Data Protection

We are committed to protecting your personal data, and as a data controller we process this data securely. We wish to be your reliable partner when it comes data stored in our services, and we strive for openness regarding what data and in which way it is processed and stored in Suomen Tilaajavastuu Oy’s services.

To make it easier for you to find relevant information, we have organised the data according to your role. For additional information regarding the data contained in our services, please see our service-specific privacy notices.

Tietosuoja

Users of our website and services

Version 23 May 2018

Users of our website and services

How do we collect personal data?

When you use our website or services provided by Suomen Tilaajavastuu Oy, we collect your personal data as described in this document. For more detailed information, please see our privacy notices.

Basis for and purpose of processing

The legal basis for personal data processing is the legitimate interest of the controller or fulfilling a contract made with the controller. We collect data in connection to making a contract, i.e. when you purchase our services and/or register as a user of our services. We also collect data during the validity period of the contract. Data is also received from other controllers and public sources.

We use personal data in the marketing and sale of STV’s services and for customer relationship management, invoicing, provision of customer support services, user rights monitoring, and service development. Personal data processing also includes processing and analysing the data concerned for targeted marketing and service production. For example, we can show customers targeted messages or content on our website, or channels based on their previous interests.

We will principally collect personal data from the data subjects themselves when they contact us and use our services. We also collect data on our customers and their contact persons from public sources and registers.

We use web analytics services to collect visitor data on our website in order to analyse and develop our web resources, as well as target relevant marketing and customer communications to visitors.

We typically receive the following information directly from the contact persons of our customers:

  • Name of the customer company, first and last name of the contact person, work email address, telephone number
  • Permissions and/or bans on the contact person in electronic direct marketing and customer communications
  • Classification data provided by the contact person (e.g. interests)
  • Information provided on contact forms
  • Customer feedback data, contact messages, and consents
  • We also collect the data of our potential customers when they participate in competitions, lotteries, customer events, or fairs.

We will process, for example, the following personal data of the user in connection with the use of services and websites:

  • IP address or other ID
  • Subscription, invoicing, and delivery data
  • Data collected through cookies
  • Data collected on the use of STV’s online services
  • Data collected on the use of STV’s Customer Service channels

The following data on the user in particular is received from other sources:

  • Data related to the use of social media, such as LinkedIn, Facebook and Twitter, e.g. ‘liking’ our website
  • We collect browsing data such as the user’s IP address and browsing history when people visit our website. Monitoring is based on the use of cookies. Personal data is principally collected from the data subjects themselves when they contact us and use our services.
  • We collect visitor data on our website in order to analyse and develop our website as well as target relevant marketing and customer communications to visitors.
  • We can also collect your personal data based on your separately given consent.
  • In order to develop our service to customers, we record calls made to and chats with our Customer Service.

Storage period of personal data

Personal data contained in the customer and marketing communication register is stored for as long as STV will need it for the above purposes.

Storage periods of data related to customer relationship management:

  • recordings of chats with Customer Service: three months
  • recordings of telephone conversations with Customer Service: seven months
  • details on the customer’s contact person related to customer relationship management: for as long as the data subject is the contact person of the customer concerned or for as long as STV stores the history data of the service used by the customer

Company’s registered responsible person (Reliable Partner service)

Version 23 May 2018

Company’s registered responsible person (Reliable Partner service)

Reliable Partner and Raportti services

Data collected on our Reliable Partner customers is restricted to data concerning the company’s responsible person. We have excluded personal data that may be derivable from a business name (e.g. the name of a person that is part of a business name or auxiliary business name such as “Tmi Firstname Lastname” or “Firstname Lastname Oy”) from the scope of personal data, because this represents company data.

The Reliable Partner authorisation contract is signed by the company’s responsible person(s). The following personal data will be collected from the signatories and stored:

  • signature date
  • first name
  • last name
  • position of responsibility
  • identity number
    • We require the person’s identity number in order to ensure that the authorisation contract is signed by a person authorised to sign on behalf of the organisation. Any bans on engaging in business activities imposed on the responsible persons will also be checked in accordance with the Act on the Contractor’s Obligations and Liability when Work is Contracted Out (1233/2006).

We process the following personal data for the compilation of contractor’s liability reports. This data is retrieved from the trade register extract and from Suomen Asiakastieto Oy:

  • first name(s)
  • last name
  • date of birth
  • nationality
  • hometown
  • position in the organisation
  • bans on engaging in business activities, if any

On which basis is personal data being processed?
The legal basis for processing is the legitimate interests of the controller and fulfilling a contract made between the controller and the customer.

The Reliable Partner service allows your company to offer its partners, in an electronic format, information that they need to fulfil their clarification obligation imposed on contractors in the Act on the Contractor’s Obligations and Liability when Work is Contracted Out (1233/2006).

To whom is personal data conveyed?

Your personal data will be included in the company’s trade register extract enclosed with the contractor’s liability report as an appendix. Data contained in the contractor’s liability report, including personal data, is available to third parties in our online services (Valvoja, Raportti and Zeckit) and in the company data services provided by our partners. Contractor’s liability reports and data contained in them can be provided in an electronic format through an interface to the bidding, procurement, or similar data systems used by our customers.

We can convey data contained in the Reliable Partner service to the authorities as based on the mandatory requirement of a competent authority, or when we consider the inquiry of the authority to be justified in order to investigate a suspected misuse of our services.

