Privacy Statement
Päivitetty 24.8.2022
Data protection with Secure Cloud
Secure Cloud’s business is cyber security services. Protecting and processing the personal data of our customers and employees in accordance with best practices and existing regulations is of outmost importance to us.
In this statement, we describe how we collect personal data, what personal data and for what purposes we collect it, how we protect and process the personal data we collect, where we can disclose personal data and what rights individuals have to influence the processing of their personal data.
Collection of personal data
We collect and process only personal data that we need for conducting our business, for offering effective customer service or properly targeted commercial activities. The personal data we collect is general personal data. We do not collect sensitive or special categories of personal data.
We collect information from our customers and potential customers in our contact register, e.g. from our website, messages sent from our website, by e-mail, by phone, through social media services, contracts, customer meetings and other situations where the customer discloses information. We also collect personal data when a person participates in marketing contests, campaigns, events, raffles etc. in connection with registration or in any other similar way (for example by using cookies) from the registered person with his/her consent.
Personal data can also be collected and updated from other public, private or commercial registers and sources such as trade register, population register, company websites or public news.
Personal information we collect
We collect and store in our register only information related to our business, employment or recruitment. Such personal data include, for example, the person’s name, position, company/organization, contact information (phone number, e-mail address, address), website addresses, user-IDs/profiles in social media services, information related to direct marketing such as permits, prohibitions and interests, using cookies to use our website related information (more information on the use of cookies – link), information about ordered services and changes in them, invoicing information, banking contact information, work history and skills reported by job seekers, interests of the client or job seeker, e.g. related to technology, task area, event or similar, as well as other information related to the customer relationship and ordered services.
Basis of personal data processing
The legal basis for our personal data processing is the person’s consent, an agreement in which the registered person is a party to the agreement as a representative of an organization acting as a representative, or a so-called legitimate interest (e.g. an existing or potential customer relationship with the person or the person’s employer, a potential employment relationship, membership, participation in an event, competition or lottery).
The purpose and basis of personal data processing is the marketing and business development of Secure Cloud’s services, communication with current and potential customers, current or potential partnership or other relationship based on cooperation and the maintenance of this relationship. In addition to these, information related to potential employees and recruitment can be stored in the register.
Jobseekers’ information is deleted regularly when the information no longer is necessary or essential or when the law so requires.
Disclosure of personal data and transfer of data outside the EU or EEA
Secure Cloud can disclose personal data within the limits permitted and required by the applicable legislation. We produce some of our services in cooperation with our partners. In order to implement, operate or improve the quality of these services, we may disclose your personal data to our partner who offers the service, also outside the EU or EEA. When using partners, we ensure that when processing personal data, they follow our data protection principles and process the data with care and confidence, and do not pass it on.
Services for which your personal data is disclosed or processed by a third party can be, for example, connecting data security services to the business customer’s existing services or applications, devices, network or infrastructure. Secure Cloud uses available means to anonymize personal data in the services of its partners as well as in service management user interfaces, data warehouses, reports and the like.
In some of the services, using the service requires that your employer as a business customer and/or you as the end user accept the service provider’s data protection principles or terms before using the service. Such third parties process your information as independent data controllers for their own purposes and in accordance with their own privacy policies.
In limited situations, certain authorities, such as the Finnish Transport and Communications Agency, the data protection authority or the police, have the right to request the release of personal data in order to carry out their statutory activities. We provide personal data to authorities or other parties only with the decision of a competent authority or a court within the limits allowed by law.
Information can be published to the extent agreed with the customer.
Principles of personal data protection
We exercise special care in processing personal data. We make sure that stored data and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is. The personal data we collect and access is protected by appropriate organizational and technical security procedures. Register data can also be stored and processed in internet-based services. In this case, personal data can also be stored outside the EU or EEA. When registry data is stored on Internet servers, their digital data security is taken care of appropriately.Checking and correcting personal data
Every person in the register has the right to check their information stored in the register and have any incorrect information corrected or incomplete information completed. Those registered also have the right to request that their data is deleted from the register and to object to or limit the processing of their personal data. All given consents related to the processing of personal data can also be revoked if needed.
If a person wants to check the information stored about him or her, or demand corrections, the request should be sent in writing to the representative of the data controller mentioned below in this statement. In this context, we verify the identity of the requester. We respond to requests for information within the time stipulated in the EU Data Protection Regulation (generally within a month).