Merius Oy processes personal data in accordance with the obligations of the EU Data Protection Regulation, ie the EU GDPR (General Data Protection Regulation), and the current Personal Data Act (523/1999).
This notice describes the general principles for the processing of personal data.
1. Information and contact details of the registrar in matters concerning the register
Employee register:
The personal data of the persons who have signed the employment contract are processed in order to fulfill the obligations specified in the employer’s employment contract. The processing is based on the Employment Contracts Act (2001/55, specifically Chapter 2).
Recruitment register:
In connection with recruitment, the personal data of employees are processed in the evaluation of applicants related to the recruitment process.
Stakeholder register:
Personal data is processed for the management of customer and other business-related relationships, the provision of services, business development and planning, and marketing.
4. Information content of the register
Employee register:
Basic employee information, such as:
name, address, date of birth, personal identity number, e-mail address, telephone number, if necessary, bank contact information and hourly records, title, gender, education
Recruitment register:
Basic information for job seekers, such as: name, phone number, email address, postal address.
Information provided by jobseekers in their CV and application, such as: work experience, training information, skills and positions of trust.
Information related to interviews and personal assessments.
Stakeholder register:
Name and company of the data subject, telephone number and e-mail address, address details, status of the person, if applicable.
5. Data sources
Employee and recruitment register:
Personal data concerning the data subject is collected from the data subject himself. In addition, the data consists of data stored during the recruitment process. Other sources of information are used within the limits provided by law.
Stakeholder register:
Personal data concerning the data subject are generally collected from the data subject himself and from the public websites of the stakeholders.
6. Disclosures
The information may be disclosed in accordance with the requirements of the applicable legislation, as required by the competent authorities or other bodies.
The data may be transferred to the controller’s selective partners who process the data on behalf of the controller, on the basis of a cooperation agreement between the parties. In this case, the data processor does not have the right to process the transferred data on its own behalf, in its own personal registers.
7. Data transfer outside the EU or the EEA
As a general rule, data will not be transferred outside the territory of the Member States of the European Union or the European Economic Area unless necessary for the purposes of the processing of personal data or the technical implementation of the processing, in which case the transfer complies with the Data Protection Regulation.
8. Registry Security Basics
Hard copies:
Personal data in hard copy is stored in the registrar’s premises, which are locked and the property has access control. Printouts are handled only by those who need them for their work.
Electronically processed registers:
Access to the registers containing personal data shall be limited to those persons employed by the controller and other specified persons who need the data in the performance of their duties. The information is protected by passwords, firewalls and other generally accepted technical means.
9. Retention period of personal data
Personal data will only be kept for as long as it is needed for their stated purposes or for the fulfillment of legal obligations.
10. Rights of the data subject
The data subject has the right to check what information about him or her has been stored in the register.
The data subject also has the right to request the correction or deletion of incomplete, inaccurate or outdated data concerning him.
Contacts regarding the data subject’s rights must be made in person by visiting the address given in point 1. on-site during office hours and proving identity.
11. Cookies
Merius Oy uses cookies on the www.merius.fi website. With the help of the collected information, we develop the content and services of the www.merius.fi website. The information collected cannot be associated with an individual.
Cookies are small text files that a website sends to a user’s terminal. Cookies are a commonly used technology and are used on most websites.
Most web browsers automatically accept cookies. It is possible to deny the acceptance of cookies in the settings of the web browser.
We use cookies to collect the following information:
• whether the user has visited our site before
• through which the user has come to our site
• which pages of our site the user visits
• how long the user’s visit to our site will take
• which browser the user is using