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

We archive all contractor’s liability reports that are created. The archived contractor’s liability reports are used for providing customer services and for ensuring the reliability of the service and the authenticity of the reports created.

Only the latest contractor’s liability report is kept available for third parties on STV’s online service at all times.

Persons working in the real estate and construction sector (Ilmoita service)

Version 23 May 2018

Persons working in the real estate and construction sector (Ilmoita service)

Ilmoita service

The Ilmoita service allows your employer to transfer your personal data in an electronic format to the personal data files of the contractor of the work, the main implementer of the building site, or other administrator of the work site. Your employer can order you a Valtti card, ePerehdytys, or other additional services through the Ilmoita service.

Your employer will enter the following personal data into the service:

  • name
  • identity number, tax number, date of birth
    • the identity number will be used for strong identification of a person in employment-related matters, the verification of qualifications, and TUPAS identification
  • picture
  • type of employment relationship
  • employer name, company number, address, company representative and contact details
  • country of residence
  • nationality
  • phone number
  • email address
  • address in the country of residence

The following data can be added to each data subject’s personal data during use of the service:

  • information if the person was registered in the tax number register at the time of the data entry
  • status of ePerehdytys subscription
  • status of Valtti card
  • employee’s status as a posted worker and information of the respective A1 certificate

In addition, card and competence data retrieved from STV’s Valtti card register and Taito Competence Register can be linked to the personal data of data subjects when the personal data concerned is conveyed.

Please note that the employer company is the controller of their employee data and is responsible for, e.g. deleting all persons from their employee list who no longer work for the company concerned. The employer company is also responsible for ensuring that it has the right to save the personal data of their employees in the data system.

On which basis is personal data being processed?

The employer company has statutory and contractual obligations regarding the conveyance of the personal data of their employees to the main contractor or main implementer of the building site (e.g. section 52 b of the Occupational Safety and Health Act (738/2002) and section 15 b of the Tax Procedure Act (1558/1995)). General collective agreements also include provisions on the notification obligation in the construction sector. The basis for processing personal data that falls within the scope of the notification obligation in the construction sector is the statutory reporting obligation of the controller. The basis for processing data that is conveyed in order to fulfil contractual obligations is a legitimate interest.

To whom is personal data conveyed?

Your employer can convey your personal data to his business partners through the Ilmoita service for the following purposes:

  • preparation of the employee list at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • verification of the validity of the picture ID required at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • performance of employee inductions at the construction site as set out in the Occupational Safety Act (738/2002) and taking care of all other required activities for ensuring and promoting safety at work;
  • preparation of monthly employee reports for the Finnish Tax Administration (section 15 b of the Tax Procedure Act (1558/1995))
  • compliance against other legal or contractual obligations;
  • access control at the construction site or other work site;
  • verification of professional competences of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site or work site;
  • ensuring the contracting party’s compliance against contractual terms or applicable quality, operative or similar standards;
  • ensuring that contractors or independent workers operating at a partner’s building site or other work site comply with the contract, and
  • with the data subject’s explicit consent for other purposes.

The transfer of personal data will be conducted using application interfaces provided by STV in a manner ensuring that the employee’s personal data is transferred when the employee has provided her/his Valtti card credentials, or when the business relationship between the User and the receiver of personal data is recognised in any other manner.

We can convey your personal data to the authorities based on the mandatory requirement of a competent authority, or when we consider the inquiry of the authority to be justified for the purpose of investigating suspected misuse of our services.

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

Your employer can keep your personal data in the service for the duration of your employment relationship. Once your employment ends, your employment and personal data will be stored in the service for a minimum of 18 months, which is the period during which users of the service acting as the main contractor can make correction notifications in the employee reports they have submitted to the Finnish Tax Administration.

Once the employment relationship has ended, the employment and personal data of the employee can be stored in the work site register of the main contractor that uses STV’s work site register services, for as long as this information is needed for the above purposes. The minimum data storage period in accordance with the Taxation Procedure Act (1558/1995) is six years from the end of the year when the building site was completed.

Valtti cardholder

Version 23 May 2018

Valtti cardholder

The Valtti card is a photographic identification card for use at building sites, in accordance with the Occupational Safety and Health Act. We maintain a register of issued Valtti cards.

We collect the following information from the employer company acting as STV’s customer:

  • first name, last name, tax number, date of birth, and photograph of the cardholder
  • name and business ID of the employer

In connection to creating the Valtti card, STV will add the following data into the register:

  • name and bar code of the Valtti card
  • chip ID
  • last valid date of the Valtti card
  • photograph of the card
  • status and any modification data of the card

We will collect the following data in our customer register and service blogs when the card is ordered:

  • name of the person who submitted the order, date and method of identification
  • completed and cancelled orders and the date of completion or cancellation

On which basis is personal data being processed?

The legal basis for processing is the legitimate interests of the controller and fulfilling a contract made with the customer.

To whom is personal data conveyed?

Customers using STV’s services can search for and save in their own data systems personal data of cardholders when the cardholder works or is expected to start working at the customer’s building site or other work site. In connection to data searches, qualification data saved in the Taito Competence Register about the cardholder and other personal data reported by the employer in the Ilmoita service can be linked to the data contained in the Valtti card register, to the extent that the customer has the legal right to process such additional data.

