Timehouse Oy (company ID: FI09667477)
Address: Köydenpunojankatu 8, 00180 Helsinki
Tel: +358 207 491 449
2. Name of registers
Client, marketing & recruitment data registers
3. Responsibility for maintaining registers
Client & marketing data register:
Name: Marko Koponen
Recruitment data register:
Name: Tuula Issakainen
4. Purpose and legal basis for processing personal data
Personal data will be used for the following reasons:
To manage client relationships and client services
To action financial transactions and manage billing
To carry out actions related to the services and products of the collector — including the development, selling, and marketing of products and services
To fulfil the needs and rights of the controller and the client
To undertake remarketing based on website data — both on websites and social media
To process job applications and carry out other recruitment activities.
Processing of personal data
The legal basis for processing personal data is justified by both legal and contractual obligations, governed by consent, and adheres to the rights of the controller. The rights of the controller come into play when the data subject and controller have reasonable contact.
Reasonable contact and justification for storing personal data arise when:
You get in touch with the controller of your own regard
The data controller is obliged to handle your personal data in connection with a commercial relationship or partnership
The controller may also justifiably include individuals in its client or customer database (including contacts and representatives) who are likely to be interested in the products or services offered by the controller.
Personal data will be handled with the consent of the person whose data is being collected (which can be given by joining the Timehouse Oy newsletter, downloading user guides, inputting personal details into the recruitment system, or submitting a contact form).
Anybody registered on any database maintained by Timehouse Oy has the right to remove their consent at any time by getting in touch (see point 3).
5. The personal data we collect
Our registers contain information on the following people:
Clients, client representatives and client contacts of Timehouse Oy
Suppliers and contractors of Timehouse Oy
Potential clients and customers of Timehouse Oy
Other dependants and interested parties.
Here are some examples of the data we process (case-dependant):
Client & marketing register
Company and job title
Client-specific data like orders
Newsletter and newsletter analytics
Online orders of electronic material
User behaviour and web analytics
Job application, CV, and other personal details given by the applicant.
Recruitment applications are stored for two years. The controller will only process and store personal data as long as is reasonable for their intended purpose. Data that can no longer be stored or processed for a justifiable reason will be deleted at regular intervals according to the data protection policy of the controller.
6. Permissible sources of information
Personal data is primarily collated from these sources:
Directly from the subject in connection with a client or customer relationship
Directly from the subject in connection with a job application and the recruitment process
Directly from the subject in connection with any other form of partnership or collaboration
From public records or records in the public domain (e.g. the web or a business register)
From the subject’s employer, trade body, or representative.
Client and marketing register
Personal data is collected when a user downloads content or material from the Timehouse Oy website, signs up for an event or webinar, or asks to be contacted for marketing purposes. Personal data of people belonging to a company with a partnership or client relationship with Timehouse Oy will also be saved to the register when a person. Direct marketing data will come from the subject or be in the public domain.
Personal data will be collected once an applicant fills in the Timehouse Oy recruitment application or sends through a speculative application to Timehouse Oy.
7. Data access and data management
The controller will not divulge any data or personal information outside of the organisation, unless the authorities explicitly request the data for legal reasons or legislation specifically demands it.
The controller will only use reliable technological partners to maintain, store, or process data or personal information.
No personal information or data will be sent outside the EU or the EEC. Any transfer of personal information will conform to the latest GDPR and data protection legislation.
8. Data protection
Client and marketing register
Data access will only be given to people who need it in order to reasonably discharge their duties in the spirit of ‘need-to-know’. Personal data will be processed by a variety of data systems managed by either Timehouse Oy or its partners. We have ensured that all our partners adhere to data protection legislation.
Applicants’ personal details will be saved in information systems that are either managed by Timehouse Oy or its partners. We have ensured that Timehouse Oy staff access the register only when it’s directly related to their duties. We don’t use AI decision-making like automatic profiling when processing your personal data.
9. Individual privacy rights
Anyone whose data is on our register has the right to:
Access your personal data
Demand that your personal data is changed, removed, or that the way in which the data is used is limited
Complain about the way in which your personal data is being stored and used.
You have the following rights that can be adapted to specific circumstances:
The right to access the personal data held on you
You have the right to ask for confirmation whether your personal data is being processed or not. If your personal data is being processed, you have the right to access it.
The right to ask for data to be modified, removed, or for the use of the data to be restricted
You have the right to ask the controller to modify incorrect information held on you, remove a piece of personal data, or ask for the processing to be restricted according to law.
The right of refusal
You have the right to refuse the processing of your personal data in any scenario where the company is lawfully processing your personal data.
The right to complain to the relevant authorities
In Finland the relevant authority is the data protection office whose contact details and recommendations can be found here — .
Your data rights
You can exercise your rights by getting in contact with the controller using the contact details outlined in point 3. The controller has to respond within one month. If there are multiple requests for information or the requests are very complex, the controller has the right to include in their response a request for more time. If the controller needs more time, the final due date will be no longer than three months from your initial request.
We ask you to note that before we can carry out a request, we have a right and duty to confirm your identity, which means we need to be able to confirm your identity within reason. If your request is without foundation or is deemed unreasonable, we have the right to request compensation to cover the costs of carrying out your request, or we can refuse to do it.
Cookies allow us to understand how users use our website and what content they are interested in, allowing us to provide users with the most relevant web content. Cookies do not harm your computer or any files on it. You can easily block cookies if you prefer by changing preferences in your browser settings.
11. More information
If you have any questions about how we handle personal data, you can get in touch using the contact details in point 3.