Privacy notice
This privacy notice describes how Habeo Group Oy (“we”, “the company” or “the data controller”) processes personal data. This privacy notice applies to Habeo Group Oy’s website and to the processing of the company’s customers’, potential customers’ and other stakeholders’ and job applicants’ personal data.
We process personal data in accordance with data protection legislation. Data protection legislation means the data protection legislation in force from time to time, such as the EU General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (5.12.2018/1050). Any data protection related terms that are not defined in this privacy notice will be construed in accordance with data protection legislation.
Please note that this privacy notice only applies to Habeo Group Oy. Each company within the Habeo Group is independently liable for informing the data subjects and carrying out the rights of the data subjects in accordance with its applicable privacy policies in force from time to time. More information on the processing of personal data by other companies within the Habeo Group is available on each company’s website. You can also request further information from the specific company. The contact information of our group companies is available on our website.
Data controller
Habeo Group Oy
Business ID: 3269025-3
E-mail: info@habeo.fi
Phone: +358 40 763 0506
Postal address: Habeo Group Oy c/o Epicenter Mikonkatu 9, 00100 Helsinki, Finland
Types of personal data that we process
Typically, we handle the following types of personal data:
- the person’s first name and last name, their role in the organisation and the name of the organisation
- contact details, such as e-mail address, phone number and postal address
- recruitment-related personal data, such as job application, CV, personal data of references, and other personal data collected in connection with the recruitment process, such as candidate assessments
- personal data collected through cookies, such as the IP address
Purposes of the processing of personal data and the legal basis for the processing
We process personal data to handle contacts and to communicate with you. With respect to this, the processing of personal data is based on the data controller’s or a third party’s legitimate interest to communicate and manage relationships with customers and stakeholders. Where applicable, the legal basis for the processing may also be the performance of a contract or the negotiations for a contract.
In addition, personal data may also be processed to organise events and in connection with marketing activities (including direct marketing) and market analyses. In this case, the processing of personal data is based on the data controller’s or a third party’s legitimate interest to engage in marketing.
The personal data of job applicants is processed for the purposes of the recruitment process, including any candidate assessments. In this case, the processing of personal data is based on the data controller’s legitimate interest.
Personal data may also be processed for compliance with legal obligations to which the data controller is subject, such as accounting and statutory reporting obligations. In this case, the processing of personal data is based on compliance with a legal obligation. Personal data may also be processed to the extent required for the resolution of disputes and taking part in trials or other judicial proceedings. In this case, the processing of personal data is based on compliance with a legal obligation or on legitimate interest, as applicable.
Personal data collected through cookies is processed primarily for the purposes of the technical maintenance of the company’s website, to ensure the functionality and security of the website and, with your consent, also to remember your preferences, track website visitors, improve the website and for marketing purposes. In this case, the processing of personal data is based on your consent, excluding the personal data collected through necessary cookies. In case of necessary cookies, the processing of personal data is based on compliance with a legal obligation and, as applicable, on a legitimate interest. Further information on the processing through cookies is provided below.
Storage period of personal data
We store your data for as long as it is justified for each purpose of use.
Personal data relating to marketing is processed for as long as we direct marketing to the data subject and the data subject has not notified that they object to the processing of personal data for direct marketing or, if direct marketing is based on consent, withdrawn their consent.
Personal data relating to recruiting will be stored for a maximum of two years from making the recruiting decision or processing the application.
By derogation from the main rules described above, personal data can be stored for the necessary time if the data is needed, for example, to comply with a statutory obligation or in relation to judicial proceedings.
We will provide more information on the storage periods of personal data and the criteria concerning the storage periods on request.
Regular sources of data
We collect your personal data, for example, when you use our website, contact us or send us a job application. In accordance with the requirements of law, personal data can also be collected from other sources, such as other group companies.
Regular disclosures of personal data and categories of recipients
We may use third parties in the processing of personal data and transfer personal data to such third parties. Such third parties include IT service providers, payment transaction service providers, accounting firms and collection and invoicing service providers as well as audit firms.
