Karjalan Paperi Oy’s Privacy Notice
1. Preamble
Karjalan Paperi Oy needs to gather and use certain information about its employees, potential employees, and business partners.
The Karjalan Paperi Oy’s Privacy Notice is information to you, as a private person and a Karjalan Paperi Oy employee or business partner, and describes what personal data is processed, how and for what purpose, as well as your personal rights (EU only).
2. Data Controller
Karjalan Paperi Oy
Terminaalinkatu 5 A
53420 Lappeenranta
Finland
Telephone +358 40 5282 107
Contact: The Personal Data Protection Administrator
E-mail address: GDPR@karjalanpaperi.fi
3. Categories of personal data subjects
a) Employees
b) Potential employees
c) Business partners and potential business partners
4. Sources of personal data
a) Employee/Employment contract
b) Potential employee/Job application/Recruitment firm
c) Business partners/Contracts, Internet, Credit reporting firms, Due Diligence research tools
5. Personal data processed
a) Name, address, date of birth, personal id number, telephone number, emergency contact number, date of employment, employee number, title, bank account details, passport copy, photos, videos, etc.
b) Name, address, date of birth, personal id number, telephone number, information in CV, resumé and other personal data voluntarily provided by the job applicant
c) Name, contact details, title, company, name(s) of owner(s), IP-address, tax id number, family members, date of birth, previous employments, board memberships, etc.
6. Purpose of processing of personal data
a) To fulfill obligations according to employment contract and local employment/labor laws (pay salaries, payroll taxes, offer benefits, reporting to authorities, filing, etc.) and to facilitate job duties
b) To fill job positions
c) To conduct business and manage business partner relations, including due diligence as part of trade compliance regulations
7. Legal basis for processing of personal data
a) Employment law, employment contract
b) Voluntary
c) Contract, pending contract, legitimate interest (conduct business), international trade compliance laws
8. Recipients/category of recipients of personal data
a) Payroll service companies, Pension- and tax authorities, insurance companies, banks, travel agencies, accounting firms etc.
b) Potentially managers within the company
c) Credit insurance companies, auditors, and others to fulfill business obligations, follow legal requirements and conduct business, and only when necessary and lawful
9. International transfer of personal data
a) Personal data is not transferred out of EU/EEA, with the possible exception for cloud service, servers and IT-support and maintenance
b) None
c) Where necessary to conduct business and on a legal basis
10. Period data is kept
a) Per local employment/labor laws
b) 1 year (unless hired)
c) Per contract, per accounting, tax or business and compliance laws or per legitimate interest
11. Right to access, rectification, erasure, restrict processing and object to processing of personal data (EU only)
As a private person in the EU, you have many rights regarding your personal data which is collected and stored. In summary, these include:
a) the right to transparency and access with respect to the personal data that is stored and processed
b) the right to corrections of any mistakes in the personal data and erasure in certain situations
c) the right to restriction of processing in certain circumstances
d) the right to object at any time to processing of personal data concerning you that is carried out based on our legitimate interest and you have specific reasons to object to such processing.
Form for the above request is available via GDPR@karjalanpaperi.fi
12. Right to portability (EU only)
The right to data portability, i.e. to receive personal data collected about you in a structured, commonly used and machine-readable format.
Form for the above request is available via GDPR@karjalanpaperi.fi
13. Right to lodge complaint with a Data Protection Authority (EU only)
Supervisory authorities in each EU country will monitor the processing of personal data in accordance with the GDPR and complaints should be lodged directly with them.
Further information can be found at the bottom of this Privacy Notice.
Before any complaint is lodged with the DPA, the local Personal Data Protection
Administrator should be contacted at GDPR@karjalanpaperi.fi.
14. Right to compensation in case of a breach (EU only)
As a private person in the EU, you have the right to claim compensation for damages caused by any potential breach of data protection legislation.
15. Security measures
Technical and organizational measures have been implemented to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing. These measures include, but are not limited to, a Code of Conduct, a Personal Data Protection Policy, GDPR training of personnel, Whistleblowing service, the “Karjalan Paperi Code of Conduct for Business Partners”, IS/IT policies, Internal audit function, Personal Data Protection Agreements (GDPR) with vendors/processors, GDPR instructions and Q&A for our personnel, consent forms, and other controls which might include passwords, backups, encryption, locks etc.
16. Questions and concerns
If you have any questions or concerns regarding protection of your personal data, please contact first the Personal Data Protection Administrator in your office (employees) or you can contact the Personal Data Protection Administrator at GDPR@karjalanpaperi.fi
We will make every effort to resolve any concern you may have.
17. Links for additional information
National Data Protection Agency:
Finland: http://www.tietosuoja.fi
Lappeenranta, April 8, 2024