Updated: 2.1.2024
TSR-ELSITE Oy stores and processes personal data in accordance with the requirements of the EU General Data Protection Regulation (GDPR). The content of this privacy policy may be updated by publishing a new version online. Therefore, we recommend that you review our privacy policy regularly.
Data Controller: TSR-ELSITE Oy
2135071-2
Orikedonkatu 17, 20380 Turku, Finland
Tel. +358 9 4555 588
Contact Person for Data Protection Matters: IT Manager, Data Protection Officer Jarno Salonen jarno.salonen@tsr-elsite.fi
TSR-ELSITE Oy is committed to complying with data protection laws and regulations and keeping your personal data secure. This privacy policy describes how TSR-ELSITE Oy collects, uses, stores, and protects your personal data when you use the services provided by TSR-ELSITE Oy. In this privacy policy, “you” refers to TSR-ELSITE Oy’s customers, whether potential or existing, as well as partners, employees, or other relevant parties such as beneficiaries or other responsible persons.
This privacy policy covers all registers containing personal data, which are processed under the data protection law. Personal data is processed within the customer relationship management register (customer register), marketing register generated through marketing activities within the customer register, supplier register for subcontractors, and personnel register (including the payroll sub-register), where employee-related matters such as payroll are managed.
Privacy Policy Sections:
- What personal data does TSR-ELSITE Oy collect about you and how is it used?
- Website and cookies
- Legal basis for maintaining the register
- Register descriptions and the right to access
- Sources of information
- Duration of personal data processing
- Personal data processors
- Disclosure and transfer of information
- Transfer of data outside the EU or EEA
- Register security
1. What personal data does TSR-ELSITE Oy collect about you and how is it used?
TSR-ELSITE Oy processes and registers personal data in compliance with data protection laws. Using TSR-ELSITE Oy’s online services requires registration as a service user. By registering as a user of the online service, the personal data provided by the user is stored in TSR-ELSITE Oy’s customer register. The collection of personal data is carried out with the user’s consent through various means, such as orders, requests for quotes, surveys, studies, competitions, visits to the website, and acceptance of cookies. TSR-ELSITE Oy does not collect or process sensitive personal data as defined by data protection laws. You may at any time prohibit the use and/or disclosure of your personal data by notifying TSR-ELSITE Oy’s Data Protection Officer at jarno.salonen@tsr-elsite.fi. Certain data, however, must be legally retained according to laws such as the Accounting Act. You can read more about the right to access your data in section 4, Register descriptions and the right to access.
We process personal data to manage customer relationships or other legitimate connections, analyze, and statistically assess the data, produce and develop services/products, and for marketing purposes. A legitimate connection might include customer identification in online services, providing personalized services, or processing related to the management of service actions.
Our operations are based on lawful business practices, and we also comply with EU legislation regarding the storage of personal data:
- The data we store is lawful, reasonable, and transparent in terms of processing. This means that you can access your data at any time. Section 4 provides details on the register descriptions and how you can practically check your data.
- The data has a purpose limitation – for example, the data we collect about individuals is tied to a specific purpose. We do not disclose your data to external parties unless there is a valid reason to do so. A valid reason could be, for instance, providing a subcontractor with mailing addresses for product delivery. The subcontractor is part of TSR-ELSITE Oy’s partner network, and we have agreements with these parties that include provisions for the destruction of registers or broader use of the register.
- We minimize the data we store – we only store the necessary information relevant to its use.
- We strive to keep our data accurate and update the register as frequently as possible and always upon customer request.
- We limit data retention – each data set has a defined lifecycle, after which it is either automatically or routinely deleted unless there is a legal reason to retain it.
- We store intact and reliable data, backed up, for example, through secure backup systems.
Content of the Customer and Marketing Registers
Our customer and marketing registers mainly contain the following data:
- First name
- Last name
- Title/Nickname (used in online services)
- Company name
- Contact details such as street address, postal code, city, country, phone number, email address
- Other textual information related to the customer relationship
- Information related to work orders
- Company creditworthiness information
- Billing information, such as billing terms and amounts
- Marketing consent or refusal
- Decision-maker information
- Classification related to customer relationship management
- Billing information
- Data collected via cookies
- Data collected from social media channels
Regarding the customer relationship, we store at least the minimum information, which typically includes the individual’s full name, company, and contact details such as email and phone number. Registers can also be updated from the Population Register, credit information registers, and other similar public and private registers.
We also maintain a supplier register of subcontractors and partners to ensure the smooth flow of cooperation.
Content of the Supplier Registers
Our supplier registers mainly contain the following data:
- First name
- Last name
- Title/Nickname (used in online services)
- Company name
- Contact details such as street address, postal code, city, country, phone number, email address
- Information related to work orders
- Billing information, such as billing terms and amounts
- Billing information
Additionally, employee personal data is processed in two separate registers, the personnel and payroll registers. Their data content is listed below.
Content of the Personnel and Payroll Registers
- First name
- Last name
- Personal identity code
- Address
- Tax number
- Bank account number
- Emergency contact (ICE)
Personnel register data is confidential company information, accessible only to a very limited and specifically designated staff.