Personal data can be transferred and disclosed within the Habeo Group in accordance with the requirements of data protection legislation and the purposes of use described in this privacy notice.
If Habeo Group Oy or a company belonging to the same group participates in a business transaction, personal data can be disclosed to the parties participating in the business transaction. Personal data can be disclosed to authorities in situations required by law. Additionally, it may be necessary to disclose personal data if the company or its group company is a party to a trial or corresponding proceedings.
Personal data collected on the basis of cookies can be disclosed to third parties. More information on third parties that set cookies can be found in our cookie policy and cookie notification.
Transfers of personal data outside of the EEA
To achieve the purposes of use mentioned in this privacy notice, personal data can be transferred outside of the EEA in accordance with and within the limits of data protection legislation. For example, parties that provide IT services and technical solutions can transfer personal data collected on the basis of cookies outside of the EEA. Transfers of personal data are carried out in accordance with the requirements of the General Data Protection Regulation and in compliance with the adequacy decisions adopted by the European Commission or, if necessary, by using Standard Contractual Clauses approved by the European Commission as well as supplementary safeguards.
We will provide more information on the safeguards used in transfers of personal data on request.
Principles of the protection of personal data
We protect personal data appropriately by technical and organisational measures, including technical data security and access control. We also seek to ensure the functionality of our systems in case of any failure and the possibility to restore the data. We seek to secure the confidentiality of personal data, the availability and integrity of the data as well as the realisation of the data subjects’ rights.
Rights of the data subject
As a data subject you have all the rights guaranteed by data protection legislation. Please note that the specific application of the rights depends on the processing situation.
Right of access
In accordance with data protection legislation, data subjects have the right to receive confirmation of whether the data controller processes the data subject’s personal data and, if the data is processed, to receive access to the personal data as well as the right to receive information on the processing of personal data specified in data protection legislation. In addition, the data subject has the right to receive a copy of the personal data.
Right to request rectification
To the extent that the data subject can act themselves, the data subject must without undue delay after having been informed of an error or after detecting an error on their own initiative rectify, erase or supplement the data contained in the register if it is erroneous, unnecessary, incomplete or obsolete. To the extent that the data subject cannot rectify the data themselves, the data subject has, in accordance with the requirements of data protection legislation, the right to request rectification of erroneous or incomplete data concerning themselves.
Right to erasure (‘right to be forgotten’)
Data subjects have the right to request the erasure of their personal data in accordance with the requirements of data protection legislation.
Right to restriction of processing
In accordance with the requirements of data protection legislation, data subjects have the right to demand that the data controller limit the processing of their personal data, for example, when the data subject is waiting for the data controller’s response to a request to rectify or erase the data subject’s data.
Right of objection
In accordance with the requirements of data protection legislation, data subjects have the right to object to the processing of their personal data which is based on a legitimate interest. Data subjects must specify the particular situation forming the grounds for the objection when making the demand. The data controller can deny the request on the grounds provided by law.
Right to data portability
To the extent the data subject themselves has provided personal data that is processed based on the data subject’s consent or for the performance of a contract, the data subject has, in accordance with the requirements of data protection legislation, the right to obtain the personal data in a machine-readable format and to transfer it to another data controller.
Right to withdraw consent
If the personal data is processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying the data controller. Please note that withdrawing consent has no effect on the processing of personal data performed before the withdrawal.
Right to object to direct marketing and right to withdraw consent concerning electronic direct marketing
Data subjects always have the right to object to the processing of their personal data for direct marketing purposes and profiling related to direct marketing.
Data subjects have the right to opt out of direct marketing and withdraw their consent for electronic direct marketing.
Contacts
In case of questions relating to the processing of personal data and exercising of the data subject’s rights, please contact the data controller. The contact information can be found at the beginning of this privacy notice.
Right to lodge a complaint with a supervisory authority
We hope that you primarily contact us if you have questions relating to the processing of personal data. If the data subject is of the opinion that the data controller has not complied with data protection legislation, the data subject has the right to lodge a complaint with the competent supervisory authority. Contact information to the Finnish data protection authority can be found here.
