Privacy Policy

Privacy notice

Updated 9.5.2022

On this page you will find general information about Codemen Oy’s data protection policy concerning the caleo.fi- presentation website as well as data protection and privacy notice in accordance with the EU’s general data protection regulation (GDPR, 679/2016). Caleo software has its own privacy policy.

General

Codemen Oy is a consulting company producing IT services and software solutions. Our solid know-how and the long experience of our staff lead to high-quality and secure solutions in which a person’s data protection is taken into account responsibly as required by law and regulations.

Codemen Oy constantly strives to improve the level of Data security and data protection management and to prevent threats to it. We do this together with all our staff and all our stakeholders.

The goals of Data security and data protection are defined in our company’s information security policy, and it is part of our company’s risk management based on ISO-27001 and ISO-9001 standards, VAHTI recommendations and best practices in the field of information technology.

Codemen Oy monitors standards, legislation and regulations related to data security and data protection and takes measures required by these changes if necessary.

Caleo is a cloud-native platform developed by Codemen Oy, enabling us and our customers and partners to easily and effortlessly to manage and maintain record of staff proficiency and capabilities. Caleo enables you to quickly find the specialist you need from our network of 4000+ professionals.

Data protection policy

1. The Controller

Codemen Oy (Business ID 2577936-4)

Kauppaneuvoksentie 8, 00200 Helsinki

+358 10 336 2600

2. Contact data in protection matters

Data Protection Officer
Tuomas Huokuna

phone: +358 (50) 466 2727
email: tuomas.huokuna (at) codemen.fi

Contacts in matters concerning data protection are addressed to the email address

tietosuoja (at) codemen.fi

3. Registers concerned

Marketing registry of Caleo-software.

4. Legal basis and purpose of the processing of personal data

We collect personal data in this registry for following purposes:

marketing register (purposes: development of business, communications, website analytics and data collection, cookies)

We regularly update this privacy notice, so please check it every now and then

The legal basis for the processing of personal data is the legitimate interest of the controller.

In the case of cookies, the processing is based on the user’s consent or, in the case of cookies necessary for the operation of the site, a legitimate interest. The user can manage their cookie settings on the website.

Personal data is used to improve the user experience of the website and for business development and marketing purposes.

Necessary cookies are used to ensure the operation of the site. Other cookies are used to develop the controller’s services and website.

Personal data is also subject to analytics use and development of our marketing and services.

5. Data content of the register

The register may contain the following Data

First and last name
Title/position
employer and employer contact Data
email address
telephone number
cookies, analytics data

In addition, the register may collect Data on the data subject’s participation and registration for events organized by the controller.

6. Regular sources of data

The Data contained in the register is collected through a customer or partnership relationship, through the website’s contact form, and from registrations and participation in events.

Cookies and analytics data are stored when you use the website.

7. Disclosure of the contents of register

The contents of the register will not, in principle, be disclosed or transferred outside the EU and the European Economic Area and is by default stored in servers and data storages that are located in European Economic Area.

Data is disclosed to our partners, such as:

Business development partners, marketing partners
IT infrastructure providers such as cloud service providers (eg. Microsoft, Amazon) or different software providers (eg. CRM-software)
Communication solution providers

Least possible amount of data is always disclosed.

Data contained in our registers is not by default transferred outside the European Economic Area. Servers and data storages we use are located in the European Economic Area. However, service providers we use may be from third countries and such providers or governmental authorities may have access to data due to administrative structure or statutory demand.

When data is transferred outside the European Economic Area, we comply with European Commission standard contractual clauses and additional safeguards to protect the data.

However, Data may be disclosed to authorities, for example, on the basis of a legal requirement.

8. Protection of the register

The register exists only in electronic form in the company’s high-security cloud service and is protected by appropriate administrative and technical security measures.

Access to the register is only possible with an encrypted connection and a personal username and password. The use of the register is confidential and its access is limited to persons belonging to the controller’s own staff whose duties require access to the register. The staff of the controller has a duty of confidentiality and has received appropriate training in data security and data protection.

An example of limitation: access to data collected on ”contact us”-form is allowed for specificly authorized personnel only.

9. Data retention period

The Data collected in the register shall be kept only for as long and to the extent necessary in relation to its purpose. The Data content of the register, the legal basis for use and the need for processing shall be assessed at least every three (3) years.

10. Rights of the data subject

a) The right of access to personal data

The data subject has the right to receive confirmation as to whether personal data concerning him or her are being processed and, if so, the right to receive a copy of his or her personal data.

b) Right to rectification of data

The data subject has the right to request that incorrect or inaccurate personal data concerning him or her be corrected or supplemented.

c) Right to delete data

The data subject has the right to request the deletion of personal data concerning him or her if: – the personal data are no longer needed for their original purpose – the personal data have been processed unlawfully.

d) Right to restrict processing

The data subject has the right to restrict the processing of personal data concerning him if: – the data subject denies the accuracy of the data – the processing is unlawful and to defend.

e) Right to object

The data subject shall have the right to object to the processing of his data on the basis of his personal situation if the controller cannot demonstrate that there is a substantial and justified reason for the processing which overrides the data subject’s interests, rights and freedoms.

f) The right to transfer data from one system to another

The data subject shall have the right to obtain his or her register data in a commonly used and machine-readable form and to transfer such data to another controller.

g) Right of appeal to the supervisory authority

The data subject has the right to lodge a complaint with the national supervisory authority, which is the Data Protection Officer attached to the Ministry of Justice, if the data subject considers that the processing of personal data concerning him or her has infringed the relevant legislation.

For more information

All requests for information and other contacts must be forwarded to the person responsible for the register at the access point mentioned in point 2.