All news and press releases

Suppliers and subcontractors

This privacy notice explains how Findata processes the personal data of employees and representatives of suppliers and subcontractors.

“Personal data” means any information relating to a data subject that can be identified directly or indirectly, as defined in the EU General Data Protection Regulation (2016/679, GDPR).

Findata complies with the GDPR, the Act on the Secondary Use of Health and Social Data, as well as other applicable data protection legislation and good data processing practices when handling personal data.

Controller

Findata – Social and Health Data Permit Authority
P.O. BOX 30, FI-00301 Helsinki, Finland
info@findata.fi

Data Protection Officer
tietosuojavastaava@findata.fi

Purpose of processing of personal data and legal basis for processing

We process the personal data of the employee/representative of the supplier or subcontractor as a data controller for the following purposes:

  • To deliver the service or product in accordance with the contract,
  • to ensure information security and the lawfulness of the processing of personal data and
  • for communication related to the service and its use and
  • carry out any necessary billing.

We do not use automated decision making or profiling in our data processing.

The processing of personal data in connection with supplier or subcontractor relationships is typically based on the performance of a contract between Findata and the supplier or subcontractor (Article 6(1)(b) of the GDPR).

Personal data processed and sources of data

We collect the following information about the employee/representative of the supplier or subcontractor:

  • Name,
  • telephone number,
  • email address, and
  • title and employer information.

The information is obtained either from the data subject themselves or from the supplier or subcontractor represented by the data subject.

Regular disclosures of personal data and categories of recipients

We do not disclose personal data about representatives of suppliers or subcontractors on a regular basis.

Retention period for personal data

Findata retains personal data for as long as necessary to fulfill the purposes defined in this privacy notice, unless legislation requires a longer retention period or unless Findata needs the data to establish, exercise, or defend a legal claim.

Transfer and disclosure of personal data to non-EU or EEA countries or to international organisations

We do not disclose personal data outside the EU or EEA or to international organisations.

Rights of the data subject

In this privacy notice, “data subject” refers to the employees and representatives of suppliers and subcontractors. For more information about the rights of data subjects, see the section “Rights of the data subject” above on this page.