Tietosuojaseloste

Privacy statement

According to the data protection regulation, the controller has an obligation to clearly inform the data subjects. This statement fulfills the information obligation.

1. The controller

Fidebon Oy (3385678–8)

Contact information:
Eteläesplanadi 2
00130 Helsinki

Contact information in matters concerning the register

Fidebon Oy
Eteläesplanadi 2
00130 Helsinki
info@fidebon.fi

2. Registered

The register contains personal information of potential, current and former private customers and contact persons of customer organizations and counterparties. The register contains the information of individuals and their family members to the extent that information is needed for residence permit counseling/other counseling and customer assistance, as well as to ensure ethical recruitment. The register can contain also information of job seekers appylying to work at Fidebon Oy.

3. Purpose of use of personal data

Basis for keeping the register:

personal data is processed based on the registered customer relationship
personal data is processed based on consent
the legal obligation of the controller
legitimate interest of the data controller.

Purpose of personal data processing and register

Personal data is only processed for predefined purposes, which are as follows:

responding to requests for quotations
customer relationship management, such as the correct and up-to-date management of registered customers' personal data during the customer period, investigation of obstacles, prevention of money laundering, maintenance and development of the customer register and handling of complaints
for service production and development and quality assurance
for risk management and prevention of abuses
for customer service
for marketing
for recruitment
to fulfill statutory obligations.

4. Personal data to be stored in the register

The customer register contains the following information for customers:

name
address
email
phone number
personal ID
billing information
information about insurance or legal aid
other information related to the customer relationship (including information from other parties related to the assignment).

If necessary, the following information is also stored in the register if individual customer orders for himself or the business customer orders for his employee and/or his family members consulting or legal advice related to residence permits or settling in Finland. The customer is asked only the information that is necessary to implement appropriate and high-quality advice. The information is necessary, for example, if the customer wants to be assisted in evaluating and/or applying for a suitable residence permit.

citizenship
date of birth
place of birth
gender
profession
educational background
relationship status/marital information/other family information
income and wealth information
information about work (such as an employment contract)
information related to immigration
mother tongue
insurance information
other possible required sensitive information.

A corporate customer who orders international recruitment consulting and/or legal advice, as a result of which the company hires an employee from Finland or abroad, must provide the basic contact information of the employee to be hired and a copy of the employment contract to Fidebon Oy.

The purpose of collecting information is that Fidebon Oy ensures the legality of the employment conditions of the recruited employees and informs the employees about their rights when working in Finland. In this way, Fidebon Oy ensures that its client companies operate responsibly and in accordance with ethical recruitment practices. Fidebon Oy offers its services only to companies that commit to being responsible with regard to the use of foreign labor.

Customer information

information about purchased services
contracts
client communications related to assignments (such as emails).

5. Processing of personal data related to the use of websites

No personal information is collected from the users of the website of the registrar, from which an individual user could be identified. Only statistical general information can be gathered about the use of the website .

A customer or potential customer can contact us via the contact form on the website. Messages sent through the form require leaving your name and contact information. Personal data is archived in the website service provider's database. The contact form will be removed from the archive after two months at the latest, if the contact has not led to a customer or the same information can be found in other customer communications (such as e-mail conversations with the customer).

6. Rights of the registrant

The registrant has the following rights, requests for the use of which should be made to the address info@fidebon.fi

Right of inspection

The registered person can check the personal data we have stored.

The right to correct information

The registered person can ask to correct incorrect or incomplete information about him.

Right to object

The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.

Ban on direct marketing

The registrant has the right to prohibit the use of data for direct marketing.

Deletion right

The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.

Withdrawal of consent

If the processing of personal data concerning the data subject is based only on consent, and not e.g. customership or membership, the data subject can withdraw consent.

The registered person can appeal the decision to the data protection commissioner

The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.

Right of appeal

The registered person has the right to file a complaint with the data protection commissioner if he feels that we violate the current data protection legislation when processing personal data.

Contact information of the data protection officer: www.tietosuoja.fi/fi/index/yhttstietiet.html

7. Regular sources of information

Customer information is received regularly:

from the customer himself upon the creation of the customer relationship and during it
from the customer himself via an online form
from the customer's employee to be recruited to Finland
from a family member of the client's employee, with his consent
from public and private records or sources
from the party providing identification, verification, address, update, credit information or other similar service.

8. Duration of processing

we keep personal data in the customer register for 10 years after the end of the customer relationship between the registered person and the controller.
the end of the customer relationship is determined from the data subject's last service contact or contact
some of the data may have to be stored longer than this due to legal reasons
the personal data of those involved in the recruitment process is processed during the recruitment process, after which the personal data is stored for two years.

