Privacy statement

Controller and contact information in matters concerning data protection:

3PLogistiikka Group Oy

Panimokatu 1, 20760 Piispanristi (Turku)

VAT: 2568176-2

1. General

This statement explains how 3PLogistiikka Group Oy (hereinafter also "data controller") collects and processes the personal data of its customers' and partners' contact persons. You are in contact with the controller if you have any questions regarding the processing of your personal data.

2. Purpose and legal basis of personal data processing

The controller processes the personal data of the contact persons of its customers and partners in order to respond to contacts, deliver orders, maintain customer relations, organize financial administration, and implement and target marketing. The legal basis for the processing is the data subject's consent or the controller's legitimate interest (conducting and promoting business). Personal data is not used for automatic decision-making or profiling.

3. Personal data groups

The controller can process the following personal data: name, work contact information, represented organization and position in the represented organization, as well as any data collected by cookies used on the site.

4. Sources of information

The information is basically collected from the registrant himself or the organization he represents. If necessary, personal data can also be collected from organizations' websites, directory services or other public sources. Providing personal information is not mandatory by law or contract. Providing certain personal data is, however, a prerequisite for concluding and complying with the agreement between the data controller and this customer or partner, as well as for providing the data controller's services.

5. Disclosure of information

As a general rule, the controller does not hand over the personal data it processes to third parties. However, the controller may hand over personal data to the external service providers it uses, i.e. personal data processors, who process personal data on behalf of the controller in accordance with the instructions given by the controller. Such a service provider is, for example, the technical implementer of the data controller's Extranet. The controller requires that such personal data processors comply with data protection legislation and appropriate measures to protect personal data. Personal data processors do not have the right to use the personal data provided by the controller for their own purposes.

6. Data transfer outside the EU or EEA

Personal data is located and processed mainly within the EU. In certain cases, personal data can be transferred and processed outside the EU or EEA, if the personal data processor used by the controller is located outside the EU or EEA. An example could be the service providers of certain cloud services or other marketing applications. In such cases, the controller ensures an adequate level of personal data protection, for example by requiring the personal data processor to accept the standard clauses approved by the European Commission as part of the agreement between the controller and the personal data processor.

7. Principles of data protection

The controller uses appropriate technical and administrative measures to protect personal data.

Personal data is processed only by persons who need the information to perform their duties. Access to personal data is managed with usernames and strong passwords.
The personnel of the registrar handle personal data confidentially. The registrar has verified the technical and physical security level of the systems used to process personal data.
The registrar maintains the technical data security of the systems with regular updates.

8. Retention periods for personal data

The registrar keeps personal data only as long and to the extent that they are necessary and the registrar uses them for the purposes described in section 2 above. Basically, personal data is stored for as long as the customer or cooperation agreement between the controller and the organization represented by the registered person is valid. After this, the data will be deleted without undue delay.

In order to fulfill its obligations according to the Accounting Act (1336/1997), the registrar keeps the personal data contained in the accounting material for ten (10) years from the end of the accounting period to which the accounting material applies.

9. Cookies

The controller uses cookies on its website. A cookie is typically a small text file that the browser stores on the user's terminal device. Individual visitors cannot be identified using cookies alone. Cookies do not damage the visitor's terminal device or files. Basically, the controller only uses cookies that are necessary for the basic functions of the website, which guarantee the functioning of the website. In addition, with the consent of the visitor, for example, Google Analytics and Leadfeeder cookies can be used to analyze site traffic and target marketing. Cookies used on the site can be managed using the cookie banner displayed on the site. Cookies other than essential are not used, unless the visitor has specifically agreed to it. Preventing the use of cookies or deleting them may hinder some functions of the site.

10. Rights of the registrant

10.1. General

The registered person can exercise his rights described in this section 10 by contacting the controller by e-mail. The controller notifies the data subject of the measures implemented based on the request, basically within one month of receiving the request. The registered person will also be notified if the controller will not fulfill the request for some reason. Using the rights is basically free of charge. In order to exercise the data subject's rights, the controller may have to request additional information from the data subject in order to identify the data subject in a sufficient manner.

