SOLEMO Oy (0790905-7)
Vanha talvitie 19 A
00580 Helsinki
SOL Tietosuoja
tietosuoja-asetus@sol.fi
Personnel register
2025-05-06
Legal Obligation
Depending on the group and purpose of the personal data, either:
- legal obligation (salary payment, official declarations, etc.)
- contract (processing agreed in the employment contract)
- consent (personal testing, etc.)
The purpose of the filing system is to enable the implementation of the company’s employment relationships, payment of wages and other related tasks.
Tasks related to payroll calculation and the payment of wages may also be outsourced. In this case any such data related to the data subject that is required for payroll calculation or the payment of wages can be transferred to supplier for the purpose of carrying out outsourced tasks.
The data controller’s personnel
The data controller’s personnel and outsourcing partners when applicable.
Right to withdraw consent, where the legal basis for processing is consent:
By contacting the data controller using the contact details provided at the contact point
Personal data filing system contains the following information:
- First and last name of the individual
- Personal identity code / National identification number
- Date of birth
- Gender
- Nationality / Citizenship
- Employee number
- Email address
- Postal address
- Phone number
- Bank account details
- Tax information
- Other payroll-related information
- Employee’s employment history
- Employee’s education history
- Information related to the employee’s professional development in work tasks (including training-related information)
- Other employee qualification information
- Information related to the employee’s health
- Absence-related information
- Information related to work shift planning and actual work shifts
- Name and contact details of the employee’s potential next of kin / close relative
- Information related to the termination of employment, such as a certificate of employment
- Other employment-related information
- Information related to information security (device information, login details, network location, behavioral patterns)
Data stored in the filing system comes from the data subject. Data are also collected from authorities or other sources with the data subject’s consent.
The data in the register will not be retained for more than 10 years after the termination of the employment relationship. In some cases, the retention period is shorter and is based, for example, on statutory limitation periods under employment legislation or retention periods required under accounting legislation.
Data in the filing system will not be disclosed to third parties unless disclosure is required for the maintenance of employee relations of the payment of wages.
Personal data in the register are not regularly transferred outside the EU or EEA. However, it is possible that service providers located outside the EU/EEA are used in the processing, or that service providers’ cloud environments are located outside the EU/EEA. In such cases, the transfer is based on the Standard Contractual Clauses (SCCs), and additional safeguards have been implemented for the transfers, such as internal policies (e.g. on the pseudonymisation of personal data and similar measures) and, where necessary, a Transfer Impact Assessment (TIA).
Where an organisation processing personal data is certified under the EU–US Data Privacy Framework (DPF), this framework is used as the transfer mechanism during its validity.
Manually maintained and processed materials are stored in premises to which unauthorised access is prevented. For example, employment contracts may be stored in locked cabinets, to which access is restricted to specifically designated individuals.
All other data related to the filing system is only kept in electronic format, and data are only processed electronically. Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of employee supervision, monitoring, payroll tasks or other tasks related to the maintenance of employee relations. The filing system is kept on a protected server which is located in the EU area.
The protection of all data in the filing system is carried out in accordance with the applicable data protection legislation, instructions issued by authorities, and good data processing practices.
Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of employee supervision, monitoring, payroll tasks or other tasks related to the maintenance of employee relations. The filing system is kept on a protected server which is located in the EU area.
The protection of all data in the filing system is carried out in accordance with the applicable data protection legislation, instructions issued by authorities, and good data processing practices.
The processing of personal data does not involve solely automated decision-making carried out without human involvement, where such decisions produce legal effects or similarly significantly affect the data subject.
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.
The data subject has the right to transfer his or her own data from one system to another.
The transfer request can be addressed to the registry contact person.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.
A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.
The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.
Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.
If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.
The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.
Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 tietosuoja@om.fi www.tietosuoja.fi/en/
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.