BST Finland Oy privacy policy

Privacy Notice in accordance with the EU General Data Protection Regulation

1. Data Controller

BST Finland Oy
Business ID: 3274495-2
Address: Lounaisväylä 9, 28620 Rauma, Finland
Phone: +358 44 337 8812
Email: info@paloff.com

2. Person responsible for register matters

Name: Päivi Piispa c/o BST Finland Oy
Address: Lounaisväylä 9, 28620 Rauma

3. Names of the registers

BST Finland Oy’s

  • Employee Register
  • Customer Register
  • Supplier Register
  • Access Control Register

4. Purpose of processing personal data

Personal data is processed in order to fulfil obligations defined by law, contract, or an order issued by an authority.

Employee Register: The personal data of persons who have signed an employment contract is processed in order to fulfil the employer’s obligations as defined in the employment contract. The processing is based on the Employment Contracts Act (2001/55, especially Chapter 2).

Customer Register: Personal data is processed for the management of customer relationships and other relevant relationships, the provision of services, business development and planning, as well as marketing, distance selling, opinion and market research, and customer communications, which may also be carried out electronically and in a targeted manner.

Supplier Register: Personal data is processed for the management of customer relationships and other relevant relationships, the provision of services, business development and planning, as well as marketing.

Access Control Register: The obligation to provide employee information arises when construction work is carried out on a shared construction site. Construction and a shared construction site are concepts referred to in the Government Decree on the Safety of Construction Work (205/2009). As a rule, information is provided on all employees working on a shared construction site.

In addition, Section 15 b of the Act on Assessment Procedure (1558/1995) lays down provisions on the main contractor’s reporting obligations and the obligation of other companies operating on the site to provide information to the main contractor.

More detailed guidance on the reporting obligation can be found in the Finnish Tax Administration’s guidance under record number A83/200/2017, especially section 3.

5. Data content of the registers

The Employee Register contains the following basic employee information:

  • first and last names
  • employee number
  • Finnish personal identity code or date of birth
  • foreign personal identity number or date of birth
  • home address, telephone number, and email address
  • information related to the employment relationship
  • information concerning the nature of the employment or service relationship
  • information related to the person’s taxation
  • information related to statistics
  • competencies

The Customer Register may contain the following information on all data subjects:

  • first and last name
  • contact details, such as postal address, telephone number, and email address
  • start and end date and method of the customer relationship and/or other relevant relationship
  • direct marketing consents and prohibitions
  • Business ID for companies or personal identity code
  • information on the use of electronic services and content, such as newsletter subscriptions
  • information related to marketing and sales promotion, such as marketing measures targeted at the data subject and participation in them

In addition to the information listed above, the Customer Register may contain the following information on persons who have purchased a product and/or service:

  • customer number
  • Business ID or personal identity code
  • invoicing and collection information
  • contact persons, including name, telephone number, and email address
  • information related to the management, communication, and classification of the customer relationship and other relevant relationship, such as purchase and cancellation data for products and services, delivery information, feedback, complaints, and records of customer service events, such as calls, emails, and support messages

The Supplier Register may contain the following information on all data subjects:

  • first and last name
  • contact details, such as postal address, telephone number, and email address
  • title
  • company name and Business ID
  • personnel changes

The Access Control Register contains the following information on employees at the worksite:

  • first and last names
  • date of birth
  • tax number
  • login time
  • login location when logging in with a mobile device, subject to the employee’s permission

6. Regular sources of data

Employee Register

Customer Register
Personal data concerning the data subject is collected from the data subject themselves, from various services used by the data subject, and in connection with various marketing activities such as marketing lotteries, competitions, and events.

Personal data may also be collected and updated from partner registers and from authorities and companies providing personal data services.

Supplier Register
Personal data concerning the data subject is collected from the data subject themselves, from various services used by the data subject, and in connection with various marketing activities such as marketing lotteries, competitions, and events.

Access Control Register
Personal data concerning the data subject is collected from the data subject themselves in accordance with the access control application or other method determined by the main implementer.

7. Regular disclosure of data

Data may be disclosed as required by competent authorities or other parties, in accordance with applicable legislation.

Data may be disclosed to buyers in connection with corporate arrangements if BST Finland Oy sells or otherwise reorganizes its business.

Data may be transferred to selected partners of the controller who process data on behalf of the controller, based on a cooperation agreement between the parties. In such cases, the data processor has no right to process the transferred data on their own behalf in their own personal registers.

8. Transfer of data outside the EU or EEA

Data will not be transferred outside the territory of the European Union member states or the European Economic Area unless it is necessary for the purposes of personal data processing stated above or for the technical implementation of data processing, in which case the data transfer will comply with the requirements of the General Data Protection Regulation.

9. Protection of the register

A Manual material

Personal data is protected from unauthorized access and unlawful processing (e.g., destruction, alteration, or disclosure). Each processor may only process the personal data they require for their work tasks. Documents are stored in a locked space protected from outsiders. Documents are printed only when necessary and paper printouts are destroyed after use.

B Automatically processed data

Electronically processed data contained in the register is protected by firewalls, passwords, and other technical means generally accepted in the information security industry.
Only identified employees of the controller and companies acting on its behalf and for its account have access to the data contained in the register with access rights granted by the controller.

10. Implementation of data subject rights

The individual is informed about data collection when signing the employment contract.

The data subject has the right under the Personal Data Act to verify what data concerning them has been stored in the register.

At the request of the data subject, necessary corrections and additions will be made to personal data, or incorrect, unnecessary, incomplete, or outdated data will be removed in relation to the purpose of processing.

Data verification and updating is carried out by contacting the person responsible for register matters at BST Finland Oy.

BST Finland Oy retains personal data only for as long as necessary for their stated purposes or to fulfill statutory obligations.
When the personal data we collect is no longer needed, we destroy or delete it securely.

11. Amendment of the privacy statement

BST Finland Oy reserves the right to amend this privacy statement. Changes may also be based on changes in legislation.

We encourage you to read the statement regularly.

This privacy statement was last updated on June 6, 2023