Access control register

Privacy policy
Last updated


Oy Duell Bike-Center Ab (2464132-0)
Kauppatie 19
65610 Mustasaari

Contact person in matters concerning the register

Sami Ilvonen sami.ilvonen (at)

Legal basis for processing


Purpose of personal data processing

Monitoring staff turnover. The basis for processing is the contract.

The personal data groups in question

Name, location

Recipients and recipient groups

The controller's staff, where applicable, and possibly also stakeholders of the controller (service providers, data management, etc.).

Data content of the register

Person’s first and last name Number of access pass
 Premises in which office is located
 Access pass validity permanent/temporary 
Access permission group
 Working hours monitoring group

Regular sources of information

System contact persons for units. Access grant applications. 
Clock-ins at working hour recorders

Personal data retention period

The data is kept for 10 years from the end of the employment relationship.

Regular transfers of information

For the part of working hour monitoring, realisation and deviation reports to supervisors by month of by wage period. Data in the filing system will not be disclosed to third parties unless disclosure is required for the maintenance of employee relations of the payment of wages.

Data transfer outside the EU or EEA

As a rule, the data in the register is not transferred outside the EU or the EEA. However, it is possible that service providers outside the EU/EEA are used for processing or that the clouds of service providers are located outside the EU/EEA, in which case SCC standard clauses are used as the basis for data transfer and additional safeguards are implemented for data transfers, such as internal guidelines (on pseudonymisation of personal data and the like) and possibly TIA analysis where appropriate.

Principles of register protection A: Manual material

Manual material is stored in locked rooms. The protection and processing of data in the register is in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good data processing practice.

Principles of register protection B: Electronic material

Only designated employees of the organisation and of companies acting on its behalf are entitled to access and maintain the customer and client register. Each designated user has his or her own personal username and password. Each user has signed a confidentiality undertaking. The system is protected by a firewall which protects access to the system from outside. A username and password are required to access the data The protection and processing of data in the register is in accordance with the provisions and principles of the Data Protection Act, the regulations of the authorities and good data processing practice.


We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site. Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website. The following types of data are collected using cookies: - visitor’s IP-address - time of visit - browsed pages and time of browsing - visitor’s browser Your rights A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

Inspection right, i.e. the right to get access to personal data.

The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The right to transfer data from one system to another

The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information

Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified. A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right of limitation

The data subject has the right to request restriction of processing, for example if the personal data in the register are inaccurate. Contact the person responsible for the register.

Right to object

The data subject has the right to request personal data concerning him or her and the right to request the rectification or erasure of personal data. Such requests may be addressed to the contact person of the register. If you are the contact person of a company or organisation, your data cannot be deleted during this period.

The right to file a complaint with the supervisory authority

If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700

Other rights related to the processing of personal data

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten after employment is terminated.