The transfer of personal data to the personal data file of another controller is completed using interfaces provided by STV so that the transfer of employees’ personal data requires that the employee’s Valtti card ID has been checked or that the contractual relationship between the employer/data subject and the other controller and purpose of data processing has been recognised in some other manner.

STV can convey data contained in the Ilmoita service to the authorities as based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

Information on issued Valtti cards is stored in the Valtti card register for ten years from the end of the calendar year during which the validity of the card expired, or for as long as the site register or some other register used by STV’s customer has references to the said Valtti card.

Numbers of expired Valtti cards (without personal data) are saved permanently on the expired card revocation list.

Construction site worker (Building Site Register)

Version 23 May 2018

Building Site Register service

The Tax Procedure Act (1558/1995) requires that the main implementer/main contractor of the work site monthly reports all workers to the Tax Administration who have worked at the construction site, including his own and contractors’ workers. The Occupational Safety Act (738/2002) requires that an up-to-date list is maintained of all persons working at the construction site, that orientation is provided for all workers at the work site, and that all workers display an ID with a photograph. The main implementer/main contractor will process your personal data for these purposes.

The controller of the work site -specific personal data file is the main implementer/main contractor, who added the work site into our service.

Your personal data processed in the Building Site Register service include the following categories of personal data depending on the service components used by the controller:

Data retrieved from the employee register of the Ilmoita service:

  • name
  • identity number or tax number and date of birth
  • information on registration in the tax number register
  • type of employment relationship
  • employer name, company number, address, company representative and contact details
  • country of residence
  • nationality
  • phone number
  • email address
  • address in the country of residence

Data retrieved from the Valtti card register:

  • Valtti card information

Data entered into the service by the controller:

  • orientation information
  • access right information

Information retrieved from the access control system of the controller:

  • work site access control data

On which basis is personal data being processed?

The basis for processing is the statutory obligations of the main implementer/main contractor of the work site and the legitimate interests of the controller.

The main implementer/main contractor regularly conveys personal data to the authorities in a manner required by valid legislation. The main implementer/main contractor can convey personal data to third parties within the scope of the valid data protection legislation.

Personal data saved in the Building Site Register can be processed for the following purposes:

  • preparation of the employee list at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • verification of the validity of the picture ID required at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • performance of employee inductions at the construction site as set out in the Occupational Safety Act (738/2002) and taking care of all other required activities for ensuring and promoting safety at work;
  • preparation of monthly employee reports for the Finnish Tax Administration (section 15 b of the Tax Procedure Act (1558/1995))
  • compliance with other legal or contractual obligations of the controller;
  • access control at the construction site;
  • verification of professional qualifications of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site;
  • ensuring the main implementer’s/ main contractor’s compliance with his own quality, operating, or similar standards;
  • ensuring that contractors or independent workers operating at a main implementer’s/ main contractor’s building site comply with the contract

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

The main implementer / main contractor will store the personal data for as long as he will need the data concerned for the above purposes. The minimum storage period of data reported to the Finnish Tax Administration in accordance with the Taxation Procedure Act (1558/1995) is six years from the end of the year during which the building site was completed.

Qualifications entered into the Taito Competence Register

Version 23 May 2018

Qualifications entered into the Taito Competence Register

Information on professional qualifications and their validity is collected in the Taito Competence Register Your personal data will be contained in the Taito Competence Register if:

  • your employer maintains competence information in the Taito Competence Register, or
  • you have, in connection with completing the qualifications, given your consent for that qualification data to be published in the Taito Competence Register

The following personal data/data concerning a person will be stored in the Taito Competence Register:

  • first name
  • last name
  • tax number
  • date of birth
  • type of qualification
  • qualification ID
  • name marked on the qualification card
  • validity data
  • granter of the qualification
  • information of whether the validity of the qualification has been verified
  • modification data

On which basis is personal data being processed?

The legal basis for personal data processing is the legitimate interests of the controller, fulfilling a contract made between the controller and the customer, and/or consent given by the data subject.

The Taito Competence Register is a service directed specifically at employers in the construction sector. Employers can use the service for maintaining qualification data on their employees and for distributing this data to their partners, including the work site supervisor.

To whom is personal data conveyed?

Customers using STV’s services can search for and save, in their own data systems, personal data on data subjects (qualified persons) when the data subject works or is expected to start working at the customer’s building site or other work site. Data searches are principally completed so that the data subject presents his Valtti card to the customer, and the customer retrieves qualification data from STV’s system through the interface using the Valtti card ID. The customer can, at the same time, search for other personal data in the Valtti card register and personal data reported by the employer in the Ilmoita service, to the extent that the customer has a legal right to process such additional data.

STV can convey data contained in the Taito Competence Register to the authorities based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

The storage period for qualification data is as follows:

  • qualification data is removed from the Taito Competence Register without undue delay when we are notified of the cancellation of your previous consent
  • valid qualification data is stored for as long as your data is included in the employee register of the Ilmoita service
  • the maximum storage period of data related to expired qualifications is two years from the end of the year during which the qualifications expired

Your rights as a data subject

Version 23 May 2018

Your rights as a data subject

Qualifications entered into the Taito Competence Register

Information on professional qualifications and their validity is collected in the Taito Competence Register Your personal data will be contained in the Taito Competence Register if:

  • your employer maintains competence information in the Taito Competence Register, or
  • you have, in connection with completing the qualifications, given your consent for that qualification data to be published in the Taito Competence Register

The following personal data/data concerning a person will be stored in the Taito Competence Register:

  • first name
  • last name
  • tax number
  • date of birth
  • type of qualification
  • qualification ID
  • name marked on the qualification card
  • validity data
  • granter of the qualification
  • information of whether the validity of the qualification has been verified
  • modification data

On which basis is personal data being processed?

