This is Arctic Career Ltd.’s register and privacy statement which is based on the EU General Data Protection Regulation (GDPR). Date: 31st October 2022.

1. Data controller

Arctic Career Oy, Pekankatu 3 B 1, 96400 Rovaniemi

2. Contact person in charge of the register

Heidi Alariesto, heidi.alariesto@career.fi, +358 45 313 33533

3. Name of the register

The company’s client register is used for managing matters related to personnel’s employment and clients. Clients are businesses or organizations, and data related to them includes the names of their contact persons. The client register is hosted on the LikeIt system.

4. Purpose and legal basis for processing personal data

According to the EU General Data Protection Regulation, the legal basis for processing personal data is:

  • the company’s contract to which the data subject is party (or contact persons, in case of client companies)
  • legitimate interests pursued by the controller (employment) The purposes for processing personal data are: communication with clients, up keeping the relationship with clients and marketing. The system called LikeIt is used for salary payments, delivering pay slips and checking work hours. The system is also used for offering on-call jobs. The data is not used for profiling or making automated decisions. 5. Privacy statement description The following personal data are saved to the register of the data subjects: data subject’s name, position, business/organization, contact details (phone number, email, address), website addresses, invoicing information as well as other information related to clients and requested services. Information concerning work tasks that employees are interested in, is also saved. 6. Regular sources of personal data Personal data is collected from the data subject through online forms, messages, emails, phone calls, social media, contracts, client meetings and through other occasions where the data subject shares their personal data. Contact details of companies and other organizations’ contact persons can also be saved from public sources, such as websites, directory services and other businesses.

7. Transfer of personal data to countries outside the EU/EEA

No personal data will be transferred to third parties. Data can be published to the extent agreed with the client.

No personal data will be transferred outside the EU/EEA. The servers are located in Finland.

8. Protection of personal data

The controller implements the appropriate technical and administrative data privacy measures to protect the personal data. The data controller ensures that the saved personal data, as well as access rights to the servers and other information critical to the security of personal data, is processed confidentially and only by the people whose work performance requires it.

9. Data subject’s right of access and right to rectification

As the data subject, you have the right to obtain information on your personal data that has been saved to the register, and to ask for the said data to be rectified or supplemented. If the data subject requests to access their personal data, or requests the said data to be rectified, they should send this request to the data controller in writing. If necessary, the controller can ask the data subject, that has requested access to their data, to prove their identity. The controller will respond to the data subject within the time period stated in the EU General Data Protection Regulation (usually within one month).

10. Data subject’s other rights

The data subject has the right to request their data to be erased from the register (“right to be forgotten”). The data subject also has other rights that are stated in the EU General Data Protection Regulation, such as the right to restrict the processing of their personal data in certain situations. The requests have to be sent to the data controller in writing. If necessary, the controller can ask the data subject, that has requested access to their data, to prove their identity. The controller will respond to the data subject within the time period stated in the EU General Data Protection Regulation (usually within one month).

11. Personal data storage time

Personal data of the data subject is stored for as long as required for the implementation of the purposes specified in this privacy statement. Typically, the retention time for data acquired through the contact form is 36 months after the last contact with the data subject.