Whistleblower privacy policy statement
Finnish legislation law henkilötietolaki (523/1999) 10§ and 24§
EU General Data Protection Regulation (GDPR) article 30
1. Owner of the register
Name (business ID)
Raumaster Oy
Address
Nortamonkatu 34, 26100 RAUMA
Additional contact information (for ex. phonenumber, email)
02 837 741
2. Point of contact
Name
Data protection officer
Petri Laukkanen
Address
Nortamonkatu 34, 26100 RAUMA
Phonenumber: 02 837 741
3. Name of the register
Personal register of the Whistleblower data warehouse of the M-Files document management system
4. Purpose of processing personal data
Processing and managing reports of unethical activities addressed to the Raumaster Group.
5. Information contained in the register
Groups of registrants are the notifiers and the persons mentioned in the notices.
Name
E-mail address
6. Basis for processing
Consent
Legal obligation
7. Source of information
From the data subject
8. Is it a necessary requirement to provide personal data and the consequences of not providing data
Registrants can submit notifications anonymously, but in that case they will not receive a response to receive and process the notification if the email address is missing.
9. Period for which the personal data is stored
Notifications and reports of their solutions are kept for 8 years.
10. Is information from the register transferred outside the EU or EEA
No
11. Are automatic decisions being made based on the data
No
12. Right to withdraw consent
The notifier may withdraw her consent to process her notification by notifying the registrar through the Whistleblower portal.
13. Other rights of the data subject
Right to restrict processing of data
Right to check their information on the system
Right to rectification of data
Right to erasure of data
14. How can the data subject use their rights
The data subject may exercise the above rights by contacting the data controller through the Whistleblower portal.
14. Right to lodge a complaint
Every data subject has the right to lodge a complaint with a single supervisory authority, in particular in the Member State of his or her habitual residence or where he or she is employed permanently or where the alleged infringement of rights has taken place, if the data subject considers that his or her rights under the Data Protection Regulation have been infringed, without this limiting other administrative and judicial redress.
