Rolan Oy’s privacy statement

Updated 1 August 2020


 

Description

In pursuit of its operations, Rolan Oy (hereinafter the ‘Company’) collects personal data from its customers, contracting partners, job candidates and staff. This public privacy statement focuses on customer, job candidate and contracting party data and its processing. A description of the staff’s personal data and its processing is given in an internal document, “Rolan Oy – Staff Privacy Statement”.

Purpose of personal data processing

Data is collected on the Company’s private and corporate customers and their vehicles for the following purposes:

  • Targeting and provision of services
  • Use and invoicing of services
  • Managing the relationship and providing customer service
  • Communicating about the Company’s operations and services
  • Sales and marketing to customers
  • Taking care of daily business and duties

During recruitment, data is collected on job candidates for the following purposes:

  • Identifying the job candidate in person
  • Data on the person’s competence, experience level and suitability for the position 
  • Managing the recruitment process and communicating on its progress
  • Taking care of daily business and duties

Data is collected on the Company’s contracting partners for the following purposes:

  • Targeting and provision of contracts and services
  • Invoicing and payments based on contracts
  • Managing the contracting partnership and cooperation
  • Communicating about the Company’s operations and services
  • Taking care of daily business and duties

In our service locations, as part of our service and security solutions, we use recording camera surveillance for the following purposes:

  • Protection of customers’ and staff’s property and Company property and business operations
  • Prevention of abuse and crimes and helping to clear up any cases of abuse and false alarms, to identify people moving within the premises in any crime investigations.
  • Data can be used as part of service provision and technical support during installation and maintenance work.
  • All persons moving within areas covered by surveillance cameras will be recorded by them. The premises have signs indicating such areas.

Contents of register

Data collected on consumers:

  • Person’s name, personal identity code, address, email address and telephone number
  • Vehicle make, model and registration number
  • Image and voice recordings based on recording camera surveillance during visits to the Company premises 
  • Vehicle’s maintenance and inspection history
  • Payment card data
  • Invoicing data
  • Data history of customer relationship: data is collected when taking orders and meeting customers.

Data collected on job candidate:

  • Person’s name, personal identity code, address, email address and telephone number
  • Data provided by job candidate during recruiting process
  • Image and voice recordings based on camera surveillance during visits to the Company premises 
  • Data history is building during the recruitment process from received data during interviews and from email communication and given documents.

Data collected on corporate customers:

  • Company name, business ID and contact details
  • Contact person’s name, role, email address and telephone number
  • Vehicle make, model and registration number
  • Image and voice recordings based on camera surveillance during visits to the Company premises
  • Vehicle’s maintenance and inspection history
  • Payment card data
  • Invoicing data

Data history from customer relationship: offers, orders, contracts and similar communication. The data is formed as the customer account is being created, during the sales process. Part of the data is created as the customer relationship continues.

Data collected on contracting partner (e.g. subcontractors, and service providers and product suppliers)

  • Company name, business ID and contact details
  • Contact person’s name, role, email address and telephone number
  • Data recorded in the contract
  • Invoicing and payment data
  • Image and voice recordings based on camera surveillance during visits to the Company premises 

Data history from contracting partnership: offers, orders, contracts and similar communication. The data is formed during the course of the contracting partnership, at different stages of the process. Some of the data is created as the contract period continues.

Data collection and processing

Data collection channels may consist of service registration data, websites, telephone, email, contact forms (electronic and paper), contracts, orders, remote and face-to-face meetings, visits to the Company premises.

The Company staff process data as part of their duties when providing services and for management purposes, in compliance with the privacy statement??, laws and the Company’s internal instructions.

We also use subcontractors who process personal data for us in compliance with this privacy policy. Through contractual arrangements with these companies, we guarantee that personal data will be processed in compliance with the laws. Our subcontractors are responsible for, among other things, the development of and consultation on digital services, implementation of various financial management processes, implementation of various payroll management processes, data storage and technical infrastructure management, management of payments, analytics and data management, and marketing and advertising services.

Basis for data processing: legitimate interest 

Such data is necessary in order to provide a service, run the business, secure the staff, property or business, and to fulfil regulatory requirements.

Data archiving and storage

We process personal data only for as long as the applicable laws require or processing is legitimate for some other reason. The length of time for which we store personal data depends on the data category in question and the purpose of storage. Personal data is stored for as long as is necessary in terms of its processing purpose, such as to fulfil the provisions of the Accounting Act or a contractual obligation. Data is stored, in accordance with Company and regulatory guidelines and legislation, in a secure environment, ensuring proper data security. Access to data is restricted to those who need it for their work. We regularly review the need for stored data and will remove all data that is no longer required for the purposes detailed in this privacy policy.

Digital services

The Company’s browser-based web services use cookies to monitor use of the service. Cookies help us to save and assess data about recent visits to our web pages and movement between different parts of the site. This is analysed to gain an understanding of how our services and website are used and to make them more intuitive. Visitors to the websites can prevent the use of cookies, by changing their browser settings. The Company’s digital services collect data for the Company’s registers and for solutions that provide digital services. Our digital services are based on solutions and systems that are common on the market, such as Cuuma, WP-forms, Vimeo, Google Analytics, Google ADs, Facebook, Netvisor, VikaFöli, Freebike, Bikeep, Arlo, Verisure, Microsoft Teams and Microsoft 365. All of our system suppliers and subcontractors have their own privacy statements??, conforming with EU regulations, and data security practices based on best practices. We regularly check the processing models and instructions for stored data, and select the most suitable ones for our business at the time. As a result, our system suppliers and subcontractors may vary, and the above list is not comprehensive. Requests for additional information regarding our digital solutions and services should be sent to the Company’s CEO in writing, by email for example.

Data disclosure and transfer

The Company will not disclose personal data to third parties without a specific reason related to service production, safety assurance, contract or legislation. We may disclose necessary personal data to our subcontractors, as part of our product and service delivery. As our products and services and their implementation rely on expertise provided by other companies and resources, part of data processing may be carried out by our subcontractors, such as one of the parties referred to under the section “Digital services”. We may disclose invoices to companies that provide collection services. If we sell, buy or otherwise reorganise our business, the user’s personal data may be disclosed to the buyers and their advisors. 

We comply with applicable Finnish and EU legal requirements that provide sufficient guarantees for the transfer of personal data to a country other than the country of residence. If we transfer data outside the EEA, we will use contractual protection, such as European Commission agreements and standard contractual clauses, when transferring personal data to third parties. Data will not be disclosed to domestic or international organisations.

Right to data protection requests

The Company’s customers and contracting partners have the right, as provided by the General Data Protection Regulation, to make data protection requests, and to request that data be corrected or deleted or its processing restricted, and to cancel their consent for personal data processing. Data protection requests should be addressed to the Company’s CEO in writing, such as by email. Customers making a data protection request must be able to prove their identity unambiguously. The Company will answer data protection requests within 30 days.

Any data protection requests regarding staff will be processed in accordance with the Company’s internal instructions. For additional information, please contact the CEO.

Kimmo Hanhinen
CEO
firstname.lastname@rolan.fi 
+358 40 596 1400

Updates to the privacy statement

We develop our services continuously and reserve the right to change this privacy statement. Any changes may also be based on legislative amendments.
We recommend that you view the privacy statement regularly.

Valid from 1 May 2018, updated on 1 August 2020.