Personal Data Act (523/1999), Section 10
1. Data Controller
Vincit Plc (Business ID: 2113034-9)
Street Address: Visiokatu 1
FI-33720 Tampere, FINLAND
Tel: +358 (0)29 170 7007
2. Person in charge of the register
3. Name of the register
Vincit LaaS Client Register
4. Purpose of processing personal data
Personal data is processed upon consent of the data subject by Vincit Plc, companies in its group, its associated companies, and co-partners for the purposes of analytics, developing leadership and well-being services, and improving individuals’ quality of life.
5. Contents of the register
The register may contain the following categories of personal data:
First name and last name
Contact information (addresses, phone numbers, email addresses)
Country of residence
Date of birth
Employer’s name and contact information
Start and end date of the relevant connection between the data subject and the operations of the controller
Personal interests related to service use and other additional information provided by the data subject
Data produced by and related to the data subject (e.g. data and communications produced and published on social media platforms related to the controller)
Analytics data on events and user activity
Details of changes to the above-mentioned data.
6. Regular sources of data
The data regarding the data subjects is gathered from the data subjects themselves and the controller’s systems as the registered users use the service.
Personal data may be gathered from registers maintained by Vincit Plc and companies belonging to the same group, and the Population Information System.
7. Regular disclosures of data and transfer of data
The data may be disclosed, within the scope of the applicable legislation, to selected co-partners for purposes compatible with the purposes of the processing, unless prohibited by the data subject.
Personal data shall not be transferred outside the European Union or European Economic Area unless it necessary for the technical implementation of the service. In such case, the controller will ensure an adequate level of data protection in accordance with applicable laws and regulations.
8. Principles of data security
Data is stored in databases protected with firewalls, passwords and other technical measures, in accordance with good database practices. The databases and their backups are stored in secure locations. Physical documents containing personal data are kept in locked premises which are only accessible to persons whose duties require such access.
The controller shall ensure that access to the personal data is limited to employees of the controller and of companies acting on their behalf. The employees only have access to the data when their duties require such access.
9. Right of access, rectification, and erasure
The data subjects have the right to review their personal data stored in the register.
Inquiries regarding the right of access must be in writing and personally signed and sent to the person in charge of the register. The data subject may also request to access their personal data by appearing personally in the premises of the controller at the aforementioned address.
The data subject may request access to their personal data free of charge once a year. The controller shall respond to all inquiries within three months of receipt of the inquiry.
The data subjects have the right to prohibit the use of their data for the purposes of third-party direct marketing, direct advertising or other corresponding means of marketing. If there are errors in the data, the data subject may request rectification of such data by submitting a request to the person in charge of the register or by contacting the LaaS service provider by email at their official account.