User register of the Sparky information system

​

​

WRITTEN ON​

21 September 2020

​

​

CONTROLLER

​

PBE Performance Ltd Oy (3124341-9, Kympinkatu 3 C, 40320 Jyväskylä) serves as the controller in all personal data referred to in this privacy statement.

​

​

CONTANCT PERSON IN MATTERS CONCERNING THE REGISTER 

​

Data protection officer specified by the controller. Contact email: help@sparky.fi 

​

​

NAME OF THE REGISTER 

​

User register of the Sparky information system. 

​

​

CONCEPTS

​

A data subject is a person whose information the controller collects and maintains. 

 

A customer organisation is an organisation that has provided the controller with the data subject’s contact details with their consent and for which the controller produces anonymised data on the basis of information entered by the data subject into the information system.

​

 

LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

​

The register is based on a contractual relationship, either directly with the data subject or indirectly with customer organisations associated with data subjects. 

 

The purpose of the register comprises maintenance of the user register; management, filing and processing of customer orders; and management of the customer relationship with data subjects and/or management of an indirect customer relationship with customer organisations

associated with data subjects. 

 

Anonymised (https://tietosuoja.fi/en/pseudonymised-and-anonymised-data) data can also be used for the development of the controller’s operation and for statistical purposes. Personal data are processed within the limits permitted and required by the General Data Protection Regulation (GDPR). Information contained in the register can be used in the company’s own registers, for instance, to direct advertising without disclosing personal data to third parties. The company may maintain customer and service relationships by using partners, so parts of the register data can be transferred to a partner’s services due to technical requirements. Data are processed solely for the maintenance of customer relationships via technical interfaces.

​

​

BASIS OF LEGITIMATE INTEREST

​

Customer relationship, direct or indirect customer relationship through a customer organisation.

​

​

CATEGORIES OF PERSONAL DATA IN QUESTION 

​

Customer organisations and/or customer teams.

​

​

RECIPIENTS AND CATEGORIES OF RECIPIENTS

​

The controller’s employees, only individuals equipped with administrator rights. Personal data of users of the information system are not disclosed to third parties. Analyses and summaries produced based on information stored by users in the information system are distributed to the customer organisation, at a team and organisation level, on a fully anonymous basis, i.e., without any personal data associated with the information. 

 

The controller may maintain customer and service relationships by using partners, so parts of the register data can be transferred to a partner’s services due to technical requirements. Data are processed solely for the maintenance of customer relationships via technical interfaces.

​

​

CONSENT

​

Consent is based on consent provided by a data subject that he or she provides upon adoption of the information system, either directly to the controller or indirectly to a customer organisation associated with the data subject. Users of the information system have the right to withdraw their consent at any time by contacting the controller (help@sparky.fi).

​

 

INFORMATION CONTENTS OF THE REGISTER

 

The personal register contains the following information:

 

- A person’s first and last name

- The entity represented (organisation and team)

- Email address 

 

Information pseudoanonymised from personal data and stored separately from them

- information on wellbeing and performance at work and related background information

 

 

REGULAR SOURCES OF DATA

​

Information stored in the personal register (the first and last name of the data subject, the community they represent at an organisation and/or team level, and the data subject’s email address) is obtained from the controller’s customer organisation for which the data subject has given his or her consent to submission of the information. 

 

A data subject personally stores information in the information system.

​

 

STORAGE PERIOD OF PERSONAL DATA

 

Ten years from the end of the customer relationship (direct or a customer relationship created through the controller’s customer organisation).

​

 

REGULAR DISCLOSURE OF DATA

​

The controller does not disclose a data subject’s personal data or any details linked to them to a third party.

 

The controller distributes through the same information system, as data anonymised from the personal data, the following details stored by the data subject in the information system for use by the customer organisation

- information on wellbeing and performance at work and

- related background information linked to the team and organisation level.

​

​

TRANSFER OF DATA OUTSIDE THE EU OR EEA

​

The controller does not transfer personal data outside the EU or EEA.

​

​

PRINCIPLES FOR THE PROTECTION OF THE REGISTER A: MANUAL MATERIAL

​

The controller does not use any manual material.

​

 

PRINCIPLES FOR THE PROTECTION OF THE REGISTER B: FUNCTIONS PROCESSED WITH COMPUTERS

 

Only a carefully limited group of employees of the company and of enterprises operating on its behalf have the right to use the user register and maintain information contained therein. 

 

Each specified user has their own personal username and password. Every user has signed a non-disclosure agreement. The system is protected with, for instance, a firewall that protects against attempts at contact coming from the outside.

​

​

COOKIES

The information system does not use cookies.

​

​

AUTOMATIC PROCESSING AND PROFILING

​

‘Profiling’ consists of automated processing of personal data evaluating the personal aspects relating to a person. The controller’s information system does not profile data subjects; instead, it compiles details entered by a person and analyses them automatically, producing information about wellbeing and performance out of these details. The system returns analysed information linked to a person only and exclusively for personal use by the data subject. All information associated with data subjects and collected through the information system and forwarded to a customer organisation is anonymised.

​

​

RIGHT TO CHECK, I.E. RIGHT OF ACCESS TO PERSONAL DATA

 

A data subject has the right to check what information about him or her the register contains. A request for right of access should be made in writing by contacting the controller’s customer service (help@sparky.fi) in Finnish or English. The request for right of access must be signed. A data subject has the right to prohibit processing and disclosure of his or her information for purposes of direct advertising, remote selling and direct marketing as well as for market surveys and opinion polls, by contacting the company’s customer service desk.

 

​

RIGHT TO DATA PORTABILITY

 

A data subject has the right to obtain his or her own information in a PDF format by sending a request to the controller (tuki@poweredbyemotion.fi).

​

​

RIGHT TO DEMAND CORRECTION OF DATA 

​

It must be possible to rectify, erase or supplement any personal data that are contained in the register and which are erroneous, unnecessary, incomplete or outdated in terms of the purpose of processing. A request for correction must be submitted with a written request, signed by one’s own hand, to the administrator of the personal register. The request must specify which data should be corrected and on what grounds. Such correction will be implemented without delay. A correction of an error will be reported to the party from which the erroneous data were obtained or to which the data have been disclosed. If a request for correction is rejected, the person responsible for the register will submit a written certificate listing the reasons why the request for correction was rejected. The interested party may refer the rejection to the Data Protection Ombudsman for resolution.

​

​

RIGHT TO RESTRICTION 

 

A data subject has the right to request restriction of data processing.

​

​

RIGHT TO OBJECT

 

A data subject has the right to request personal data concerning him or her from the controller as well as rectification or erasure of the personal data.

​

​

RIGHT TO SUBMIT A COMPLAINT TO THE SUPERVISORY AUTHORITY

 

If you believe that the General Data Processing Regulation has been violated in the processing of personal data concerning you, you have the right to submit a complaint to the supervisory authority. 

 

You can also submit a complaint in the Member State of your habitual residence or place of work.

 

The contact information of the national supervisory authority is: 

Office of the Data Protection

Ombudsman

PL 800, Ratapihantie 9, 00521

Helsinki, Finland

Tel. +358 29 566 6700 (Advice for private persons)

tietosuoja@om.fi www.tietosuoja.fi

​

​

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

 

A data subject has the right to prohibit the disclosure and processing of his or her data for purposes of direct advertising and marketing, to demand anonymisation of the data as applicable, and the right to be completely forgotten.

​

​

PBE Performance Ltd Oy

Kympinkatu 3 C

40320 Jyväskylä

Business ID 3124341-9