This is Turun Seudun Vesi Oy’s privacy notice in accordance with the General Data Protection Regulation (GDPR) of the EU. Drawn up on 20 February 2024. Last amended on 20 July 2024.
1. Name of register
The Personnel, Stakeholder, Communications and Cooperation Register of Turun Seudun Vesi Oy
2. Controller
Turun Seudun Vesi Oy
Business ID: 0141915-3
Maariankatu 1, FI-20100 Turku, Finland
turunseudunvesi@turunseudunvesi.fi
3. Contact persons for the register
Aki Artimo, CEO
Tapio Lumme, Network Manager
Email: firstname.lastname@turunseudunvesi.fi
4. Content of personal data, purpose and legal basis of processing
Personnel’s personal data content in the register
The personal data content of Turun Seudun Vesi Oy’s personnel comprises the company’s employees and board members. The register contains personal data of the company’s current and, within the specified storage periods, former permanent and non-permanent employees, board members, seasonal workers and trainees as well as students working on their final project. The personal data is processed in order to ensure the security and quality of salary and bonus payments, financial administration management and service production.
Stakeholders’ personal data content in the register
The personal data content of Turun Seudun Vesi Oy’s stakeholders comprises the contact persons of the company’s other stakeholders. The register contains personal data of the company’s current and, within the specified storage periods, former contact persons with whom the controller has established a stakeholder relationship or some other business connection. The register contains personal data related to stakeholder relationships and contact details. The personal data is processed in order to ensure the security and quality of communication between stakeholders and the controller as well as service production-related communication.
Communications data content in the register
The company’s communications data content comprises the company’s contact persons as well as representatives of the media. The register contains the contact information of communications and PR-related contact persons. The personal data is processed in order to ensure the security and quality of the communication between communications and PR contact persons and the controller as well as service production-related communication.
Partner companies’ personal data content in the register
The personal data content of Turun Seudun Vesi Oy’s partner companies comprises the employees of its partners and partner companies or corporations and, to a justifiable degree, former employees and contact persons with whom the controller has established a contractual, cooperation or partner relationship or some other business connection. The register contains personal data related to the work performances or contact information linked to services provided by partner companies. The personal data is processed in order to ensure the security and quality of maintenance, construction contracting or other service production as well as the related communication.
Purpose of processing
The personal data is collected, processed and used for the personal requirements of Turun Seudun Vesi Oy. The personal data may be used to implement and develop the service production in accordance with agreements, laws and licences as well as enable the measures related to the management of orders, procurement, purchase and sale transactions, registrations, calls, communication, other services, communications, PR, informing and reporting.
In addition, the personal data may be used for the management or development of customer or stakeholder relationships. Processing may also take place in order to remit or collect payments, bonuses or compensation, compile statistics or conduct questionnaires or surveys. The legal basis of processing is the need to execute a contract or realise business-related legitimate interests.
Personal data processing may also be based on consent granted for one or several purposes. The processing is necessary in order to implement the legitimate interests of the controller or a third party, except where interests or basic rights necessitating personal data protection supersede such legitimate interests.
In order to be able to meet the contractual, legal or licensing obligations based on its operations, the controller must be allowed to process personal data. Without the necessary personal data, Turun Seudun Vesi Oy will not be able to provide its partners with the contractual high-quality water production and distribution or further develop the service.
5. Personal data storage period
Personal data is stored for as long as the quoted basis for processing personal data remains valid and for a reasonable subsequent period of time, taking into account obligatory legislation, such as accounting legislation. At the minimum, the data is processed for a period of time corresponding with the validity of an employment, membership, stakeholder or other similar relationship, cooperation agreement or other agreement.
6. Regular sources of information
The data stored in the register is obtained from the data subject via email, phone, agreements, stakeholder meetings or other situations where the data subject discloses their personal data.
The contact information of companies and other organisations may also be collected from public sources, such as the Finnish Tax Administration, the authorities, public registers or personal data directories, websites, index services or other companies.
7. Regular disclosure of data or transfer of data outside the EU or EEA
At the controller’s discretion, data may be disclosed to partners within the limits permitted or obligated by established legislation, unless the data subject has forbidden the disclosure of data. Data will only be disclosed to partners for purposes of use that promote the mission statement of personal data processing. Attendant lists or contact information may be shared at events organised by the controller.
As a rule, personal data is not transferred outside the EU or EEA. However, should the transfer occur, the controller shall ensure a sufficient level of personal data security, for instance, by making agreements regarding the confidentiality and legal processing of personal data.
8. Principles of securing the register
The register is processed with due care, and the data processed using information systems is appropriately protected. Where the registered data is stored on web servers, appropriate measures are taken to ensure the physical and digital security of the related hardware. The register can only be accessed by persons who need to process the data for work reasons. The stored data as well as the server permissions and other information critical for the security of the personal data are processed confidentially and solely by the employees whose job description it entails.
9. Rights of data subjects
In accordance with the applicable data protection legislation and subject to the statutory preconditions, data subjects have the right:
- To be notified of the processing of personal data
- Verify which personal data of the data subject has been stored in the register
- Request erroneous or incomplete data to be rectified
- Request the restriction of processing or the erasure of their personal data
- Object to the processing of their personal data
- Refuse the use of their personal data for direct marketing
If the data subject wishes to review their stored personal data or request the rectification of their data, the request must be submitted to the controller’s contact person using the contact information above in writing and signed by the data subject. If necessary, the controller may request the data subject to prove their identity. The controller will respond to the data subject within the time period in accordance with the GDPR.
If the data subject feels that the processing of their personal data was inappropriate, they have the right to consult the Data Protection Ombudsman. You can find the Data Protection Ombudsman’s contact information on the website of the Office of the Data Protection Ombudsman at https://tietosuoja.fi/en/home.
10. Cookies
Turun Seudun Vesi Oy uses cookies on its website. More information on the use of cookies: https://turunseudunvesi.fi/en/cookie-policy/
11. Contact us
Any requests regarding the above-mentioned rights, questions pertaining to this Privacy Notice or other requests should be issued in writing to the contact persons listed in section 3.