Aspocomp’s Privacy Policy

Updated 19.9.2019

At Aspocomp, we take data protection issues very seriously. This document is intended to inform you about how your information is processed and what kind of rights you have under the Data Protection Regulations. We process your personal information in accordance with applicable law, in particular the EU’s General Data Privacy Regulation (GDPR).

Controller

Aspocomp Group Plc (Business ID: 1547801-5)
Keilaranta 1
02150 Espoo
Finland

If you have further questions about privacy and personal data processing, contact us by email: privacy(at)aspocomp.com

When and how do we collect your information

When you provide your personal information to us, we use it only for the purposes stated at the point of collection or as obvious from the context of collection, for example managing customer relationships, applying for a position at Aspocomp or creating a profile on a website or application.

What are the legal bases for and purpose of processing personal data?

The bases for processing your personal data are our legitimate interests, (e.g., customer relationships management), consent of a customer, performance of a contract and/or a legal obligation.

The purpose of processing your personal data is to:

  • Deliver and develop products and services as well as marketing
  • Manage customer contacts and customer relationships
  • Make, implement and manage tenders and contracts
  • Fulfill and archive of contracts, promises and obligations
  • Process job applications submitted to the company
  • Process requests, feedback and inquiries
  • Process the electronic mailing lists (e.g., subscribers of Aspocomp’s annual reports and stock exchange releases).
  • Ensure compliance with the laws, regulations or the requirements and obligations defined by the authorities and supervisory authorities
  • Provide a better user experience for web pages (including optimization and customization) and to create, use, and browse history

Log and other data collected on the use of participant registers can be used for technical control of the registry, for data security, for assessing inappropriate use, malfunctions and troubleshooting, for compiling statistics on the use of the registry and for analysis, and for the development of the register and its operations.

What data do we process?

We receive personal information primarily from the data subject him-/herself. We also receive personal information from the authorities, the book-entry securities system, and other similar reliable sources, as well as from publicly available sources within the applicable law.

We process the following personal data provided by the data subjects him-/herself:

  • Basic information: name, identification number, mother language
  • Contact information: phone number, e-mail address, postal address
  • Information on the customer relationship and the contract such as information on past and current contracts and orders, correspondence with the customer and other references, the customer’s payment information and other information on the customer relationship that the customer itself voluntarily provides to our systems.
  • Information concerning shareholders and the AGM participants: name, personal identification number, email address, address, telephone number and number of shares and the name of any assistants that may have been notified of the general meeting, and basic and contact information for any authorized representatives.
  • Any other personal information submitted to the company by the registered party (such as the information contained in job applications).
  • Information on the connection and device used by the data subject, such as the username, IP address, device ID or other device identifier and cookies.

Protecting and storing of personal data

Protecting your personal information is very important to us and we ensure that information is duly protected, taking into account the confidentiality, reliability and usability requirements. All personal data is protected against unauthorized access and accidental or unlawful processing of data. The company ensures that its employees and subcontractors understand their responsibilities, are fit for their tasks and are aware of their duties and responsibilities in maintaining information security. The requirements of the EU Data Protection Regulation applicable as from May 25, 2018 have been taken into account in the processing of personal data.

We will store your personal information as long as necessary for the purpose for which this information is collected and processed, or as long as required by law and regulations. We estimate the need for data retention in the light of regular legislation. In addition, we will take reasonable measures to ensure that we do not store personal data that is incompatible, outdated or incorrect for the purposes of processing.

Data processors

We both process information ourselves and use subcontractors that process personal data on behalf of and for us. We disclose your information to the authorities to the extent required by law.

Data recipients:

Aspocomp Group Plc

Aspocomp is responsible for access to your information to the extent necessary for the abovementioned customer relationships, services and obligations. Your personal data will not be used for automated decision making or profiling.

Service provides and other third parties

Aspocomp uses subcontractors that process personal data on behalf of and for us. These subcontractors provide services relating to the technical implementation and maintenance of the publishing system of Aspocomp’s web pages, its electronic contract management system, stock exchange release system, and services relating to recruitment and assessments. We have outsourced our IT management to an outside service provider on whose server the personal data are stored and protected. Aspocomp also uses Euroclear Finland Oy and its book-entry securities system and clearing and settlement systems for the technical implementation and maintenance as well as processing of personal data of the company’s shareholder register, the participation register of the Annual General Meeting and the insider register.

Transferring data outside EU

Aspocomp does not transfer personal data outside the EU and has secured contractual arrangements with its service providers that the personal data may not be transferred without the written permission of the company.  If the company later deems that there is a need to transfer personal data, it first ensures that this information is properly protected in compliance with the data protection legislation in force at the time.

Your rights as data subject

As a data subject you have the following rights in connection with the personal data held by Aspocomp:

  • You have the right to access the personal data stored in this register concerning yourself, including the right to receive a copy of your personal information
  • Right to rectification or erasure of your personal data
  • Under certain conditions, you may request processing limitations or object to the processing of your personal data
  • Request transfer of your personal data to another registrar
  • Make a complaint to the Data Protection Authority if you notice that the processing of your personal data is defective or unlawful.

You also have the right to cancel your consent at any time if your personal data is processed based on separate consent.

Changes in this privacy policy

Aspocomp reserves the right to periodically update data related to data protection. Should we make amendments to this privacy policy, we will place the amended policy on our website, with an indication of the amendment date.

We encourage you to periodically review this statement so that you will be aware of our privacy practices.

Contacts

If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of the GDPR or this Statement, please contact us by email: privacy(at)aspocomp.com