Talenom has a legitimate interest in processing personal data for the purpose of directing the marketing and sales of Talenom’s services, as well as for improving the quality of Talenom’s products and services.
Categories of data subjects and categories of personal data:
The personal data processed include:
In addition to its own data, the Customer adds personal data of its personnel and customers to the Processor’s information services. Personal data may be added based on electronic and/or physical material provided by the customer.
In addition to this, personal data is collected from the tax authorities, the Social Insurance Institution of Finland, insurance companies, trade unions, credit services, the Digital and Population Data Services Agency, enforcement authorities and other parties whose data must be processed in the service provided by the Processor.
Users’ device information is collected automatically in order to develop the services and products offered by the Processor and to develop customer service, using, for example, internet browser cookies from Processor’s digital products and online services.
Personal data is disclosed to the Customer’s Auditor without a separate authorization for the implementation of the agreement between the Customer and the Auditor. In the case of the Client’s other partners, such as lawyers and consultants, the Client will be asked for a separate written authorization to disclose the data. When handing over written material, a data disclosure certificate is drawn up, which indicates the basic information of the material disclosed, to whom the data has been disclosed and when. This certificate of release is stored in customer folders for any subsequent obligation to provide evidence. In connection with the disclosure of digital material, personal user credentials are created for the customer company’s partner in the Processor’s information system, with which the Customer’s partner receives the disclosed information. The Customer’s request to create user credentials to the information system and give access to the Customer’s data also includes the Customer’s consent to the disclosure of the Customer’s data to the respective partner.
Data is disclosed to tax authorities, financial institutions, electronic money communities, pension insurance companies, insurance companies, trade unions, the Social Insurance Institution of Finland or earnings-related pension funds without the Customer’s authorization or consent when the disclosure of data is separately regulated by law. The processing of digital data is monitored with the help of event data from information systems, i.e. the storage of log data, and their automatic or manual monitoring. In addition, if necessary, the log data can be used as evidence of what events have taken place.
Talenom may disclose personal data to any entity within the Talenom Group. Talenom does not sell or rent personal data to other parties.
The Processor may disclose the Customer’s personal data within the limits of applicable legislation and in accordance with the terms of the agreement between the Processor and the Customer. Register data may be disclosed, for example, to tax authorities, pension insurance companies, insurance companies, trade unions, the Social Insurance Institution of Finland, earnings-related pension funds, financial institutions, electronic money communities, Confederation of Finnish Industries or Statistics Finland.
The processor has a legal obligation to disclose personal data to the authorities based on legal requests for information received from them in writing.
Mainly personal data will not be transferred outside the European Union (“EU”) or the European Economic Area (“EEA”). Data transfers outside the EU or EEA are made in accordance with the standard contractual clauses of the EU’s General Data Protection Regulation concerning data transfers.
The data contained in the register that is processed electronically is technically protected, for example with firewalls, password policy and by offering Talenom’s customers two-factor authentication to customer information systems.
The data transfer between the customer and Talenom’s services is encrypted with TLS (Transport Layer Security) technology. Data is backed up regularly and backups are stored in a different location than where the primary data is located.
Talenom conducts internal and third-party assessments and audits that cover both the technical security of critical information systems and the processes and guidelines for administrative information security and data protection.
The processor protects the Customer’s data from unauthorized access and dissemination. Only the employees of the Processor and subcontractors acting on behalf of the Processor have access to the data contained in the register based on separately granted access rights. Access rights are monitored, and the creation of unsafe user access combinations are prohibited by the user access management policy and their creation is controlled as part of the access management process. The access rights of the administrators are regularly checked and are deleted when the user no longer needs them. The access rights of employees who have left the processor are removed from all systems upon termination of employee’s employment.
The customer’s data is only processed by a Talenom employee whose work duties require it. It is forbidden for processor’s employees to process personal data on other grounds, even if the employee would have a technical access to customer data based on his or her role and business reasons. All of Processor’s personnel and subcontractors acting on its behalf have a duty of confidentiality in relation to all the Customer’s financial management information and personal data. The obligation of confidentiality is recorded in the employment contracts of Talenom’s personnel and in agreements with third parties, including sanctions for violation of confidentiality.
Employees who process customer data are trained through regular trainings, where the legality criteria for doing the work are an integral part of the training. The information security and data protection awareness of the processor’s staff is regularly maintained in various ways, for example, by organizing regular information sessions on information security and data protection for the entire personnel of the company and by arranging mandatory information security and data protection training for employees every year, in order to pass the subject matter test. The Processor has drawn up an information security policy that each new employee of the Processor becomes familiar with when starting their work. The existence and location of the information security policy are communicated in regular information security trainings and employees are reminded of the binding nature of the information security policy. The information security policy describes the general rules on information security and data protection that are binding on the employee, whether they are technical rules, information security processes or practices and instructions suitable for everyday work.