Changes to the privacy notice
We can make changes to this privacy notice if the methods or purposes of the processing of personal data change. Changes to data protection legislation may also cause changes to the privacy notice. We recommend that you regularly review the contents of this privacy notice. The newest version is available on our website.
This privacy notice was published on 13 February 2023.
This privacy notice was last updated on 13 February 2023.
Cookie policy
This website uses cookies. In this cookie policy, we tell you what cookies are, for which purposes they are used and what types of cookies we use on our website.
Protecting the privacy of the users on our website is very important for us, and we seek to tell about the use of cookies and processing of data as openly as possible. In the use of cookies, we comply with legislation in force, such as the Act on Electronic Communications Services (7.11.2014/917) and applicable authority instructions.
What are cookies?
Cookies are small text files that the website places on your device or browser when you visit our website. Different types of cookies can be used for different purposes. Cookies may include a unique identifier that is read when you visit the website again. Please note that in this cookie policy cookies also refer to corresponding web tracking techniques and technologies.
Cookies may be used to collect, for example, the following information:
- IP address
- time of visit
- browser type and operating system
- visited pages and the time spent on them.
Cookies may also be used to collect personal data. You can find more information on the processing of personal data above.
What kind of cookies do we use?
On our website, we use two types of cookies and four categories of cookies, which are specified below. Cookies can also be divided into first-party and third-party cookies. First-party cookies are set by the website you visit. Third-party cookies are set by some third party (for example YouTube), i.e. some other operator than the owner or administrator of the website. You can find a more detailed description of each cookie we use (such as the cookie category and storage period) in the cookie notification on our website.
Cookie types
There are two types of cookies, session cookies and persistent cookies. Session cookies are only in force during your visit to the website. Persistent cookies last after you close your browser in accordance with the storage period specified for them. The storage period for each cookie is specified in our cookie notification.
Cookie categories
Necessary cookies
Necessary cookies are required for the functionality of basic functions on our website. Necessary cookies enable the functionality of the website. You do not have to accept necessary cookies and you cannot block them because necessary cookies are required so that our website and service function as planned. You can find more information on the necessary cookies we use in our cookie notification.
Preference cookies
Preference cookies enable the website to save information that changes the way the website behaves or looks, such as language preferences. Setting these cookies is based on your consent. You can find more information on the preference cookies we use in our cookie notification.
Statistical cookies
Statistical cookies collect statistics that help us understand how visitors use our website during their visit and how we can improve our website. These cookies may be first-party or third-party cookies. Setting these cookies is based on your consent. You can find more information on the statistical cookies we use in our cookie notification.
Marketing cookies
Marketing cookies make it possible to show essential and personalised content to the user. We may use marketing cookies, for example, for carrying out personalised marketing. These cookies may be first-party or third-party cookies. Setting these cookies is based on your consent. You can find more information on the marketing cookies we use in our cookie notification.
Changing cookie settings and refusing cookies
With respect to other than necessary cookies, the use of cookies is based on your consent that you give us in the cookie banner on our website. You can withdraw your consent or change its contents at any time by clicking the cookie notification menu at the bottom of our website.
We save your cookie preferences until further notice, unless you withdraw your consent or change its contents.
You can remove the cookies on your device by emptying the browsing history of your browser. You can also refuse cookies by changing your browser settings. Please note that refusing all cookies may prevent you from using some features or contents on our website.
Contacts
Please contact us if you have questions relating to the use of cookies or processing of personal data.
Contact information:
Habeo Group Oy
Business ID: 3269025-3
E-mail: info@habeo.fi
Phone: +358 40 763 0506
Postal address: Habeo Group Oy c/o Epicenter Mikonkatu 9, 00100 Helsinki, Finland
In addition, you can find more information on managing, refusing and removing cookies, for example, in your browser’s instructions. The links to the cookie management instructions of common browsers are provided below:
Changes to this cookie policy
We may update this cookie policy from time to time, for example, to correspond to changes in the cookies we use or for reasons relating to legislation or other regulation. We recommend that you regularly review this cookie policy. The newest version is available on our website.
This cookie policy was published on 13 February 2023.
This cookie policy was last updated on 13 February 2023.