10.2. The right to access personal data

The registered person can ask the controller for information on whether personal data concerning him or her is being processed. The registered person can ask the controller for information about the data collected about him and can access it.

10.3. The right to correct data

The registered person can ask the controller to correct or complete the personal data of the registered person, if they are inaccurate, incorrect or incomplete.

10.4. The right to delete data

The registered person can ask the controller to delete the registered person's personal data, for example, if the personal data is no longer necessary for the processing purposes for which it was collected. In all situations, the controller cannot delete personal data, if it is the controller's legal obligation to store them or there is another legal basis for their storage.

10.5. The right to restrict processing

The data subject can request the restriction of the processing of his personal data in certain situations defined in data protection legislation, such as when the data subject has denied the accuracy of his personal data. In this case, the processing is limited to the period during which the controller ensures accuracy. Limiting the processing of personal data means that personal data can only be processed on very limited grounds defined in data protection legislation.

10.6. Right to object

The registered person can object to the processing of his personal data, if the processing is based on the legitimate interest of the controller. In this case, the data controller may no longer process the personal data in question, unless the data controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the data subject's rights.

10.7. The right to withdraw consent

If the processing of personal data is based on consent, the data subject can withdraw the consent they have given at any time.

10.8. The right to transfer data from one system to another

The data subject can, under certain conditions defined in the data protection legislation, request the data controller to provide the data subject with such personal data that the data subject has provided to the data controller, and transfer these to another data controller.

10.9. The right to file a complaint with the supervisory authority

The registered person can file a complaint with the national supervisory authority if, in the registered person's opinion, the controller does not process personal data appropriately or implement the registered person's rights in an adequate manner. A notification to the Finnish national data protection authority can be made at https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

11. Changing the privacy statement

The controller reserves the right to update the data protection statement in case of changes in the processing of personal data by the controller and/or applicable legislation. The controller recommends that you familiarize yourself with the content of the data protection statement regularly. The registrant will be notified of significant changes to the processing of personal data by e-mail.

Privacy statement for job seekers

Controller and contact information in matters concerning data protection:

3PLogistiikka Group Oy

Panimokatu 1 20760 Piispanristi

Email: info@3pl.fi

Y-tunnus: 2568176-2

1. General

This statement explains how 3PLogistiikka Group Oy (hereinafter also "the controller") collects and processes your personal data when you apply for a job with the controller. You are in contact with the controller if you have any questions regarding the processing of your personal data.

2. Purpose and legal basis of personal data processing

The controller processes personal data to implement the recruitment process and related measures. Personal data is processed, for example, to determine the suitability of a job seeker, arrange a job interview and select a job seeker. The legal basis for the processing of personal data is your consent or the implementation of measures prior to the conclusion of an employment contract at your request. If the recruitment process leads to the creation of an employment relationship, personal data is also processed, for example, to comply with the legal obligations of the controller. The controller does not use automatic decision-making or profiling in its operations.

3. Personal data groups

The controller collects and processes only such personal data as is necessary for the recruitment process and the position being applied for. Such personal data include, for example:

Identification and contact information of the job seeker:
First and last name
Date of birth
Contact information, such as email address, phone number and home address
Information regarding skills and work experience: The job seeker's education and work history
Other skills, such as language skills and possibly acquired work permits, cards and passports
Any other information regarding skills and work experience contained in the resume and/or job application
Other information collected during the recruitment process: Possible personal and suitability assessments
Other information collected during the recruitment process, such as information about referrers

4. Information sources

The information is basically collected from you when you submit a job application on the controller's website, when you are in contact with the controller or in connection with a job interview. Providing information is not a legal or contractual obligation of the job seeker, but failure to provide information can prevent the recruitment process from progressing. In situations permitted by legislation or with your consent, the controller can also collect information from the registers of different authorities. You will be notified in advance if the data controller acquires information for the purpose of establishing reliability. If the controller obtains your personal credit information, you will also be informed from which register the personal credit information is obtained.

