Kaarea’s data protection principles

• As a company, it is of the utmost importance to us that we take care of and respect the rights and privacy of our staff, our customers, our partners and all individuals within our stakeholders’ organisations.
• We are committed to preventing the unauthorised access, misuse, or disclosure of the data we use.
• Our data protection principles and policy are based on the EU’s General Data Protection Regulation (EU) 2016/679 and on the Finnish Data Protection Act.
• Executive management monitor and take responsibility for the fulfilment of the obligations set by the GDPR in all of our operations and support the work of the data protection coordinator.

Personal data processing

Personal data processing is based on the data subject’s consent, an agreement, or another legal basis. We aim to ensure the accuracy of the data we use, and update the data using details provided by the data subject or obtained from reliable sources.

Personal data is processed solely for legitimate purposes and only to the extent and duration required for those purposes. The data is used for the purposes specified at the time of collection and within the boundaries set by applicable law.

Once the data is no longer necessary for its intended use, it is destroyed securely in accordance with company policy.

Data is only disclosed solely on the grounds expressly communicated or required by law, and only to the recipients who have been specifically identified or are legally entitled to receive the data.

Data may be transferred outside the controller’s country of residence if the applicable legislation so allows, and if compliance with data protection regulations has been ensured through contractual arrangements. In such cases, all procedures required by the legislation of the respective countries shall be followed.

Contacting us

The data subject has the right to access the information held about them in the data file and to request the rectification of any inaccurate, incomplete or outdated data. The controller may charge the data subject for the actual administrative costs arising from repeated access requests. Requests for rectification and erasure are not subject to this fee. Access and rectification requests must be addressed to the contact person for the personal data file, either by visiting in person or by sending a signed letter or other verifiable document to confirm the requesting party’s right to make the request. Other inquiries and additional information can be directed to tietosuoja@kaarea.fi or by post to Kaarea Oy, Tietosuojakoordinaattori, PL 180, 20101 Turku, Finland. Responses to requests for access will be provided within one month of the request.
 

Scope of application

The data protection principles shall apply to all of Kaarea’s operations.
 

Changes to the data protection principles

The data protection coordinator is responsible for updating the data protection policy, and changes are approved by the management team. If any changes are made to our data protection policy, we will publish the changes and their effective date on our website and inform our employees.

• Cookie Policy
• Personal data processing
  • Privacy policy for the customer register
  • Privacy policy for the feedback register
  • Privacy policy for the HR register
  • Privacy policy for the reporting channel
  • Privacy policy for the marketing and communication register
  • Privacy policy for the supplier register
  • Privacy policy for the job applicant register