Name of register
ICT Direct Finland Oy client and candidate register
This stores and handles personal information in accordance with the EU’s GDPR. We may alter this data protection description from time to time, either by giving advance notice of this or without giving notice. We recommend that you visit this data protection description page from time to time to take note of changes.
ICT Direct protects personal data in multiple ways such as, antivirus protection, firewalls, minimizing data access and through employee guidelines. In addition, encryption is used to protect sensitive data. ICT Direct is constantly working to maintain and improve the security of our IT environment.
The Personal Data Act
ICT Direct complies with all the necessary data protection regulations, including the General Data Protection Regulation (GDPR) (EU) 2016/679, which aims to prevent the violation of personal integrity in the processing of personal data. All data we collect and process is stored within, and on devices physically located within, the EU/EEA, or such third country deemed to offer an adequate level of security by the European Commission, or by service providers that have entered into binding agreements that fully comply with the lawfulness of third country transfers.
ICT Direct Finland Oy
Address: Mannerheimintie 12 B, 00100 Helsinki
Phone: 010 274 3190
Person responsible for register matters:
ICT Direct Finland Oy
Ilpo Järvenpää, CEO
The purpose of the handling of personal information:
Our operations are based on lawful business operations, and thus we also comply with the EU regulation on the storage of personal information – in brief, this is the following six points:
- The information that we store about a person is lawful, reasonable and transparent in terms of its handling. This means that you can have access to your information at any time.
- The information is limited to the purpose of use – for example, information that we collect about people is limited to only a particular usage purpose. We will not pass on your information to external parties unless there is an appropriate reason for doing so.
- We will minimise the information we store – we will only store what is necessary.
- We will seek to keep our information accurate.
- We will limit the storage of information – a usage period is defined for the information, after which it is deleted, either automatically or as a matter of routine, unless there is a legally-grounded reason to keep it.
- We store intact and reliable information, secured through back-up copies, for example.
We collect and store information based on customer relationships or associated with business operations, on possible new customers. The principal purposes for the usage of information are: marketing, reporting, production of services, customer communications, the planning and targeting of marketing, analysis, development of customer service, the development of the service and business, as well as for other comparable usage purposes. ICT Direct Finland Oy uses personal information for distance selling and direct marketing purposes in the ways permitted by the Personal Data Act. The collection of the information of potential new customers is based on the business operations and we collect the information ourselves or buy them from a third-party provider.
We collect and store information based on candidate relationships. The principal purposes for the usage of information are: executive search and recruitment services, marketing, reporting, production of services, candidate communications, the planning and targeting of marketing, analysis, development of customer service, the development of the service and business, as well as for other comparable usage purposes. ICT Direct Finland Oy uses personal information for distance selling and direct marketing purposes in the ways permitted by the Personal Data Act. The collection of the information of potential candidates is based on the business operations and we collect the information ourselves or buy them from a third-party provider.
The data content of the register:
We store the minimum amount of information relating to the customer relationship, which typically includes the individual name of the person, their company and contact details, such as their e-mail address and telephone number.
The information collected is:
- First name and surname
- Contact information (such as the name of the company, contact details etc.)
- Other text-form information relating to the customership
- Marketing consent or prohibition
- IP address information or another identifier
- Information collected through cookies
- Information collected through social media channels
- Address of www pages
Normal sources of information:
Sources of information used include the following:
- LinkedIn, Google Analytics, job boards, and the job application and web forms on the website.
- Personal information is collected from the registered person themselves in the register controller’s own operations, in association with dealing with customers, including by phone, in the online service and at customer events.
- In addition, with regard to our business operations, e.g. in connection with the acquisition of new customers, we may use names taken from the media, for example, which we may contact with a view to doing business.
Normal passing on of information:
We use the services of third parties for the handling and storage of such data which may include personal information. However, third parties act purely as handlers of personal information who have a right to handle such information only within the scope of the services agreed on, and ICT Direct Finland Oy remains the only register controller of this kind of information.
We shall pass on personal information in a limited manner to other parties – in practice, this means the following:
- We use MailChimp for e-mail marketing. What is stored in these is only the name, company and e-mail address.
