Keystaff Oy (3404513-5)
Linnoitustie 6
02600 Espoo
Tietosuojavastaava
privacy@keystaff.fi
Website visitors
2025-04-16
Legitimate Interest
The purpose of the filing system is to ensure the security of the company’s website.
Collected data (IP address) is only used in the event investigations related to faults or data breaches.
The legal basis for processing is legitimate interest and, in the case of cookies and similar tracking technologies, consent.
The data controller must process personal data in order to carry out tasks related to its business operations. In this context, the processing of personal data cannot necessarily be justified on the basis of a legal obligation or a contract concluded with the individual.
Based on a balancing test, the data controller has determined that legitimate interest is the most appropriate legal basis for processing, taking into account the nature and scope of the processing as well as the rights and freedoms of the data subjects.
The data controller has assessed that processing based on legitimate interest does not cause serious harm to the rights and freedoms of the individuals concerned (data subjects).
IP address, visit time and pages visited.
Limited, authorised personnel of the website administration server provider.
Consent is given through the banner on the website and can be withdrawn through the "Cookie Settings" section.
Personal data filing system contains the following information:
- IP address
- time of visit to website
- pages visited by the visitor
Data are obtained from the customer when they visit the organisation’s website.
The data are never separately removed from the webserver.
The data in the register is used only by the company, except when an external service provider is used, in which case the data may also be used by that service provider.
Data is not disclosed outside the company or for use by its partners, except in connection with data breaches and similar situations.
Data in the register is not regularly disclosed outside the EU or EEA. However, it is possible that service providers located outside the EU/EEA are used for the processing or that the cloud services of service providers are located outside the EU/EEA. In such cases, the transfer is based on the SCC standard contractual clauses, and supplementary safeguards have been implemented for the transfers, such as internal instructions (regarding the pseudonymisation of personal data and similar measures) and, where necessary, a TIA analysis.
When the organisation processing personal data has committed to the EU-US Data Privacy Framework (DPF), it is used as the basis for the transfer during its period of validity.
Only designated employees of the organisation and of companies acting on its behalf have the right to use the website maintenance server.
Each designated user has a personal username and password. Each user has signed a confidentiality agreement.
The system is protected by a firewall that protects the system from external connections.
The protection and processing of the data in the register comply with the provisions and principles of data protection legislation, the orders of the authorities, and good data processing practice.
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customise the visitor’s user experience on the website, as well as to analyse and improve the functionality and content of the website.
Data collected through cookies may also be used for targeted communication and marketing, as well as for optimising marketing measures. A visitor cannot be identified solely through cookies. However, information obtained through cookies may be linked to information possibly received from the user in another context, for example when the user fills in a form on our website.
The following types of data are collected through cookies:
visitor’s IP address
time of visit
pages viewed and page view times
visitor’s browser
Your rights
A user visiting our website may at any time prevent the use of cookies by changing the settings in the cookie banner. Some browser programs also allow cookies to be disabled and cookies already stored to be deleted.
Preventing the use of cookies may affect the functionality of the website.
The results of data processing are not used for profiling or other related purposes.
The data subject has the right to check what data concerning them is stored in the register. A request for access must be sent from an identifiable email address to the data controller’s Data Protection Officer.
When legitimate interest is used as the legal basis for processing, the data subject does not have the right to transfer their data from one system to another.
Any personal data in the register that is incorrect, unnecessary, incomplete or outdated in view of the purpose of processing must be rectified, erased or supplemented.
A request for rectification must be sent from an identifiable email address to the data controller’s Data Protection Officer.
The request must specify which data is required to be rectified and on what grounds. The rectification shall be carried out without delay.
The correction of an error shall be notified to the party from whom the incorrect data was received or to whom the data was disclosed. If the request for rectification is denied, the person responsible for the register shall provide a written certificate stating the reasons why the request was denied. The data subject may refer the denial to the Data Protection Ombudsman for decision.
The data subject has the right to request restriction of processing, for example if the personal data in the register is incorrect. Requests must be sent from an identifiable email address to the data controller’s Data Protection Officer.
The data subject has the right to request personal data concerning them, and the data subject also has the right to request the rectification or erasure of personal data. Requests must be sent from an identifiable email address to the data controller’s Data Protection Officer.
If you act as a contact person for a company or organisation, your data cannot be erased during this period.
If you consider that the processing of personal data concerning you violates the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority.
You may also lodge a complaint in the Member State in which you have your habitual residence or place of work.
The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
P.O. Box 800, Ratapihantie 9, 00521 Helsinki
Tel. +358 29 56 66700
tietosuoja@om.fi
www.tietosuoja.fi
The data subject has the right to prohibit the disclosure and processing of their personal data for direct marketing and other marketing purposes, to request the anonymisation of data where applicable, and the right to be forgotten.