5. Disclosure of information

As a general rule, the controller does not hand over the personal data it processes to third parties. However, the Controller may hand over personal data to such external service providers, i.e. personal data processors, who process personal data on behalf of the Controller in accordance with the instructions given by the Controller. Such a service provider is, for example, the technical implementer of the website of the data controller. Personal data processors do not have the right to use the personal data provided by the controller for their own purposes.

6. Data transfer outside the EU or EEA

Personal data is located and processed mainly within the EU. In certain cases, personal data can be transferred and processed outside the EU or EEA, if the personal data processor used by the controller is located outside the EU or EEA. An example could be the service providers of certain cloud services. In such cases, the controller ensures an adequate level of personal data protection, for example by requiring the personal data processor to accept the standard clauses approved by the European Commission as part of the agreement between the controller and the personal data processor.

7. Principles of data protection

The controller uses appropriate technical and administrative means to protect your data. Your personal data will only be processed by persons who need the information to perform their work tasks. Access to your personal data is managed with usernames and strong passwords. The personnel of the registrar handle your personal data confidentially. The registrar has confirmed the level of technical and physical data security of the systems used to process your personal data. The registrar maintains the technical data security of the systems it uses with regular updates.

8. Retention periods for personal data

If you have applied for a specific position, your personal data will be deleted one (1) year after you have been informed of the selection decision for that position. If you have submitted an open application, your personal data will be deleted one (1) year after submitting the application. The retention period is based on the claim periods in the employment situation according to the Equality Act (1325/2014) and the Act on Equality between Women and Men (609/1986). If the recruitment process leads to the creation of an employment relationship, the processing of personal data collected during the recruitment process that is necessary for the employment relationship can be continued.

9. Cookies

10. Rights of the registrant

10.1. General

You can exercise your rights described in this section 10 by contacting the controller by email. The registrar will inform you of the measures taken based on your request, as a rule, within one month of receiving the request. You will also be notified if, for some reason, the controller will not fulfill your request. Using the rights is basically free of charge. Please note that in order to exercise your rights, the controller may have to ask you for additional information in order to identify you in a sufficient way.

10.2. The right to access information

You can request information from the controller about the personal data collected about you and get access to it. You can also ask the Controller for information on whether personal data concerning you is being processed.

10.3. Right to rectification of data

You can ask the controller to correct or complete your personal data if it is inaccurate, incorrect or incomplete.

10.4. The right to delete data

You can ask the controller to delete your personal data, for example, if the personal data is no longer necessary for the processing purposes for which it was collected. Please note that the data controller cannot delete your data in all situations, if it is a legal obligation of the data controller to keep them or there is another legal basis for keeping them.

10.5. The right to restrict processing

You can request the restriction of the processing of your personal data in certain situations defined in data protection legislation, such as when you have disputed the accuracy of your personal data. In this case, the processing is limited to the period during which the controller ensures accuracy. Limiting the processing of personal data means that your data can only be processed on very limited grounds defined in data protection legislation.

10.6. The right to withdraw consent

As the processing of your personal data is based on your consent, you can withdraw your consent at any time.

10.7. The right to transfer data from one system to another

Under certain conditions defined in data protection legislation, you can ask the data controller to provide you with such personal information about yourself that you have provided to the data controller, and transfer these to another data controller.

10.8. The right to file a complaint with the supervisory authority

You can file a complaint with the national supervisory authority if you think the Controller does not process your personal data appropriately or exercise your rights in an adequate manner. You can make a report to the data protection commissioner's office at www.tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

11. Changing the privacy statement

The controller reserves the right to update the data protection statement in case of changes in the processing of personal data by the controller and/or applicable legislation. The controller recommends that you familiarize yourself with the content of the data protection statement regularly. You will be notified of significant changes regarding the processing of your personal data by email.

The statement has been updated 9.11.2023.