- To manage our candidate relationships, we use Salesforce, Teamtailor, and Filtered.ai in which we store, in a minimized form, things including the following: the name of the person, their contact details and features related to the candidate relationship, such as discussions, meetings, technical test assessments and other activities.
- In order to take care of customer relationships, we use Pipedrive and Salesforce, in which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as discussions, meetings and other activities.
- We use Maventa e-invoicing, in which we store, in a minimised form, things including the following: the personal name of the customer, their contact details and features related to the customer relationship, such as invoicing and the accounts ledger.
- In order to take care of new customerships, we use Pipedrive, in which we store, in a minimised form, things including the following: the name of the person, their contact details, discussions and features related to the customer relationship, such as report requests from the site.
- In order to take care of customer relationships, we use WordPress, on which we store, in a minimised form, things including the following: the name of the person, their contact details and features related to the customer relationship, such as newsletter subscriptions from the site.
- Information can be passed on to the authorities within the limits in accordance with prevailing legislation or when decrees demand it, for example in order to investigate malpractices.
Transferral of information outside the EU or EEA
In the handling of data in accordance with the purposes specified in this data protection policy, we use partners and in association with this, we may pass on the personal information that we handle outside the EU or EEA, complying with the legislation that is in force in any given situation. In the case of countries where a sufficient level of data protection has not been ensured, transferrals are based on appropriate protective measures, such as the standard contract clauses approved by the European Commission or a monitoring authority.
Register protection principles
ICT Direct Finland Oy has appropriate technical and organisational security practices and processes to secure personal information against loss, misuse or other comparable illegal access.
The personal information contained in the register is stored confidentially. There are guidelines in the organisation of the register controller on the use of the register and access to the person register is restricted so that only those employees who have the right to do so with regard to their work tasks, and as far as their tasks require, have access to the information contained in the register stored in the system and are authorised to use it. The personnel who handle personal information are under an obligation of secrecy.
The system is protected with protection software. Access to the system requires entering a user ID and password from each user of the register. The server environment is protected with passwords and an appropriate firewall. The data traffic between the server and the computer of the user is transmitted in an encrypted form. In addition, the data network and equipment where the register is located are protected with a firewall and through other technical measures. Destroying of materials containing personal information is done is a data-secure manner.
You have the right to get access to your personal information and have erroneous information that concerns you corrected. You have the right to demand deletion of your personal information at any time unless the interests that we are entitled to, or a requirement laid down by law, prevent the deletion of some personal information. Information shall be handed over in a form that is comprehensible to the customer, and in writing if so required. Requests are to be addressed with a personally signed letter to ICT Direct Finland Oy, Mannerheimintie 12 B, 00100 Helsinki .
The right to demand correction of information
The register controller shall correct, delete or supplement information in the register that is, in terms of handling, erroneous, unnecessary, deficient or out of date, either independently or when demanded to do so by the registered person. In addition, personal information can be deleted if the customer misuses the service or, with the aid of the service, carries out criminal or other prohibited actions. The registered person must contact the register controller for the correction of information. Requests are to be addressed with a personally signed letter to ICT Direct Finland Oy, Mannerheimintie 12 B, 00100 Helsinki.
Other rights relating to the handling of personal information
A registered person also has the right to prohibit the register controller from handling information relating to them for the purposes mentioned in this register description, unless it is agreed otherwise between the register controller and the registered person. Requests for correction of information pertaining to marketing prohibitions (calls, printed direct marketing, text messages and e-mail) are to be addressed with a personally signed letter to ICT Direct Finland Oy, Mannerheimintie 12 B, 00100 Helsinki.
Analyses of web pages and advertising cookies
In order to obtain additional information about the traffic on our website, we use an analysis tool and advertising provided by a third party.
You can prevent the collection of information by Google and the usage of information (cookies and IP addresses) by downloading and installing a browser add-on program, which can be obtained here: https://tools.google.com/dlpage/gaoptout?hl =en or by using other advertising and tracking blocking tools.
We also use Google Analytics in order to analyse the information of the AdWord and DoubleClick Cookies services. You can prevent the handling of this information through the privacy settings of Google here: https://myaccount.google.com/