Cookie settings
Privacy Policy, Human Resources
- Registrar
Registrar: Ab Närpes Trä & Metall - Oy Närpiön Puu ja Metalli
Business identity code: 0181335-3
Address: Kristinestadsvägen 417, PB 68, 64201 NÄRPES
Phone: 0201-236 200
E-mail: privacy@ntm.fi
Contact person: Kurt-Erik Nordin - Registers name
Ab Närpes Trä & Metall:s personal register. - The use of and grounds for personal data
The HR register has been created to fulfil the obligations the Registrar has as an employer, as well as for creating new employments and recruitments.
The register is used and is necessary e.g. for salary payments and other payments of remuneration. The data in the HR register is furthermore used in other processes and systems concerning the personnel administration. The data will be used for e.g. planning, maintenance, for follow-up and for compiling statistics regarding personnel, salary and employment. The data will also be used to administer legislative and voluntarily tasks for employers, including working time management and possible allocation of tasks.
The registered are persons who have an objective relationship with the Registrar, either as employees, former employees, job applicants or as trustees for the board of directors. Only data which are necessary for managing tasks regarding the employment can be stored in the HR register. The Registrar uses the data in the register concerning employees or trustees to manage tasks which belong to the Registrar according to applicable law, collective agreements or specific decisions or provisions. The register is also used for recruiting employees, for supporting the internal mobility of the personnel, as a tool for the employees, as a tool for leading the personnel and for the administration of travelling costs.
The primary ground for handling personal data are obligations set out in applicable laws and regulations for the Registrar, legitimate interests of the Registrar and rights and obligations caused by employment agreements and second, the consent of the registered. The use of a HR register is based on i.a. the employment contracts act, those collective agreements which obliges the Registrar and additional legislation concerning labor law and HR related matters. - The information content and groups of personal data of the register
The following information concerning the personnel of the Registrar and potential personnel of the Registrar can be stored in the register:
- Basic information (i.a. name, date of birth, social security number, contact details)
- Information regarding the employment
- Information regarding payment (account number, salary indicators, membership in labor union)
- Information regarding payment of salary and commissions
- Information from performance reviews
- Information regarding training
- Information regarding work time follow-up
- Information regarding travelling
- Tax deduction card
- Information regarding sick leave or other absence
- Username and password
- Information regarding qualifications
- E-mail address
When recruiting, data regarding the applicant’s name, address details, date of birth, qualification, CV and additional information will be collected through an electronic applicant form.
- The regular information sources of the register
The data is normally collected from the registered himself, as well as from tax authorities and other authorities, superior officers and/or insurance companies. Data is also collected when sending a job application or when participating in events.
The data can also be updated by using the Registrar’s other registers and from authorities and other enterprises to the extent allowed by applicable legislation. - Storage of personal data
The Registrar stores personal data only as long as is necessary for achieving the purposes defined in this register description acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data might have to be stored longer than the time period mentioned above. The storage time of the data will be defined according to applicable law, but with the following outset:
- Employment agreements and distance employment agreements, 10 years
- Notice of absence, 2 years
- Documents regarding establishment of vacation, 5 years
- Notice of vacation, saved vacation or additional holiday pay vacation, 2 years
- Agreement regarding change of additional holiday pay, 5 years
- Decision/certification regarding termination of employment, 10 years
- Job certificates including appendices, 10 years
- Mandate regarding labor union fee, entire validity time
- Presentation of labor union fees, 10 years
- Documentation regarding payment of salary, commissions and other additional payments, 10 years
- Reports regarding access controls or work time follow-up, entire validity of employment
- Notes from the performance review, 2 years
- Cautions and reprimands, 5 years after such caution or reprimand took place
- Job description, 10 years after termination/expiry of the employment
Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the registered has reported it and the data will be updated when the registered reports an update to the registrar.
- Transfer of personal data
The Registrar can use subcontractors and service providers to: maintain occupational health service and check-ups, mandatory insurances, tax authorities, construction site notifications and trade unions. Your personal data can be transferred to the subcontractors and service providers of the Registrar insofar they participate in the enforcement of the purposes which are defined in this privacy policy.
Such third parties cannot use your data to any other purposes than the ones defined in this privacy policy and to the purposes which have been defined by the Registrar. Registrar obliges third parties to keep your information confidential and to keep their data protection at a level high enough to protect your personal data.
Information will not be transferred outside EU or outside the European Economic Area.Your personal data can be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law. - The rights of the registered
Right to access
The registered has the right to control the data which is being stored about the registered in the personnel register of Registrar. The right of access can be denied on the grounds prescribed in the applicable legislation. As a starting point, the right of access is free of charge.
Right to oppose and limit
The registered has the right to oppose the handling of data that concerns the registered if the registered considers that the Registrar has handled the data illegally or that the Registrar does not have the right to handle data concerning the registered.The right to oppose does not apply to the extent handling of the data is necessary for the Registrar to fulfil its legal obligations or necessary on another legal ground.
Right to eliminate
The registered has the right to have wrongful data corrected or imperfect data complemented. The registered also has the right to demand data which concerns the registered to be deleted from the personnel register of the Registrar.The right to eliminate does not apply to the extent handling and storing of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.
Right to transfer
Insofar the registered self has delivered data to the personnel register of the Registrar, and this data is handled on the basis of the consent of the registered or an assignment, the registered has the right to get this data in mainly electronic form and the right to transfer this data to another registrar.
Prohibition against direct marketing
The registered has the right to prohibit that his or her data is used for direct marketing purposes.
Right of appeal
The registered has the right to appeal to the competent regulatory authority in case the Registrar has not complied with the applicable regulation of data protection
Other rights
If data is handled on the basis of the consent of the registered, the registered has the right to cancel the consent by informing the Registrar about this in accordance with section eleven in this privacy policy - Contact
The registered shall send a request regarding the registered’s rights by post to the address mentioned in section one.
The Registrar may ask the registered to specify the request and to prove the registered’s identity before the enquiry is handled. The Registrar can refuse to fulfil the request on grounds specified in the applicable legislation.
The Registrar will answer the request within one (1) month from the date when the request was made. - Automatic decision making and profiling
The data in the register is neither used for automatic decision making nor for profiling. - Principles for protecting the register
Protecting registered data is important for the Registrar. Manual material is stored in a locked space and can be reached only by people who are entitled to the information. Data concerning the health of the employees and sensitive data are stored separately from other personal data.
The data is stored in electronic systems, which are protected by firewalls, passwords and other technical solutions. Only the staff of the Registrar and other defined persons who need the data for the purposes of performing their assignments have access to the register. Everyone using the register is bound by confidentiality. - Changes in the Privacy Policy
The Registrar is constantly developing its business and therefore reserves the right to make changes to this Privacy Policy by informing about this on its intranet site. Changes may also need to be made due to changes in the applicable legislation. The Registrar recommends the registered individuals to familiarize themselves with the Privacy Policy on a regular basis.
The Privacy Policy is updated 25.5.2018