The legal basis for personal data processing is the legitimate interests of the controller, fulfilling a contract made between the controller and the customer, and/or consent given by the data subject.

The Taito Competence Register is a service directed specifically at employers in the construction sector. Employers can use the service for maintaining qualification data on their employees and for distributing this data to their partners, including the work site supervisor.

To whom is personal data conveyed?

Customers using STV’s services can search for and save, in their own data systems, personal data on data subjects (qualified persons) when the data subject works or is expected to start working at the customer’s building site or other work site. Data searches are principally completed so that the data subject presents his Valtti card to the customer, and the customer retrieves qualification data from STV’s system through the interface using the Valtti card ID. The customer can, at the same time, search for other personal data in the Valtti card register and personal data reported by the employer in the Ilmoita service, to the extent that the customer has a legal right to process such additional data.

STV can convey data contained in the Taito Competence Register to the authorities based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the service, we use subcontractors located within the European Economic Area (e.g. service centres), and can also transfer personal data to such subcontractors for producing the service.

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

Storage period of personal data

The storage period for qualification data is as follows:

  • qualification data is removed from the Taito Competence Register without undue delay when we are notified of the cancellation of your previous consent
  • valid qualification data is stored for as long as your data is included in the employee register of the Ilmoita service
  • the maximum storage period of data related to expired qualifications is two years from the end of the year during which the qualifications expired

Data Protection Officer

Further information and contacts

If you wish to exercise your rights, please contact the data officer of Suomen Tilaajavastuu Oy.

Data Protection Officer, Saara Rinta-Jouppi

tietosuoja@tilaajavastuu.fi

Suomen Tilaajavastuu Oy

Data Protection Officer

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

How is your data secured?

Version 23 May 2018

How is your data secured?

Your personal data can only be processed by persons who are entitled to do so and need the said data in their work tasks. Persons processing the data are committed to confidentiality.

Subcontractors operating within the European Economic Area can be used to produce the service. With subcontractors, a written data processing agreement has been signed in accordance with section 28 of the data protection regulation as well as an agreement made regarding the confidentiality of personal data. To the extent that third party cloud services (e.g. Hubspot, Zendesk) are used for customer and marketing communications and customer service, we have ensured that personal data transfers outside the European Economic Area are completed in accordance with the valid legislation, e.g. following the terms and conditions of EU’s standard clauses or the EU–USA Privacy Shield arrangement.

Servers used for data processing are located in server centres within the European Economic Area and protected with the appropriate access control and security systems. Regular backups are made of the data.

Log data is collected of the use of the services in order to investigate error situations and misuse and develop the services.

Data transfer between the data centre and the user is protected with appropriate encryption technology.

Confidentiality, integrity, availability, and fault tolerance of information saved in the services is ensured by means of various methods and systems such as security audits, security updates, and service monitoring of the systems.

 

Tietosuojaselosteet

Customer and marketing communication register

Last updated on 23 May 2018

Privacy notices

Customer and marketing communication register Privacy notice

   Suomen Tilaajavastuu Oy’s customer and marketing communication register

 

  1. Controller and contact person of the register

Suomen Tilaajavastuu Oy (Business ID FI23273271)

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

  1. Data subjects

Data subjects are contact persons of Suomen Tilaajavastuu Oy’s (”STV”) customers and potential customers, users of STV’s services, and users of STV’s website. Customers are companies, entrepreneurs, or consumers.

  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is the legitimate interest of the controller or fulfilling a contract made with the controller.

  1. Which personal data is collected and from what sources?

The customer and marketing communication register contains the following data on the contact persons for our customers and potential customers:

  • name, email address, telephone number, job title
  • name and contact details of the company/organisation
  • Mailing list subscription data
  • bans on direct marketing and customer communications
  • pages opened and brochures requested by the user on the website
  • information on logging into STV’s website
  • information on any customer and direct marketing communication sent by email and whether the message has been read
  • user profile
  • information on any communication between the data subject and the seller of STV’s services, such as content, date, and time of message
  • messages sent to Customer Service and processing data on the related ticket
  • website chats with Customer Service
  • recording of calls made to the telephone number of Customer Service
  • feedback you provide on the use of Customer Service
  • other information related to the purpose of the register that can be linked to the data subject, such as data collected on the use of the website during the use of the service (e.g. the user’s IP address, time of the visit, pages visited, browser type used, website that directed the user to the website, and the server that the user used to access the website).
  • Name of the customer company, first and last name of the contact person, work email address, telephone number
  • Permissions and/or bans on the contact person in electronic direct marketing and customer communications
  • Classification data provided by the contact person (e.g. interests)
  • Information provided on contact forms
  • Customer feedback data, contact messages, and consents
  • IP address or other ID
  • Subscription, invoicing, and delivery data
  • Data collected through cookies
  • Data collected on the use of STV’s online services
  • Data collected on the use of STV’s Customer Service channels
  • Data related to the use of social media, such as LinkedIn, Facebook and Twitter, e.g. ‘liking’ our website
  1. Regular disclosure and transfer of personal data

STV can use subcontractors for personal data processing. STV can convey personal data to its partners for direct marketing purposes within the limits of valid legislation.

