1 Purpose
This Privacy Notice describes to persons communicating with DNY Finland Oy or who are registered in DNY Finland Oy’s personal data register in the role of a supplier, a subcontractor or other type of partner, or potential supplier, subcontractor or other type of partner (hereinafter Data Subject), how DNY Finland Oy (hereinafter Data Controller) processes their personal data.
2 Data Controller
DNY Finland Oy (Helsinki Shipyard)
Address: Laivakatu 1, 00150 Helsinki, Finland
Email: info@helsinkishipyard.fi
3 Legal Basis and Purposes of Personal Data Processing
The legal grounds for processing personal data are either fulfilment of an agreement concluded between the Data Controller and the Data Subject, legal obligation or the legitimate interest of the Data Controller, or consent of the Data Subject.
Registered personal data are processed for following purposes:
- procurement and delivery of products and services
- creation, management and development of supplier, subcontractor or other type of
partner relationship between the Data Controller and the Data Subject - design and development of business, products and services
- opinion and market research, organizing events
- analysis, segmentation and statistics for the purposes explained above
4 Content of the Register
The register includes the following data on the decision-makers and contact persons of current and potential supplier, subcontractor and other type of partner companies:
- Contact information such as name, job title / other role, email address, telephone
number, language preference and any other information needed for effective and
timely contact and communication. - Information related to communication, such as contacts by email, phone and electronic form, registration and participation in meetings and events, possible dietary restrictions, feedback.
5 Regular Sources of Information
Personal data is mainly collected directly from the Data Subject himself / herself, in connection with filling in a contact request or other form, concluding a contract, or other personal, electronic or telephone contact, or in connection with participation in meetings and events. In addition, personal data may be collected and updated from publicly available sources of information, such as company websites, the Trade Register, other public and private registers (e.g. Vastuu Group, Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy).
6 Regular Data Disclosures and Transfers from EU/EEA
Data may be disclosed to third parties if it is necessary to fulfil the Data Controller’s legal or contractual obligations.
Certain functions related to data processing may be outsourced to carefully selected external service providers, such as ICT, marketing and communications service companies. In these situations, this third party processes personal data on behalf of the Data Controller in accordance with the Data Controller’s instructions and this privacy notice, as well as in accordance with a separate data processing agreement.
If the transfer of personal data is necessary outside the EU or EEA, the Data Controller ensures that the EU Commission has approved the level of data protection in the destination country as appropriate or by agreeing on the transfer with standard contractual clauses approved by the EU Commission.
7 Data Retention
Personal data is stored for as long as it is necessary for the purpose of use or legal obligations. The Data Controller maintains the personal data of the supplier, subcontractor and partner register and corrects and deletes unnecessary and outdated data regularly when the Data Subject’s relationship or connection with the Data Controller is active. When the relationship becomes passive, the Data Controller may retain personal data to the extent permitted by law.
8 Data Security
In the Data Controller’s IT systems, personal data is protected against unauthorized access by technical protection mechanisms. Access to personal data is limited to persons who need the data to fulfil the duties of their work role.
9 Access, Rectification and other Rights of the Data Subject
The Data Subject has the right to inspect the data concerning him / her stored in the personal data register and the right to demand the rectification of incorrect data or, in certain cases, the erasure of data. The Data Subject has the right to request the restriction of the processing of the data concerning him / her, or to object to the processing of the data concerning him / her.
The Data Subject has the right to file a complaint with the competent supervisory authority concerning the processing of personal data by the Data Controller.
The above-mentioned requests and prohibitions can be sent to the email address mentioned in section 2. In order to ensure data protection, the Data Subject must prove his / her identity.