Customer data is processed in information systems located in the data center in Finland or in Cloud services located in the European Union.
In data centers located in Finland, the most important production systems have been duplicated in two physically separated data centers to ensure safety, data preservation and service continuity in normal and exceptional situations.
These data centers provided by the service provider use certified safety practices, access control and monitoring procedures.
The customer is responsible for the implementation and maintenance of adequate technical and organizational information security measures in their own information systems and physical environments.
The Processor deletes the Customer’s personal data from its information systems to the extent required by law when the Customer leaves the Processor.
The deletion of data occurs one + ten (1+10) years after the Customer’s exit. After deletion from the operational information systems, the data will be automatically deleted within six (6) months of the backups.
In accordance with sections 15-22 of the European Union’s General Data Protection Regulation, the data subject has the right to:
The exercise of some of the data subject’s rights is limited by other mandatory legislation, based on which Talenom has the right and obligation to refuse on reasonable grounds the rectification, erasure, restriction of processing or transfer of data from one system to another. An example of such legislation is, for example, the Accounting Act, which stipulates the retention of payroll receipts, regardless of the rights of the data subject in the GDPR.
In situations where the data subject wishes to inspect or amend his or her data from data belonging to a personal register owned by a Talenom customer, the data subject must make a request for an inspection or change of the data to the controller, and the controller takes care of the implementation of the request for inspection or change of data together with the data processor Talenom. In this case, the controller must address a written request for verification to the following address: email@example.com.
The customer may describe separately in separate documentation the more detailed instructions given to the processor for the processing of personal data, which the Processor stores in customer-specific file folders, as part of the customer-specific instructions.
The notification is made by the Processor to the Controller without undue delay after the disclosure of the data protection breach. The notification describes the nature of the data breach and the measures taken as required by law.
Notification is given to the data subject by the Controller if the data breach is likely to result in a high risk to his or her rights and freedoms. The notification describes the nature of the data breach and the measures taken as required by law.
It is the Controller’s duty to notify the National Data Protection Authority within 72 hours of being reported if the data breach is likely to result in a high risk to the rights and freedoms of natural persons. The Processor assists the Controller in notifying the National Data Protection Authority of a separate request. The notification is made in accordance with the instructions of the Finnish Data Protection Ombudsman in force at the time.
Processor’s name: Talenom OyjData Protection Officer: Enni KaivorinneTel. 0207 525 535Email: firstname.lastname@example.orgAddress: Yrttipellontie 2, 90230 OuluTel. 0207 525 000 (switchboard)
The customer has given general consent to the use of subcontractors. The accounting firm provides a list of subcontractors upon request.
Talenom Tili ja Talenom Kortti julkaistaan pian. Ilmoittaudu nyt saadaksesi Talenomin uudet palvelut käyttöösi ensimmäisten joukossa. Pidämme sinut sähköpostitse ajan tasalla.
Ilmoittautumalla hyväksyt sen, että voimme olla yhteydessä sinuun. Voit milloin tahansa perua kyseiset viestintäasetukset. Lisätietoa ilmoittautumisen perumisesta, tietosuojakäytännöistä ja siitä, miten olemme sitoutuneet suojelemaan ja kunnioittamaan yksityisyyttäsi, saat tietosuojakäytännöstämme.
Voit milloin tahansa perua kyseiset viestintäasetukset. Lisätietoa tilauksen peruuttamisesta, tietosuojakäytännöistä ja siitä, miten olemme sitoutuneet suojelemaan ja kunnioittamaan yksityisyyttäsi, saat tietosuojakäytännöstämme.
Al enviar, aceptas que nos comuniquemos contigo.
Puedes encontrar más información sobre cómo darte de baja, las prácticas de privacidad y cómo nos comprometemos a proteger y respetar tu privacidad en nuestra Política de privacidad.
Genom att skicka in samtycker du till att vi kontaktar dig. Du kan hitta mer information om avregistrering, sekretesspraxis och hur vi är angelägna om att skydda och respektera din integritet i vår integritetspolicy.
Genom att skicka in dina uppgifter samtycker du till att vi kontaktar dig. Du kan hitta mer information om avregistrering, integritetsskyddsrutiner och hur vi arbetar för att skydda och respektera din integritet i vår integritetspolicy.
Talenom account and credit cards will be released soon. Sign up now to get priority access as well as updates on Talenom’s financial services.
By submitting, you agree to us contacting you.