Version 1.3, Date: 26.02.2021
This privacy statement applies to the following persons:
Tammer Biolab Ltd (hereinafter, “TBL”) would not be able to conduct its business in the field of microbiological agars and to offer its services to other companies without access to the names, electronic mail (email) addresses and/or telephone numbers of contact persons at those companies. TBL is the controller responsible for the processing of the data of contact persons at companies that are its current or potential customers and of persons applying for employment by it. TBL is committed to processing those personal data according to this privacy statement and in compliance with applicable laws. This privacy statement may be updated in the future to reflect changes in our operations or in the applicable legislation.
The controller of the personal data described in this privacy statement is:
Tammer Biolab Ltd (TBL)
Business ID: 0679027-7
Tel.: +358 50 542 2210 (+358 50 547 1184)
At TBL, privacy matters in general are handled by CEO Sakari Jokiranta; the customer register, by Riitta Valkila; and human resources, by Anne Halkosalo. The TBL data protection officer is CEO Sakari Jokiranta.
We collect, store, and process the personal data of our customers and our own personnel solely for purposes stated in advance. We always ensure that we have at least one legal basis for storing and processing the data.
The main purposes and legal bases for the processing are:
Acceptance and fulfilment of orders, customer communications, and invoicing. We collect and process personal data to fulfil our obligations under agar supply contracts and orders as well as to provide services. Within a customer relationship, we process personal data especially for the purposes of product delivery, invoicing, cash collection, customer complaints, and the management of feedback. Here the basis for data processing is the fulfilment and drafting of a contract.
Marketing communications. We carry out marketing communications via electronic and conventional mail. Since such communications is directed to both current and potential customers, we also use the personal data of contact persons for marketing purposes, including the targeting of messages and content. Here the legal basis of data processing is our legitimate interest. However, every person has the right to prohibit direct marketing to them at any time. Our direct marketing may also be based partly on the consent of the targeted person (who may have subscribed to our newsletter, for example). A balance test performed by the data controller indicates that the basic rights and freedoms of data subjects calling for the privacy of their personal data do not override the controller’s legitimate interest as a basis for processing those data.
Recruiting and job applicants. In our recruiting, we handle personal data to evaluate suitability of the person for the job and to make hiring decisions. We need your data to be able to consider you in recruitment. Our processing of your data is based on legitimate interest in applications submitted to us. However, should you decide to cancel your application before a decision has been reached and to request the erasure of your personal data, you can do so by contacting Anne Halkosalo (email@example.com). After the recruitment process, we will store your application for a period of two years from the hiring decision in order to be able to demonstrate our compliance with the law.
Fulfilment of legal obligations. In addition, we process and store personal data to fulfil our legal obligations in matters such as accounting, taxes, and the Employment Contracts Act.
The only personal data that we collect and process are those of our current and potential customers’ contact persons and those of persons applying for employment by us. We process only those data that each customer or applicant submits to us.
Current and potential customers
We collect personal data related to our current and potential customers mainly from the data subjects themselves. We obtain the data through the requests for quotations that the data subjects make, the orders that they place with us, or the billing instructions that they submit to us. In a customer relationship, we record and collect information about the customer.
We collect data pertaining to new, potential customers from their websites, through forms on our own website and, potentially, via the LinkedIn network. In the future, we may also collect data about the use of our website through the Google Analytics service. We may, in addition, obtain data pertaining to potential customers through the training sessions that we organize.
The data pertaining to customers that we collect include, in particular:
We obtain job applicants’ data from those applicants themselves and, at their permission, from other sources (such as references). Should an applicant have provided us with a link to a public profile, we may also process data in that profile.
The data pertaining to job applicants that we may process include, in particular:
Personal data are processed by TBL personnel in their work tasks as well as by the personnel of our business partners and subcontractors for payroll, financial, and logistical services. The data related to human resources can only be accessed by the CEO and the HR officer.
Most of the data that we store and process are in electronic form. We use subcontractors and service providers especially for the following functions related to personal data: cloud storage of data, customer relationship management, financial management and payroll calculation, website maintenance and website visitor analysis, email marketing, and project management (for example, any projects financed by Business Finland).
We sign a data processing agreement with any subcontractor or service provider that we use. We work to ensure that personal data are handled confidentially, in accordance with the law, and only in our own interest.
