, the respective supervisory authority is the Data Protection Ombudsman.
COOKIES
PROTECTION OF PERSONAL DATA
At Netum, we protect personal data against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure, or access, or accidental or unlawful destruction of or damage by maintaining appropriate technical and organisational measures. We also constantly improve these measures to protect data. Our information security and related risk management are based on the governance system and information security policy, which is in compliance with the ISO/IEC 27001-2013 structure, as applicable.
Information security operations are led by the Information Security Management Group of Netum. The designated Data Protection Officer and Information Security Manager are responsible for coordinating the operation.
Personal data is processed as confidential information. All persons processing such data are committed to confidentiality and comply with our data protection and information security guidelines.
If the processing of personal data is outsourced to any third parties, we make agreements as required by the data protection legislation with such third parties to ensure that personal data is processed in compliance with this privacy statement and any applicable laws, orders and regulations issued by relevant authorities.
TRANSFER OR DISCLOSURE OF DATA OUTSIDE THE EU OF EEA
Netum does not, as a rule, transfer personal data outside the EU or EEA or disclose it to any outside party.
Some of our collaboration partners within our service processes may be located entirely or partly outside the EU or EEA. In these cases, we ensure by agreements or other legal instruments as required by laws that the transfer of personal data occurs in accordance with the applicable data protection legislation and to ensure an adequate level of data protection.
UPDATING THE PRIVACY STATEMENT
This privacy statement can be updated time-to-time and especially when changes take place in personal data laws or equivalent legislation. The latest version of the privacy statement is available on this website. You can get the previous version by requesting it from tietopyynnot(at)netum.fi.