1. General information
Work Pilots Oy
Address: Tekniikantie 2, 02150 Espoo, Suomi
Business ID: 2718776-8
3. Purposes and legal basis for processing personal data
We only process personal data that is necessary for each purpose set out below. We process personal data in accordance with the applicable data protection legislation. Personal data will be processed for the following purposes:
- Customer service and communication
- Provision, design and development of the services
- Measuring customer satisfaction
- Marketing, including market research, other marketing promotion and analysis, and the production of statistics and the measurement of marketing effectiveness
- Improving the user experience of our websites and applications and tracking user traffic
- Handling inquiries related to services
- Administrative purposes
- Processing customer order information and monitoring payment status
- Management of legal obligations (eg accounting and other legislation) and reporting obligations, such as reporting related to tax legislation
- Prevention of abuse
The legal basis for the processing of personal data is mainly the implementation or preparation of an agreement between the data subject and WorkPilots and the legitimate interests of WorkPilots. Our legitimate interests include, for example, managing and developing the services and handling inquiries related to our services, as well as other customer service and customer communications, as well as marketing and monitoring the effectiveness of marketing activities and user traffic to our website and application. When we process personal data based on a legitimate interest, we have carefully balanced such legitimate interest with the data subjects right to privacy and concluded that our interest outweighs the data subjects’ rights and freedoms.
4. What data is collected, stored and processed?
- contact information such as name, e-mail address and telephone number, as well as other registration information such as username, nickname and any other unique identifier
- personal identity number and bank account number (from work applicants)
- profile description and picture as well as information related to orders and information related to employment
- billing and payment information as well as other related information
- information related to orders and feedback, chat messages and payments to be made
- registration, login and password recovery information, ip address, electronic communications identification information, information related to the service of the logged-in user, such as information on the use and browsing of service features, information collected using cookies and other similar technologies, and browser as well as operating system information.
- location information, such as coordinates calculated using GPS or WLAN access points or or coordinates calculated using base stations in the cellular network, this information is only gathered if explicitly authorized by the user.
- information on the marketing content used by the data subject, such as message opening and information regarding clicks
- Event information, such as the registrant’s participation in events.
Personal data may be updated and supplemented by collecting data from private and public sources.
5. Retention of personal data
The necessity of storing personal data, as well as the accuracy of the data, is regularly reviewed. Customer data and other material related to customer agreements are retained due to statutory and contractual obligations and responsibilities mainly for a period of 10 years from the end of the tax year or accounting period. Upon request, we will provide more information regarding the retention periods.
6. Transfers and recipients of personal data
The personal data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the services as well as to ensure the safety of the services. In addition, personal data may have to be disclosed in connection with legal proceedings or similar dispute resolution purposes.
Some of the services used by WorkPilots for processing personal data operate outside the territory of the European Union or the European Economic Area. Thus, Personal data can be transferred regularly outside the European Union (EU) and the European Economic Area (EEA). In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission.
We will provide more information regarding the processing upon request.
7. How is the data protected?
We use appropriate technical, administrative and organizational security measures to protect personal data against unauthorized access, disclosure, destruction or other unauthorized processing. Firewalls, secure equipment rooms, proper access control, controlled provision of access and monitoring of use, and the use of encryption technologies are also in use. The servers are located in the EU. Network services are protected by a HTTPS connection, which encrypts communications.
All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees who need it to perform their duties. Employees and other processors of personal data have personal usernames and passwords.
We also require our service providers to have appropriate methods in place to protect personal data.
Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
WorkPilots may collect information about a user’s terminal using cookies and other similar technologies, such as the browser’s local data warehouse. A cookie is a small text file that a browser stores on a user’s terminal. Cookies often contain an anonymous, unique identifier that can be used to identify and count browsers visiting the site.
9. Use of location data
The location information of the user’s terminal may be used to provide location-based services, such as locating a job offered and the location of the provider, to present targeted advertisement and identify sales, provided that the user has given their explicit consent to the processing of the location information or said information has been anonymized.
Location data is determined using available location methods, such as GPS and WLAN access points and cellular base station locations. The user can withdraw his consent at any time. Location data is processed and stored only for the time required to provide the services which are based on the location data.
10. Rights of data subjects
Right of access and right of inspection
The data subject has the right to obtain confirmation as to whether or not and what personal data concerning him or her is being processed and receive a copy of said information. The data subject should send the request to firstname.lastname@example.org. The data subject must provide in the request the details necessary to search for the information.
If necessary, the controller shall ask for additional information to identify the data subject. The data subject has the right to access the personal data and receive a copy of the personal data. The response to the request for verification will be sent to the person requesting the information by e-mail, unless the data subject requests otherwise.
Right to rectification
WorkPilots takes care of the quality of the personal data it processes to the best of its ability. WorkPilots may correct, delete or supplement incorrect, inaccurate or unnecessary personal data on its own initiative or at the request of the data subject.
Right to erasure
Right to restriction of processing
The data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of his/ her personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to such data.
Right to object to processing
The data subject has the right to object to certain processing of data, under conditions defined by data protection legislation, for example, the data subject may object to his/her personal data being used for profiling. The data subject also has the right to object to the processing of his or her personal data for direct marketing purposes.
Right to data portability
The data subject has the right to receive the personal data that he or she has provided in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller.
Right to withdraw consent
If the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect any previous processing. In addition, the data subject may object to direct marketing and may withdraw his or her consent to electronic direct marketing by following the instructions included in the marketing communications (e.g., unsubscribing by way of a feature attached to an email or text message).
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to him or her infringes current legislation. Contact information for the Finnish Data Protection Authority can be found here.
We will process your request upon receipt of all necessary information related to your request (including verification of identity). The request shall be answered within a reasonable time and, if possible, no later than one month after the request has been submitted and the identity verified.
If the request cannot be granted, the refusal shall be notified separately. We may refuse to process requests that are disproportionately repetitive, unreasonable, or manifestly unfounded.