In addition, we may disclose personal data when required to do so by applicable law, a court, or other legal authority. We may also transfer your personal data should we part of a transaction such as an acquisition.
TBL does not disclose personal data to parties outside the European Union (EU). However, since the data storage and processing are mostly electronic and are often performed within cloud-based services, some of the relevant service providers or their servers may be located outside the EU. One such service provider is Google. In this case, we make sure that the data transfer fulfils the conditions required by the law. The preferred condition is a decision by the European Commission on an adequate level of protection for personal data in the receiving country. The second preference is for the transfer to take place under the standard contractual clauses adopted by the Commission.
We will not store your personal data any longer than is necessary for those data to fulfil their purpose or than is required by the law. The storage period may vary depending on the purpose and legal basis of the data processing and on the situation. A person’s data may also be erased when that person withdraws their consent or requests such erasure (and TBL has no other legal bases for the data processing), the relevant contract expires, or the data are outdated or erroneous. The storage period is also governed by legislation (for example, laws on accounting and taxes and the Employment Contracts Act), and the deadlines for submitting legal claims (for example, the statute of limitations for a civil lawsuit).
Personal data are stored almost exclusively in electronic form, and the safeguards for their protection follow industry standards. We have lists of delivery addresses on paper, as a precaution, but we take the appropriate measures to keep the lists protected. We select reputable service providers for the storage and processing of the data. We handle the data in such a way as to protect their confidentiality, and we will not share them publicly or sell or rent them to third parties for marketing purposes. Our premises are also locked and well protected.
Most disclosure of personal data is voluntary. This is true especially of the data relating to potential customers and job applicants. However, some disclosure and processing of personal data is required for us to be able to fulfil our obligations in a customer relationship. Only through them can we, on the one hand, ascertain that persons who sign contracts with us on behalf of our business customers are authorized and competent to do so and, on the other hand, deliver the products that customers have ordered from us and send them invoices for those products. As for our potential customers, we generally ask them to submit an email address and other contact information through our website.
In cases where our processing of your data is based on consent, you can withdraw that consent at any time by telling us so in an email to firstname.lastname@example.org.
Accessing data, submitting a request to check the data, and prohibiting direct marketing
You have the right to ask us whether we process your personal data and which data on you we process. You also have the right to information about the bases for the processing. In addition, you have the right to ask for the correction of any incorrect, outdated, or otherwise erroneous data that we have of you. You can also, at any time, prohibit our direct marketing or newsletters to you. Requests for accessing data or correcting them and prohibitions on direct marketing should be sent by email to email@example.com.
Right to object to processing
If our processing of your personal data is based on public interest, applicable legislation, or our legitimate interest, you have the right to object to that processing insofar as there is no such compelling reason for the processing as would supersede your right of objection and the processing is not necessary to meet a legal claim. You also have the right, in certain circumstances, to demand us to limit the extent to which we process your personal data.
Right to the transfer of data
If our processing of your data is based on consent or the fulfilment of a contract, you have the right to obtain, in a commonly used format, the data that you have submitted to us so that they can be transferred to another service provider.
Right to have data erased (right to be forgotten)
You have the legal right, in certain circumstances, to have your data erased. One such circumstance is where the data are no longer needed to fulfil the purposes for which they were originally collected.
How can I exercise my rights?
You can exercise the rights described above by sending an email message to firstname.lastname@example.org or by contacting us through other means using the information provided below. We ask you to submit, at the same time, a proof of your identity, such as a signed request for inspection or a copy of your passport, driver's license, or other identity document (without your personal identification number and other such information that we do not need). Should you think that the processing of your data is unlawful, you can also lodge a complaint with the supervisory authority (Data Protection Ombudsman).
We may revise this privacy statement to bring it up to date should our operations or the principles that we follow in processing personal data change. An update may also be necessitated by a change in the applicable law. Any changes will come into effect when published by us. We therefore ask you, at any rate, to review this privacy statement regularly.
Tammer Biolab Ltd
Business ID: 0679027-7
Tel.: +358 50 542 2210
Privacy matters in general are handled by CEO Sakari Jokiranta; the customer register, by Riitta Valkila; and human resources, by Anne Halkosalo. The TBL data protection officer is CEO Sakari Jokiranta.