  1. Transfers outside the EU and EEA

Personal data is not principally conveyed outside the European Union (EU) or the European Economic Area (EEA), unless necessary for the technical implementation of data processing, e.g. when the data subject sends or receives messages by email or other online-based transmission service.

STV can be used in customer and marketing communications and in Customer Service ticket management third-party data systems and cloud services, the personal data processing of which can be partly implemented outside the EEA. To the extent that STV’s subcontractors implement data processing outside the EEA, STV will ensure that the transfer of personal data outside the EEA is completed in accordance with the valid legislation.

  1. Storage period of personal data

Personal data contained in the customer and marketing communication register is stored for as long as STV will need it for the above purposes.

Personal data storage period

  • recordings of chats with Customer Service: three months
  • recordings of telephone conversations with Customer Service: seven months
  • details on the customer’s contact person related to customer relationship management: for as long as the data subject is the contact person of the customer concerned or for as long as STV stores the history data of the service used by the customer
  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the customer and marketing communication register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is principally stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place, to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement or you wish to exercise your rights, please contact STV’s data protection officer by using the above email or postal address.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Privacy notice by the Ilmoita service

Last updated on 23 May 2018

Privacy notice

 Suomen Tilaajavastuu Oy’s Ilmoita service

 

  1. Controller and contact person of the register

The controller is STV’s customer company that uses the Ilmoita service and is the employer of the data subject.

The party responsible for the maintenance and development of the Ilmoita service and its interfaces and related Customer Service is:

Suomen Tilaajavastuu Oy (“STV”)

Business ID: FI23273271

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

 

  1. Data subjects

Data subjects are the employees, managers, trainees (not working on an employment contract), or volunteer workers of the controller (STV’s customer).

  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is the contract signed between the controller and the data subject (employment contract), fulfilling a legal obligation of the controller (reporting obligation within the construction sector), and a legitimate interest of the controller.

The Ilmoita service allows the controller to transfer employer and employee data in an electronic format to the purchaser of the work, the main contractor of the building site or other administrator of the work site.

  1. Which personal data is collected and from what sources?

The controller will save the following categories of personal data in his employer register:

  • name
  • identity number, tax number, date of birth
  • picture
  • type of employment relationship
  • employer name, company number, address, company representative and contact details
  • country of residence
  • nationality
  • phone number
  • email address
  • address in the country of residence

The following data will be added to each data subject’s personal data during use of the service:

  • information if the person was registered in the tax number register at the time of the data entry
  • status of ePerehdytys subscription
  • status of Valtti card
  • employee’s status as a posted worker and information of the respective A1 certificate (requires separate agreement)

In addition, card and competence data retrieved from STV’s Valtti card register and Taito Competence Register can be linked to the personal data of data subjects when the personal data concerned is conveyed.

  1. Regular disclosure and transfer of personal data

The User can transfer his own employees’ personal data to his business partners through the Service for the following purposes:

  • preparation of the employee list at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • verification of the validity of the picture ID required at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • performance of employee inductions at the construction site as set out in the Occupational Safety Act (738/2002) and taking care of all other required activities for ensuring and promoting safety at work;
  • preparation of monthly employee reports for the Finnish Tax Administration (section 15 b of the Tax Procedure Act (1558/1995))
  • compliance against other legal or contractual obligations;
  • access control at the construction site or other work site;
  • verification of professional competences of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site or work site;
  • ensuring the contracting party’s compliance against contractual terms or applicable quality, operative or similar standards;
  • ensuring that contractors or independent workers operating at a partner’s building site or other work site comply with the contract, and
  • with the data subject’s explicit consent for other purposes.

The transfer of personal data will be conducted using application interfaces provided by STV in a manner ensuring that the employee’s personal data is transferred when the employee has provided her/his Valtti card credentials, or when the business relationship between the User and the receiver of personal data is recognised in any other manner.

STV can convey data contained in the Ilmoita service to the authorities based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate a suspected misuse of STV’s services.

In the production of the Valtti card service, STV can use subcontractors located within the European Economic Area, and it can also transfer personal data to such subcontractors for producing the service.

  1. Transfers outside the EU and EEA

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

  1. Storage period of personal data

During the use of the service, the controller is responsible for maintaining the data saved in its employee register and for entering the end of each employment relationship into the register. Employment and personal data of each former employee will be stored in the service for the minimum of 18 months, which is the time during which users of the service that acted as the main contractor can make correction notifications in the employee reports they have submitted to the Finnish Tax Administration. If the user company discontinues their operations without marking the employment relationships as having ended, STV can do this on its own initiative.

Once the employment relationship has ended, the employment and personal data of the employee can be stored in the work site register of the main contractor that uses STV’s work site register services, for as long as the information concerned is needed for the purposes mentioned above by other customers. The minimum data storage period in accordance with the Taxation Procedure Act (1558/1995) is six years from the end of the year when the building site was completed.

  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement or you wish to exercise your rights, please contact STV’s data protection officer by using the above email or postal address.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Privacy notice by the Reliable Partner service

Last updated on 23 May 2018

Privacy notice

  Suomen Tilaajavastuu Oy’s Reliable Partner service

 

  1. Controller and contact person of the register

 

Suomen Tilaajavastuu Oy (Business ID FI23273271)

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

  1. Data subjects

Data subjects are the responsible persons of Suomen Tilaajavastuu Oy’s (STV) customers, who have been named in the trade register extract.

