Rainmaker Group Oy (“Rainmaker”)
Contact person responsible for register matters
Rainmaker Group Oy
Rainmaker HR / Robi Heikkilä
hr (@) rainmaker.fi
Legal basis and purpose of the processing of personal data
The processing of personal data is based on one or more of the following:
- The legitimate interest of us or other group companies;
- The contractual relationship, that is, the processing is necessary to implement the employment or training relationship;
- Processing is necessary to comply with our statutory obligations;
- The data subject has explicitly consented to the processing of his/her personal data.
The purpose of processing personal data is, for example, to handle employment matters and related employer’s obligations, such as payroll, and to plan and develop our business from a personnel perspective.
The legal basis for the processing of personal data is the employment relationship of the Rainmaker Group and the related employer’s obligations.
Basic employee information (name, social security number, address, telephone number, email address), employment information (start and end date, task), training and previous work experience, payroll information (salary group, salary, fringe benefits, employee benefits, sick leave certificates for resolving the salary payment obligation), access control, skill and personal assessments, work performances, annual leave and working time records. Consideration will be given to the processing of sensitive information.
The disclosure of personal information is a prerequisite for us to fulfil our obligations as an employer.
Communications records and its contents, including customer service call records, are retained to verify the content of the communications and to ensure our rights and obligations, as necessary. Call records can also be used for training staff internally to improve the service quality and develop our services. The records will not be used for any other purpose and will not be released outside of Rainmaker.
Regular sources of registry information
As a rule, personal data are collected from the employee himself / herself based on the information and consent given by the employee. The employee personally fills in the personal identification number, address and account number to the electronic system. The employee personally stores the amended data in the electronic system.
Information is forwarded to the tax authorities for tax enforcement purposes, to pension and insurance companies for the maintenance of insurance policies taken up by the employer, and to the employment and enforcement authorities to perform these statutory duties. Occupational health care companies to provide statutory occupational health care. For customer companies with the information they need to manage work. For employee unions with employee authorisation. The sensitive nature of the information will be taken into account.
Data transfer outside the EU / EEA
Personal data will not be transferred outside the EU / EEA.
Principles of the registry protection and data retention
The personal data of the employment register shall be accessible to designated persons to the extent necessary for the performance of the personnel management and payroll functions. Users of the employment register information have been given separate IDs by the system administrator, as well as training in data processing. In addition, they are subject to confidentiality obligations. Information on employees’ health is kept separate from other information.
Material in electronic data processing is protected by usernames and passwords. Personal information is collected in a computer system protected by firewalls to prevent unauthorised access. The server with the personal data in question is stored in locked premises, accessible only to a limited number of maintenance personnel. The computers used to access the database are located in locked and monitored spaces. Manual material is stored in a locked location.
Records are kept for 10 years based on the fulfilment of statutory employer obligations.
Customer service call records are retained for 180 days.
Rights of the data subject
The data subject has the right to inspect the personal data stored in the personal data file and to request correction or deletion of incorrect data. The data subject also has the right to withdraw his or her consent. According to the Data Protection Regulation (as of May 25, 2018), the data subject has the right to object or request a restriction on the processing of his data and to complain to the supervisory authority about the processing of personal data. For specific personal reasons, the data subject also has the right to object to processing of his or her data when the data processing is based on the legitimate interest of Rainmaker. In the case of a claim, the data subject must identify the specific situation on the basis of which he or she objects to the processing. Rainmaker may refuse a request for objection only on the grounds provided by law. The data subject shall also have the right to object to processing free of charge in so far as it relates to direct marketing.
Updated Nov 22, 2019.