When Interacting with Customer Service
Our customer service is available to you during business hours via email, phone, our website, Facebook page, or Chat service, where we may process the following personal data:
- First name
- Last name
- Contact details
- IP address
- Communication between you and our customer service
- Other possible information you provide during the interaction
2. Website and Cookies
To monitor the use of TSR-ELSITE Oy’s online services and to facilitate and speed up the use of the services, TSR-ELSITE Oy uses so-called cookies. A cookie is a short text file that a web server stores on the user’s hard drive. With cookies, we measure and monitor the use of online services to develop services in the web environment and ensure a good user experience in the future. Users can block cookies by modifying their browser settings. However, if the user decides to block cookies, they may not be able to fully utilize the online services offered by TSR-ELSITE Oy.
Use of Analytics in TSR-ELSITE Oy’s Online Services
TSR-ELSITE Oy uses the Google Analytics (GA) program on its website. The GA web analytics tool is used to analyze the use of the online service to improve usability and enhance services. The tool collects information such as which pages users visit, what type of content interests them, and what functions of the online service are used. The information collected via GA analytics is analyzed and utilized in the development and marketing of TSR-ELSITE Oy’s services. Users can prevent the collection of user data in the online service through the Google Analytics tool by installing a browser add-on available at https://tools.google.com/dlpage/gaoptout.
3. Legal Basis for Maintaining the Register
The retention of data in the register is based on either a contractual relationship with our company, the individual/company’s consent to the storage of data, or our company’s legitimate interest in collecting information for business purposes. We collect and store information based on customer relationships or business activities related to potential new customers. The collection of information on potential new customers is based on business activities, and we collect the information ourselves or with the help of carefully selected partners. These partners have their own agreements regarding the protection and use of personal data.
4. Register Descriptions and the Right to Access
The register descriptions, in accordance with data protection law, are available at TSR-ELSITE Oy’s customer service at Orikedonkatu 17, 20380 Turku. Users can exercise their right to access their personal data by submitting a written and signed request to the Data Protection Officer at TSR-ELSITE Oy, Address: TSR-ELSITE Oy, Data Protection Officer, Karvaamokuja 1, 00380 Helsinki. We will verify the identity of the requester using an official identification document to ensure that we review the correct person’s data. The actual report can be retrieved at a pre-arranged time from the same location upon presentation of the identification document
5. Sources of Information
TSR-ELSITE Oy uses a customer relationship management system for the customer register and several different dispatch and marketing platform systems to produce, execute, and track/analyze various marketing activities. In online services, multiple systems are utilized to enable the best possible customer experience and to develop/produce new services. The sources of information are disclosed on the website under section 4, systems related to cookie information. Additionally, in business operations, such as acquiring new customers, we may use names gathered from media sources for business contact purposes.
Access to different registers is granted only to those TSR-ELSITE Oy employees whose roles relate to the specific register. Access rights are restricted/allowed based on the content of user credentials.
6. Duration of Personal Data Processing
Personal data is generally processed as long as the customer relationship is valid and/or until the customer terminates the relationship. Furthermore, internal destruction policies have been established for customer relationship management and for mailing lists or similar records generated from different work phases, depending on the data being retained and its use, as well as the specific needs of TSR-ELSITE Oy’s customers. Data is retained only as long as it is necessary. Additionally, individuals can unsubscribe from our marketing register by clicking a link provided in each marketing email we send.
Personal data related to recruitment, employment contracts, work schedules, annual leave records, absence records, payroll documents, health information, annual reports, and personnel matters are retained as legally required.
7. Personal Data Processors
The data controller and its employees process personal data. We may also outsource the processing of personal data to a third party, in which case we ensure through contractual arrangements that personal data is processed in compliance with applicable data protection legislation and appropriately in all other respects.
8. Disclosure and Transfer of Data
Data may be disclosed at the discretion of the data controller within the limits permitted and required by current legislation to our partners, unless the data subject has prohibited the disclosure of data. Disclosure of data to partners occurs only for purposes that support the operational intent of the register.
We disclose personal data to other parties in a limited manner—this practically means the following:
- We provide mailing lists and other essential information related to orders and/or deliveries as part of fulfilling customer orders.
- In collaborative development work and system development with partners, customer data may be combined and shared between parties as necessary to ensure customer communication.
9. Transfer of Data Outside the EU or EEA
Data is not regularly transferred to parties operating outside the European Union or European Economic Area. Data is transferred in a limited manner to services that operate outside the European Union or European Economic Area. The transfer of data complies with the requirements of data protection legislation, and we share data with these services following the principles of data minimization and risk reduction.
10. Register Security
TSR-ELSITE Oy uses necessary technical and organizational security measures to protect personal data from unauthorized access, disclosure, destruction, or other unlawful processing. These measures include, among others, the use of firewalls, encryption technologies, secure facilities, appropriate access control, managed access rights assignments and monitoring, encryption techniques, instructions for personnel involved in personal data processing, and careful selection of subcontractors. Manually maintained materials are stored in facilities where unauthorized access is prevented. Only designated employees of the data controller and companies acting on behalf of and commissioned by the data controller have access to the data in the register. Logs are kept of all personal data processing activities, allowing us to verify when and by whom personal data has been processed. TSR-ELSITE Oy’s IT systems are managed by TSR-ELSITE Oy’s IT administration. The IT systems are protected both physically and programmatically. Administrator credentials are limited to authorized personnel only, and roles and access rights are assigned accordingly. Only authorized personnel have access to system facilities. All critical business systems are backed up daily and/or through continuous backup. Physical devices are duplicated where possible. Servers and services can be restarted in an identical environment immediately or with a short delay if necessary. Key devices are connected to an Uninterruptible Power Supply (UPS), ensuring uninterrupted power supply.