  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is the legitimate interests of the controller and fulfilling a contract made between the controller and the customer.

The Reliable Partner service allows STV’s customer to offer its partners, in an electronic format, information that they need to fulfil their clarification obligation imposed on contractors in the Act on the Contractor’s Obligations and Liability when Work is Contracted Out (1233/2006). The contractor’s liability data of customers who have subscribed to the Reliable Partner service is available to third parties in STV’s Valvoja, Raportti and Zeckit services and in the company data services provided by STV’s partners.

  1. Which personal data is collected and from what sources?

The following personal data will be collected in the Reliable Partner service register of the customer company’s responsible persons:

  • name
  • date of birth
  • nationality
  • hometown
  • position of responsibility in the company and its start and end dates
  • bans on engaging in business activities, if any

Data is collected from trade register information acquired through a commercial company data service and from the business ban register, and is integrated into the contractor’s liability report prepared by STV.

We collect the following information on the signatory of the Reliable Partner service contract when the contract is signed:

  • name
  • position in the company
  • unique identification of the person (identity number) that allows for checking the reported position against the trade register data
  • signature date
  1. Regular disclosure and transfer of personal data

The contractor’s liability report and related personal data is available to third parties in STV’s Valvoja, Raportti and Zeckit services and in the company data services provided by STV’s partners. Contractor’s liability reports can be provided in an electronic format through an interface to the bidding, procurement, or similar data systems of our customers.

STV can convey data contained in the Reliable Partner service to the authorities based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the service, STV can use subcontractors located within the European Economic Area, and it can also transfer personal data to such subcontractors for producing the service.

  1. Transfers outside the EU and EEA

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

  1. Storage period of personal data

STV archives all contractor’s liability reports created and uses the archived reports for providing customer services and for ensuring the reliability of the service and the authenticity of the reports created.

Only the latest contractor’s liability report is kept available for third parties on STV’s services at all times.

  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement or you wish to exercise your rights, please contact STV’s data protection officer by using the above email or postal address.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Privacy notice by the Valtti card register

Last updated on 23 May 2018

Privacy notice

 Suomen Tilaajavastuu Oy’s Valtti card register

 

  1. Controller and contact person of the register

Suomen Tilaajavastuu Oy (Business ID FI23273271)

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

 

  1. Data subjects

Data subjects are the holders of Valtti smart cards granted by Suomen Tilaajavastuu Oy (”STV”). Cardholders are the employees, managers, trainees (not working on an employment contract), or volunteer workers of STV’s customer.

  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is the legitimate interests of the controller and fulfilling a contract made between the controller and the customer.

The Valtti card is a photographic identification card for use at building sites, in accordance with the Occupational Safety and Health Act. There can be two cards in the card package: The Valtti smartcard and the photographic personal identity card required on worksites. The Valtti smartcard relies on RFID technology.

Information printed on the smart card has been saved in STV’s electronic Valtti card database, from where third parties that have been granted access rights to the data can search for the cardholder’s personal data for purposes specified in this privacy notice.

  1. Which personal data is collected and from what sources?

We collect the following information from the employer company acting as STV’s customer:

  • first name, last name, tax number, date of birth, and photograph of the cardholder
  • name and business ID of the employer

In connection to creating the Valtti card, STV will add the following data into the register:

  • name and bar code of the Valtti card
  • chip ID
  • last valid date of the Valtti card
  • photograph of the card
  • status and any modification data of the card

We will collect the following data in our customer register and service blogs when the card is ordered:

  • name of the person who submitted the order, date and method of identification
  • completed and cancelled orders and the date of completion or cancellation
  1. Regular disclosure and transfer of personal data

Customers using STV’s services can search for and save in their own data systems personal data of cardholders when the cardholder works or is expected to start working at the customer’s building site or other work site. In connection to data searches, qualification data saved in the Taito Competence Register about the cardholder and other personal data reported by the employer in the Ilmoita service can be linked to the data contained in the Valtti card register, to the extent that the customer has the legal right to process such additional data.

The cardholder’s personal data can be searched for and processed only for the following purposes:

  • preparation of the employee list at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • verification of the validity of the picture ID required at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • performance of employee inductions at the construction site as set out in the Occupational Safety Act (738/2002) and taking care of all other required activities for ensuring and promoting safety at work;
  • preparation of monthly employee reports for the Finnish Tax Administration (section 15 b of the Tax Procedure Act (1558/1995))
  • compliance against other legal or contractual obligations;
  • access control at the construction site or other work site;
  • verification of professional competences of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site or work site;
  • ensuring the contracting party’s compliance against contractual terms or applicable quality, operative or similar standards;
  • ensuring that contractors or independent workers operating at a partner’s building site or other work site comply with the contract, and
  • upon data subject’s explicit consent for other purposes.

The transfer of personal data to the personal data file of another controller is completed using interfaces provided by STV so that the transfer of employees’ personal data requires that the employee’s Valtti card ID has been checked or that the contractual relationship between the employer/data subject and the other controller and purpose of data processing has been recognised in some other manner.

STV can convey data contained in the Valtti card register to the authorities as based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the Valtti card service, STV can use subcontractors located within the European Economic Area, and it can also transfer personal data to such subcontractors for producing the service.