9. Personal data processors

The customer register is processed by Fidebon Oy's employees and temporary workers or subcontractors whose job duties include providing Fidebon Oy's services. Access to personal data in the customer register is only available to persons who necessarily need personal data to perform work tasks.

When we partially outsource the processing of personal data to a third party, we guarantee through contractual arrangements that the personal data is processed in accordance with valid data protection legislation and otherwise appropriately.

10. Personal data processors, regular transfers of data and transfer of data outside the EU

We do not hand over information to external parties, unless legislation or an authority or an agreement between Fidebon Oy and the customer obliges us to do so.

We use international cloud services for processing personal data, in connection with which in some cases personal data is transferred outside the EU/EEA. When service providers transfer personal data outside the EU and EEA, we ensure an adequate level of personal data protection by ensuring that the service provider processes data in accordance with the EU GDPR regulation. In practice, this means that we ensure that the service provider meets either the adequacy decisions of the European Commission or standard contract clauses approved by the Commission are used.

List of service providers which store or process personal data on our behalf:

Wix.com– Wix.com is a website service provider. If the customer wishes, he can leave a contact request on our website. The contact request asks for the customer's contact information (name, email address, phonenumber). The form is saved in the service provider's cloud service, where data is stored. This is necessary so that we can offer an easy and flexible contact form functionality on our website. Wix's servers are located in different parts of the world. Wix complies with the EU data protection regulation.

After sending the contact form, we contact the potential customer and continue the conversation by phone/email. When ordering the service, the contact information is checked by email, after which the contact form is deleted from Wix. If the contact does not lead to an order, the contact form will be removed from Wix's website within two months at the latest.

Customer management system - The service provider we use stores data in a cloud service. The servers are located in the United States. The service provider is committed to the EU US Framework, which guarantees information security.

Accounting office - The accounting firm we use collects users' personal data. This is necessary so that we can send, for example, invoices to customers. The personal data collected through the service is stored and processed in the EU/EEA area or in such third countries which, in the opinion of the European Commission, have an adequate level of protection, or which are processed by such service providers who have entered into agreements fully complying with the legality of transfers to third countries or other service providers who have sufficient guarantees to protect the registered rights of the transferred data.

Customer information – The service provider we use processes personal data in order to manage service access rights and the use of services or to determine that a person is responsible for ESG functions in the company. The service provider also processes personal data to market its services and for customer communication.

The service provider transfers your personal data to third parties outside the EU/EEA area. In some situations, the service provider may hand over your personal data outside the EU/EEA area, for example to the service providers they use. In these situations, the service provider ensures that your personal data is adequately protected. If necessary, the service provider uses standard contract clauses and other tools to protect personal data in its contracts.

Facebook – Facebook is an online community service where Fidebon Oy has its own account, which we can use for marketing and increasing visibility. We can publish updates and comment on our own or others' publications. We do not approach customers on our own initiative with personal messages on Facebook, unless the customer has expressed an interest in being contacted. If the customer approaches us, we will primarily direct them to contact by phone or e-mail. Messages sent by customers will be deleted within two months.

Facebook processes data on servers located in both the EU and the US, so the Facebook administrator Meta may process your data outside the EU. Please note this if you like, share or comment on our profile, page, any of our activities on Facebook or approach Fidebon Oy there.

Information controlled by Meta Platforms Ireland Limited is transferred or transmitted to or stored or processed in the following locations: 1) locations where it has infrastructure or data centers, such as the United States, Ireland, Denmark and Sweden; 2) countries where Meta company's products are available; 3) other countries outside your country of residence where its partners, suppliers, service providers and other third parties are located. The service provider is committed to the EU US Framework, which guarantees information security.

Teams- We use Microsoft's Teams platform for meeting technology. Teams is part of Microsoft's cloud service package. Through Microsoft and its subcontractors, information related to your participation in the meeting (your name, IP address, etc.) and the information discussed in the meeting can also be transferred outside the EU/EEA area. Recording of trainings is always agreed separately with Fidebon Oy's customer.

You can ask for more detailed information about our available services by email. You can familiarize yourself with the privacy statements of our service providers (which may change or be updated at regular intervals) on their websites.

11. Register protection principles

We keep our customers' personal data and other customer data strictly confidential. The use of personal data is based only on the purposes of use defined in the registration statement and otherwise as permitted and required by agreements and legislation. We pay attention to the up-to-dateness of personal data and customer data and protect customer data as well as possible. We use various organizational and technical protection measures to ensure the safety of personal data processing. For information technology protection, we use, for example, a firewall, encryption technologies, backups and the use of secure device modes. We familiarize our personnel with security measures and protection of data.

12. Automatic decision-making and profiling

We do not use the data for automatic decision-making or profiling.

13. Changes to the privacy statement

This privacy statement can be specified or updated, for example, when the legislation or our practices change. This statement was last updated on January 1, 2024.