Privacy Policy

This is Etha Oy’s privacy policy that follows the EU’s General Data Protection Regulation (GDPR). In this privacy policy, we describe how and in which situations personal data is processed and what rights you have as a data subject.

Written March 13, 2023. Updated April 11, 2024.

1. Controller and contact information

Etha Oy (1790018-7)
Vaasanpuistikko 14 B 11
65100 Vaasa
E-mail: info@etha-consultancy.com
Phone: +358 (0)2900 20440 

2. Person in charge of the register 

Caroline Kullbäck
E-mail: caroline.kullback@etha-consultancy.com
Phone: +358 (0) 504024759

3. Purpose and reasons for processing personal data

To develop the products, services, and operations of Etha Oy, to carry out tasks appropriately, and to follow the law, Etha Oy processes personal data mainly for the following purposes and reasons:

  1. The development of products, services, and operations. It is in your and our interest that our products are suitable and modern. We want to be at the forefront of our industry’s development. The personal information you give us by, for example, using our website, helps us realise these goals. This type of personal data processing is based on a legitimate interest.
  2. Providing a smooth website experience. A smooth and user-friendly website makes it more functional and faster to browse. This kind of data processing is also based on a legitimate interest.
  3. The processing of job applications. Etha maintains a job applicant register, which is used for collecting personal information (person’s name, contact information, curriculum vitae) about jobseekers with their consent. Jobseekers’ personal information is collected from the open job applications and possible certifications submitted by them. In addition, we process your personal information to, for example, evaluate the suitability of your work experience, invite you to an interview, and use certain data as the basis for a possible contract of employment. Processing this data may be based on legitimate interests depending on the situation.
  4. The processing of invitations and sign ups. We consider different events to be great opportunities to meet new people and network. As you sign up for an event, we must process your registration. Additionally, Etha Oy maintains an event register where personal data is collected (person’s name and alternatively company/organisation) mainly for invitations. This kind of data processing is based on a legitimate interest.
  5. The management of matters related to the customer relationship. Personal information is processed for handling and managing matters related to customer relationships (offering products and services, sales, delivery and invoicing, managing supplier relationships, and possible processing of support requests and reclamations). In this context, the processing of personal data can be based on both a contract and a legitimate interest.

Regarding personal data processing based on a legitimate interest, Etha Oy has carried out a balance test between your interests and basic rights as well as our interests.

Regarding personal data processing based on your consent, you always have the right to withdraw your consent. For example, you have the right to change your settings on the website or your browser so that cookies are not collected.

4. Categories of personal data the processing affects

The personal data categories to be processed depend on the type of data subject. The different types of personal data categories are:

  1. Technical user data, such as cookies, IP addresses, language settings, location data, software and hardware versions, and which pages you have visited and reacted to.
  2. Basic contact information, such as name, e-mail, address, postal code, and web address.
  3. Information about your position, such as employer, job title, and industry.
  4. Announcements about events.
  5. Marketing permits and prohibitions.
  6. Consents.
  7. Interests.
  8. Certificates, work experience, skills and other work-related information, such as transcript of study records, referees, suitability assessments, and salary requests.
  9. Pictures. For example, pictures of resumes.
  10. Social security number. 
  11. Customer information, such as a legal or physical person and a corresponding office, and other information we need or you deliver to us to process the matter.
  12. Payment information, such as paid amounts, billing addresses, contact persons, and account numbers.

5. Data minimisation

The personal data processed by Etha Oy is limited to what is necessary for the individual purpose and goal.

6. The sources used by Etha Oy

Your personal data is stored through your own activity on our website. Additionally, Etha Oy collects personal information from you, for example, when you contact us or sign up for an event. Sometimes we can avoid requesting personal information from you by obtaining it from other parties, e.g. from your employer’s website or from the referees you have named.

7. Recipient categories

Etha Oy processes personal data within its own organisation and for its own purposes.

In some cases, Etha Oy must also allow third parties to access personal data. For example, when organising events there may be a need to hand over personal data to other parties who take care of catering, or when we cooperate with other business organisations.

8. Personal data retention period

Etha Oy stores personal data as long as it is necessary for the purpose for which it was originally collected. The necessary retention period varies depending on the purpose the data was collected for and to which personal data group your data belongs:

  1. For example, cookies and other personal data we gain access to through your activity on our website or in social media are stored as long as Etha Oy needs them for the development of our products, services, and operations. You can choose (on the website or your browser settings) not to store cookies in your web browser and delete them. When you delete your personal data, Etha Oy no longer stores them.
  2. Personal data is removed from the event register three months after the event. However, Etha Oy may store data for longer if, for example, we want to give you the opportunity to receive invitations to our events in the future as well. In these cases, the retention period varies, but is usually a few years. Upon request, your personal data is removed from the event register. 
  3. Personal data is removed from the job applicant register three months after submitting the application data. 
  4. To maintain our customer relationships, Etha Oy stores personal data for as long as you are our customer or as long as it is deemed necessary. For example, disqualification information may be stored for a longer period of time.

At a minimum, personal data is stored for the period specified by law.

Data is not disclosed to third parties. However, data can be disclosed in accordance with the authorities’ legal requests for disclosure of data.

9. Data transfer outside the EU or EEA

In principle, personal data is not transferred outside the EU or EEA.

However, the delivery of certain products and services requires data to be transferred outside the EU. The services are:

  1. Website analytics: Google Analytics and Microsoft Clarity (USA)
  2. Leadfeeder (Finland)

If such countries are not part of the EU Commission’s decision concerning a sufficient level of data protection, data processing is secured by a standard clause approved by the European Commission.

10. Principles of registry protection

Databases containing personal data are on a server that is kept in a locked space that can only be accessed by designated and authorised people due to their duties. The server is protected by a firewall and technical protection.

Access to databases and systems is only possible with separately issued personal user IDs and passwords. Etha Oy has limited access rights and authorisations to information systems and other storage platforms in such a way that the data can be viewed and processed only by the persons necessary for the legal processing of the data.

The employees of Etha Oy and other people are bound by a separate agreement to comply with professional confidentiality and to keep the information they receive while processing personal data secret.

11. Rights of the data subject

You have the following rights under the EU General Data Protection Regulation (GDPR):

  1. Right of inspection. You have the right to check your data and to demand that any errors be corrected. 
  2. Right to object. You have the right to object to data processing if the data has been processed illegally or without permission. 
  3. Right to erasure. You have the right to request the erasure of your personal data to the extent that it is not necessary for the tasks of Etha Oy. 
  4. Right to data portability. You have the right to demand that your data is automatically transferred to another data controller.
  5. Right of appeal. You have the right to file a complaint to a Data Protection Commissioner if you consider that Etha Oy has violated the existing data protection legislation in the processing of personal data. 

Requests should be sent in writing to the controller to the address specified in the 1st part of this privacy policy. If necessary, the controller may ask the requester to prove their identity. The controller responds to the customer within the time period specified in the EU’s GDPR.

Cookies

The website uses the following cookies:

CookieServiceFunction
AMCV_AdobeVisitor statistics and monitoring
_gaGoogleVisitor statistics and monitoring
_gidGoogleVisitor statistics and monitoring
_lfaLeadfeederVisitor statistics and monitoring
aam_uuidAdobeVisitor statistics and monitoring
Moove_gdpr_popupWebsiteFunctional
Pll_languageWebsiteFunctional