  1. Transfers outside the EU and EEA

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

  1. Storage period of personal data

Information on issued Valtti cards is stored in the Valtti card register for ten years from the end of the calendar year during which the validity of the card expires, or for as long as the site register or some other register of STV’s customer has references to the Valtti card concerned.

Numbers of expired Valtti cards (without personal data) are saved permanently on the expired card revocation list.

  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement or you wish to exercise your rights, please contact STV’s data protection officer by using the above email or postal address.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Privacy notice by the Taito Competence Register

Last updated on 23 May 2018

Privacy notice

  Suomen Tilaajavastuu Oy’s Taito Competence Register

  1. Controller and contact person of the register

Suomen Tilaajavastuu Oy (Business ID FI23273271)

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

  1. Data subjects

Data subjects are:

  • the employees, managers, trainees (not working on an employment contract), or volunteer workers of Suomen Tilaajavastuu Oy’s (“STV”) customer that use the Taito Competence Register; or
  • natural persons who have given their consent for publishing their completed qualifications in STV’s Taito Competence Register.
  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is the legitimate interests of the controller, fulfilling a contract made between the controller and the customer, and/or consent given by the data subject.

The Taito Competence Register is a service directed specifically at employers in the construction sector. Employers can use the service for maintaining the qualification data of their employees and for distributing this data to their partners, including the work site supervisor.

  1. Which personal data is collected and from what sources?

The Taito Competence Register contains the following types of personal data:

  • name of the data subject
  • tax number
  • date of birth
  • type of qualification
  • name marked on the qualification card
  • qualification ID
  • validity data
  • granter of the qualification
  • information on whether the validity of the qualifications has been verified directly from the source
  • modification data
  1. Regular disclosure and transfer of personal data

Customers using STV’s services can search for and save, in their own data systems, personal data on data subjects (qualified persons) when the data subject works or is expected to start working at the customer’s building site or other work site. Data searches are principally completed so that the data subject presents his Valtti card to the customer, and the customer retrieves qualification data from STV’s system through the interface using the Valtti card ID. The customer can, at the same time, search for other personal data in the Valtti card register and personal data reported by the employer in the Ilmoita service, to the extent that the customer has a legal right to process such additional data.

The customer can search for and process personal data contained in the Taito Competence Register only for the following purposes:

  • The employer can process the personal data concerning their own employees for all legal purposes within the employer’s own company.
  • Customers who are not the employer of the data subject can process the personal data for the following purposes:
  • To implement worksite orientation required by the Occupational Safety Act (738/2002) and to take care of all other activities required from the main contractor or the main implementer, in order to ensure and promote work safety and fulfil other statutory obligations
  • verification of professional competences of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site or work site;
  • to ensure compliance with the customer’s own quality, operating or similar system
  • to ensure compliance with contracts of the contractors or independent workers operating at the customer’s building site or other work site, and
  • other purposes subject to the data subject’s explicit consent.

STV can convey data contained in the Taito Competence Register to the authorities based on the mandatory requirement of a competent authority, or when STV considers the inquiry of the authority to be justified in order to investigate suspected misuse of STV’s services.

In the production of the Taito Competence Register, STV can use subcontractors located within the European Economic Area, and it can also transfer personal data to such subcontractors for producing the service.

  1. Transfers outside the EU and EEA

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

  1. Storage period of personal data

The storage period for qualification data is as follows:

  • qualification data is removed from the Taito Competence Register without undue delay when STV is notified of the cancellation of the data subject’s previous consent
  • valid qualification data is stored for as long as the data subject is saved in the employee register of the Ilmoita service
  • the maximum storage period of data related to expired qualifications is two years from the end of the year during which the qualifications expired
  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement or you wish to exercise your rights, please contact STV’s data protection officer by using the above email or postal address.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Privacy notice by the Building Site Register

Last updated on 23 May 2018

Privacy notice

 Suomen Tilaajavastuu Oy’s Building Site Register

 

  1. Controller and contact person of the register

STV’s customer company that acts as the main contractor or main implementer of the building site is the controller of the register.

The party responsible for the maintenance and development of the Building Site Register and its interfaces and related Customer Service is:

Suomen Tilaajavastuu Oy (“STV”)

Business ID: FI23273271

Tarvonsalmenkatu 17 B

02600 Espoo, Finland

Data Protection Officer Saara Rinta-Jouppi

Email: tietosuoja@tilaajavastuu.fi

  1. Data subjects

Data subjects are persons working at the controller’s building site.

  1. Basis for and purpose of personal data processing

The legal basis for personal data processing is implementing the statutory obligations of the controller (e.g. section 52b of the Occupational Safety Act (738/2002) and section 15b of the Tax Procedure Act (1558/1995)) and the legitimate interests of the controller.

  1. Which personal data is collected and from what sources?

The personal data processed in the building site register service include the following categories of personal data, depending on the service components selected by the controller:

Data retrieved from the employee register of the Ilmoita service:

  • name
  • identity number or tax number and date of birth
  • information on registration in the tax number register
  • type of employment relationship
  • employer name, company number, address, company representative and contact details
  • country of residence
  • nationality
  • phone number
  • email address
  • address in the country of residence

Data retrieved from the Valtti card register:

  • Valtti card information

Data entered into the service by the controller:

  • competence information
  • access rights at the building site

Information retrieved from the access control system of the controller:

  • work site access control data
  1. Regular disclosure and transfer of personal data

The controller regularly conveys personal data to the authorities in a manner required by valid legislation. The controller can convey personal data to third parties within the scope of valid data protection legislation.

