Updated on 16.11.2022
Netum Group Plc (hereinafter referred to as Netum), consisting of Netum Ltd, Netum Service Channel Ltd, Netum Integrations Ltd and Cerion Solutions Ltd, processes and protects personal data in accordance with the appropriate laws and regulations. This privacy statement presents the principles and procedures we follow when processing personal data.
Netum Group Plc
Business ID 2804021-5
Yliopistonkatu 58 B
Please email any questions and requests related to this statement to tietosuoja[at]netum.fi
Netum processes personal data in accordance with the applicable legislation, including the EU's General Data Protection Regulation GDPR (2016/679) and this privacy statement.
We take into account requirements set by data protection legislation in all our business operations and expect the same from our subcontractors and other business partners.
We also train our staff about data protection requirements and guidelines to ensure our compliance.
WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSE?
Personal data is any piece of information or a piece of information combined to other information that allows us to identify a person either directly or indirectly. At Netum, we collect personal data only when necessary and process it only for predefined purposes, specified in more detail below.
In connection with our recruiting activities, we process personal data, such as applicant’s first and last name, email address and telephone number. We also process the following data to the extent in which the job applicants themselves give them to Netum: postal address and home municipality, education and employment history, skills and professional expertise and other data included in the CV, and any other data provided by the applicant including also data in possible appendices.
We can also store the following data during the recruitment process: any suitability assessment for the position applied, communication with the applicant, any data provided by the applicant’s referee, and data on how the recruiting process proceeded and ended.
This data is used in the recruiting process, in processing of job application, in order to remain in contact with the applicant, and in supporting employee induction.
During recruitment activities, personal data is, as a rule, only collected from the applicants themselves. With the applicant’s consent, data may also be obtained from other sources, such as the applicant’s referees.
CLIENTS, SUBCONTRACTORS AND OTHER COLLABORATION PARTNERS
Netum may process the following personal data concerning their clients, subcontractors or other collaboration partners: first and last name, person’s position in the organisation, contact details (email address and telephone number), contact details of a client or a partner company, other data submitted by the person, and IP address. This data is used to manage client and partner relationships, to measure customer experience and for marketing, execution and development of Netum services as well as organising events. We collect personal data of our clients and business partners as a part of our collaboration and agreements. We also collect data from the persons themselves, for example when people sign up for an event organised by Netum or when they order a newsletter or a bulletin, or visit Netum website.
We also process video and image material for safety purposes about persons who move in camera-monitored areas within Netum premises. This material is recorded with date and time stamps. Video surveillance in these areas is indicated with signs.
If a person is in contact with Netum, for example to enquire about our services, by registering for an event we have organised or by ordering a newsletter, we can process the following personal data given by the persons themselves: first and last name, email address, telephone number, organisation name including contact details, the person’s position and any other given information.
This information is used to process the contact or other request, to organise events and for communication between Netum and the person. We also use information to market, provide and develop Netum services and events.
Personal data is, as a rule, collected from the persons themselves. Information can also be collected from the use of Netum website by cookies – see more information under Cookies – and from registers created by our marketing partners.
WHAT IS PROCESSING OF PERSONAL DATA BASED ON?
When we use personal data for the above purposes, this takes place primarily based on Netum’s legitimate interest, and in certain cases based on legal obligation.
The basis of processing, in addition to or instead of the above, may also be consent given by a person or an implementation of an agreement between Netum and a person, in which case personal data will be processed to fulfil the purpose and obligations of such consent/agreement.
HOW LONG IS PERSONAL DATA PROCESSED?
We only process personal data for as long as we have a legal right or obligation to do so. We assess the necessity of personal data in our possession regularly and delete any data that is no longer needed for the purposes described above in this statement.
RIGHTS OF THE DATA SUBJECT
You have certain rights regarding your personal data – see details below – that you may exercise by contacting us at tietopyynnot[at]netum.fi
- Right to access your personal data. You can request Netum to confirm whether we are processing your personal data and a copy of any such personal data
- Right to have your personal data rectified and/or erase. You have the right to request us to rectify any incorrect or inaccurate personal data regarding you, and you also have the right to request us to erase your personal data.
- Right to restrict the processing of your personal data. In certain situations, you have the right to request that processing of your personal data is limited
- Right to object to the processing of your personal data. You may object to certain processing of your personal data if the basis for personal data processing is legitimate interest of Netum (for example, use of your data for marketing purposes)
- Right to data portability. You have the right to obtain your data from Netum in a structured and commonly used format, so that you can transfer your data to another controller, by sending a request about it to the address given in this privacy statement. This right concerns data in an electronic format and the processing of which is based on consent given by you or in performance of an agreement.
- Right to withdraw your consent. If the basis for processing your personal data is a consent given by you, you may withdraw such consent at any time
- Right to file a complaint with a supervisory authority. if you consider that our processing of your personal data infringes the GDPR you may file a complaint by contacting your local supervisory authority. In Finland, the respective supervisory authority is the Data Protection Ombudsman.
PROTECTION OF PERSONAL DATA
At Netum, we protect personal data against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage by maintaining appropriate technical and organisational measures. We also constantly improve these measures to protect data. Our information security and related risk management are based on the governance system and information security policy, which is in compliance with the ISO/IEC 27001-2013 structure, as applicable.
Information security operations are led by the Information Security Management Group of Netum. Appointed Data Protection Officer and Chief Information Security Officer co-ordinate these operations.
Personal data is processed as confidential information. All persons processing such data are committed to confidentiality and comply with our data protection and information security guidelines.
If processing of personal data is outsourced to any third parties, we make agreements as required by the data protection legislation with such third parties to ensure that personal data is processed in compliance with this privacy statement and any applicable laws, orders and regulations issued by relevant authorities.
TRANSFER OR DISCLOSURE OF DATA OUTSIDE THE EU OF EEA
Netum does not, as a rule, transfer personal data outside the EU or EEA, or disclose it to any outside party.
Some of our collaboration partners within our service processes may be located entirely or partly outside the EU or EEA. In these cases, we ensure by agreements or other legal instruments as required by laws that the transfer of personal data occurs in accordance with the applicable data protection legislation and to ensure an adequate level of data protection.
UPDATING THE PRIVACY STATEMENT
This privacy statement can be updated time-to-time and especially when changes take place in personal data laws or equivalent legislation. The latest version of the privacy statement is available on this website.