Menu
Search

Privacy policy

1. Registrar

Codento Oy
ID 1965324-7
Annankatu 34
00100 Helsinki
Phone: +358 40 522 7665
email: tietosuoja@codento.com
Contact person for data protection matters: Antti Pohjolainen

2. Purposes of personal data processing

The purpose of the processing is to manage the customer relationship, implement services, recruiting, research activities, marketing, and implement the rights and obligations of the registered and data controller.

3. Legal basis for processing personal data

The legal bases for processing personal data are statutory obligations, contracts, consent and the controller’s legitimate interest.

The legitimate interest of the data controller is the basis for processing when there is a valid connection between the data subject and the data controller. Such an actual connection is formed, for example, when the data subject contacts the data controller on his own initiative or when the data controller processes the personal data of the data subject in connection with the activity between the registered employer and the data controller.

In addition, based on a legitimate interest, the data controller may record the information of contact persons and representatives of potential customers whom it can reasonably expect to be interested in acquiring services or products offered by the data controller.

Direct marketing and other electronic communications can be sent to such potential data controller customers for whom the data controller can reasonably consider that the marketed products or services have a substantial connection to the potential customer’s area of ​​responsibility or work tasks.
Subscription to marketing messages can be canceled by notifying the data controller or by clicking the prohibition option in connection with each marketing message (“Unsubscribe” function). In this case, the data subject’s data will be deleted from the data controller’s electronic direct marketing subscriber list.

4. Information contained in the register

The register contains information about the controller’s customers and customers and customers representatives and contact persons, subcontractors and suppliers of the data controller representatives and contact persons, potential customers and their representatives, and contact persons, job seekers and other persons belonging to stakeholder groups. The registration is processed as follows, in terms of the abovementioned purposes of use
necessary information, which are depending on the case:
– Name
– Email address
– Mobile phone number
– Company and position
– Address information
– Billing and bank contact information
– Information related to the customer relationship and the order
– Information related to the marketing measures taken and communication
– Direct marketing concent / prohibition

For job seekers:
– Name
– Email address
– Mobile phone number
– CV, cover letter, job application, and other additional information provided by the job seeker
– Social media accounts, accounts on GitHub and GitLab

5. Data collected regarding online visitors

For users who visit our website, we automatically collect information about how the user navigates the site (for example, the duration and timing of the visit, which search phrases and words, and the search engine through which the visit is linked), and which area of the site the user visits. In addition to these, we collect technical information about the terminal device (including IP address, device ID, physical location, browser, operator and operating system type, and related URLs). The information is automatically collected in server logs or is collected with the help of cookies set on the user’s terminal device.

6. Statutory data sources of the register

Personal information has been obtained from the following data sources:
– directly from the registrant himself
– from public/generally available sources (such as the Internet and trade register)
– from company registers maintained by third parties
– from the representative of the registered employer
– For users visiting the website of the controller, with the help of cookies and other technologies

7. Recipients of personal data

The controller does not hand over personal data of registered users to outsiders, except when required by Finnish authorities.

Despite the above, the data controller uses reliable service providers in connection with the technical implementation of its services, who process personal data on behalf of the data controller on the basis of the data processing agreement between the data controller and the service providers required by the applicable data protection legislation. Service providers process personal data under the controller’s responsibility in accordance with the controller’s documented instructions. We are responsible for the processing of personal data performed by service providers on our behalf in relation to the data subject, rather than for our own activities.

8. Personal data retention period

The controller processes and stores data only as long as it is necessary for the predefined use of the personal data in terms of work purposes. Personal data that has become unnecessary and that the controller no longer has grounds to keep or process is deleted at regular intervals by the controller’s own data protection policies. The registered person has the right to request the deletion of their data at any time. Due to the laws and regulations applicable to the data controller’s processing activities, your personal data may be subject to a statutory retention obligation; in this case, we will retain your personal data for the time required by such law and only to the extent necessary. When the data is no longer necessary due to its purpose of use, the information is destroyed appropriately.

9. The registered person has the following rights:

The data subject’s right to access information
The registered person has the right to receive confirmation from the controller that personal data concerning him or her is processed or that it is not processed, and if this personal data is processed, the right to access the data.
The right to delete data
The registered person has the right to have the controller delete the personal data concerning the registered person without undue delay, on the basis of the law.
Right to rectification of data
The registered person has the right to demand that the controller correct inaccurate and incorrect personal data concerning the registered person without undue delay.
The right to restrict processing
The registered person has the right to have the controller limit the processing, on the basis of the law.
The right to withdraw consent
The registered person has the right to withdraw the consent on which the processing is based.
The right to transfer data from one system to another
The registered person has the right to receive the personal data concerning him that he has provided to the data controller in a structured, commonly used and machine-readable format, and the right to transfer the data in question to another data controller without the hindrance of the data controller to whom the personal data has been delivered, if the processing is based on consent or an agreement and the processing is carried out automatically.
Right to object
The registered person has the right, on grounds related to his personal special situation, at any time to object to the processing of his personal data, which is based on the legitimate interests of the controller, such as profiling based on these provisions. If personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for such marketing, including profiling when it is related to such direct marketing. If the data subject objects to the processing of personal data for direct marketing, they may no longer be processed for this purpose.
The right to file a complaint with the supervisory authority
If the data subject considers the controller to be in violation of the applicable legislation on the processing of personal data and data protection, the data subject has the right to file a complaint with the supervisory authority.
Automated individual decisions, including profiling
The registered person has the right not to be subject to a decision that is based solely on automatic processing, such as profiling, and that has legal effects concerning him or that significantly affects him in a similar way. However, the right in question does not apply e.g. then, if the decision is necessary for the conclusion or execution of an agreement between the data subject and the data controller, or if it is based on the data subject’s express consent.

10. Submission of personal data to the controller

Providing the personal data groups listed in section 4 to the controller is necessary to use the products or services offered by the controller.
The registered person is not obliged to provide his/her personal data to the data controller, although failure to provide personal data may make it difficult or prevent the data subject from using the products or services offered by the data controller.

11. Processing and profiling of personal data

The controller does not use automatic decision-making, such as automatic profiling, as part of the processing of personal data.

12. Further processing of personal data

The controller does not process personal data for purposes other than those described in this privacy statement.
If the data controller were to further process personal data for other purposes, the data controller’s obligation under data protection legislation is to inform the data subjects of such a purpose before further processing. In this case, the controller must also provide all relevant additional information.

13. Data is located within the EU / EEA

The data storage locations are servers and data centers located in the territory of the European Union or the European Economic Area.

14. General description of the controller’s appropriate technical and organizational security measures

Only designated employees or subcontractors working for the data controller who have signed appropriate confidentiality agreements are granted access to register.

The controller has given its employees binding written instructions and regulations regarding the processing of personal data and data protection, which the employees have committed to follow.

The information security of the information systems is properly organized, e.g. with encryption and technical restrictions.
The controller inspects its personal data processing operations and the systems and equipment used in them at regular intervals and e.g. evaluates the risks involved in the processing of personal data, for example when introducing new technology.

AI + App Innovations. On Google Cloud. By the Partner of the Year.

With Codento, the Google Cloud Country Partner of the Year 2024, you gain competitive edge via clearer customer foresight, smarter operations, and increased software intelligence – all delivered on the nextgen foundation.

Codento Ltd, Annankatu 34, 00100 Helsinki, Finland

Business ID 1965324-7

Privacy policy

Facebook Instagram Linkedin
Suomeksi