Personal data saved in the Building Site Register can be processed for the following purposes:

  • preparation of the employee list at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • verification of the validity of the picture ID required at the construction site, pursuant to section 52b of the Occupational Safety Act (738/2002)
  • performance of employee inductions at the construction site as set out in the Occupational Safety Act (738/2002) and taking care of all other required activities for ensuring and promoting safety at work;
  • preparation of monthly employee reports for the Finnish Tax Administration (section 15 b of the Tax Procedure Act (1558/1995))
  • compliance with other legal or contractual obligations of the controller;
  • access control at the construction site;
  • verification of professional qualifications of a person being inducted at the construction site or other work site;
  • verification of professional competences required for a work task;
  • ensuring compliance against occupational safety regulations;
  • direction of the work at the construction site;
  • to ensure compliance with the controller’s own quality, operational or similar system
  • to ensure compliance with contracts of the contractors or independent workers operating at the controller’s building site

In the production of the Building site register service, STV can use subcontractors located within the European Economic Area, and it can also transfer personal data to such subcontractors for producing the service.

  1. Transfers outside the EU and EEA

As a rule, personal data is not conveyed outside the EU or the European Economic Area.

  1. Storage period of personal data

The controller will store the personal data for as long as the data concerned for the above purposes is required. The minimum storage period of data reported to the Finnish Tax Administration in accordance with the Taxation Procedure Act (1558/1995) is six years from the end of the year during which the building site was completed.

  1. Rights of data subjects

As a data subject, you have the right to inspect the personal data concerning yourself and demand that any incorrect data be corrected or deleted. However, we can, within the limits of law, restrict your right to access data that contains the personal data of others, is a business secret of ours or our customer, or is related to the safety features of the service.

You have the right to request that your personal data be deleted in situations specified in the general data protection regulation, if:

  • you cancel your previous consent and there is no other legal basis for processing the data concerned besides your consent
  • you object to the processing of your personal data, and there is no legal basis for continuing the processing
  • processing the data is illegal
  • you are under 18 and your personal data was collected in connection with providing information society services.

In situations specified in the general data protection regulation, you have the right to object to the processing of your data or to request that the processing of your data is restricted. If you consider the processing of your personal data to be illegal, you can submit a complaint on the processing to a competent authority.

  1. Data security

The right to use the register is restricted to appointed persons only, who need the information concerned in their work tasks. Each user has his/her own user name and password. Personal data is stored in databases and data systems located within the European Economic Area that have the appropriate technical and organisational measures in place to protect the personal data against misuse and disclosure.

  1. Contacts

If you have questions regarding this privacy statement, please contact STV’s data protection officer by using the above email or postal address.

If you wish to check if your personal data has been saved in the building site register of the main contractor or the main implementer, please contact the main contractor or main implementer concerned directly.

  1. Changes

STV can make changes to this privacy statement from time to time without a separate notice. Any changes made are listed in the “last update” section at the beginning of this privacy notice.

 

Cookies

Cookies | Tilaajavastuu

THE USE OF COOKIES
The websites of the Suomen Tilaajavastuu group may use cookies. Cookies are small text files that save onto the user’s computer in order to create broader functionality on the website. Cookies do not collect or otherwise process personal data. If you do not want cookies to be used, you can disable them on your browser. In this case, the website may not operate as intended.

Further Information on Cookies
Cookies may occasionally be transferred to a visitor’s computer. Cookies may be used to collect the following information: the website from which you have moved to our website, the webpages of Suomen Tilaajavastuu Oy you have browsed and when you have browsed them, the browser you are using, the display resolution of your computer, the brand and model of your computer’s operating system, and the IP address of your computer i.e. the Internet address that you send data from and where the data is received.

Behavioral data may be collected by Suomen Tilaajavastuu Oy, its group companies, their service providers and third parties (advertisers and advertising networks, media and advertising agencies, measuring and monitoring services) on visits made to the websites of the Suomen Tilaajavastuu group. Suomen Tilaajavastuu group may also use behavioral data collected from websites other than its own.

With cookie-related information, the number of visits made to services can be monitored by the Suomen Tilaajavastuu group and its collaborative partners and analyzed to develop the Internet services into more visitor-friendly wholes. The above mentioned parties may use cookies to collect information about a visitor’s visits to the Suomen Tilaajavastuu group websites in order to target their advertising. The information collected through the use of cookies is used to produce targeted advertising based on the visitor’s interests for the websites of Suomen Tilaajavastuu group and their collaborative partners. When advertising is targeted by means of cookies, the visitor is neither identified nor is the anonymous data gathered on the visitor connected to personal data possibly obtained from the visitor in some other context.

Through, inter alia, physical, electronic and contractual means, Suomen Tilaajavastuu group strives to prevent unauthorized access to the abovementioned information. The intention is to commit third parties to existing legislation and self-regulations. The Internet is an open system and therefore Suomen Tilaajavastuu group does not monitor or answer for the practices of third parties.

The user can disable cookies by changing their browser settings so that the browser does not allow cookies to be saved. The visitor accepts that disabling cookies may, however, affect the functionality of some of the services.