Information notice - external actors operating in Orion Corporation´s offices

General Data Protection Regulation (2016/679), Articles 13 and 14
Date of drafting: November 29th, 2018 / updated December 13th, 2023

We may update or revise this Information Notice at any time, with any notice to you as may be required under applicable law.

1. Controller / Company

Orion Corporation (Company Identification Number: 1999212-6)
Orionintie 1
02200 Espoo
Finland
Tel. 010 4261

2. The person in charge / contact person

Contact person: Tomi Hyppönen
Orion Corporation
Orionintie 1A
02200 Espoo
Tel. 010 4263001
e-mail: Tomi.hypponen@orion.fi
Contact details of the Data Protection Officer:
privacy@orion.fi

3. Name of the data file

4. The purpose for processing the personal data / recipients (or categories of recipients) of personal data / the legal basis for processing the personal data

The purpose for use of this data file is to store and process personal data of
external actors operating in Orion Corporation´s offices. The data in this data
file is used for the management of the service relationship with Orion´s external
actors and relates to, among other things:

Organization of trainings and inductions to access rights, as well as
organization of department specific trainings.

Management of training and qualification data.

Security clearances in accordance with Orion´s security clearance
process with respect to external actors and maintaining concise status
data of security clearances.

Key management to the extent that keys are in the possession of data
subjects.

Management of persons participating in the fire work permit/work
permit policy and management of permits.

Management of construction sites to the extent that Orion acts as the
project supervisor in its projects and is obligated to inform employee data
to the tax authorities. Personal data is received and processed by ILVE
(Ilmoitusvelvollisuus.fi). Orion´s contact person has the possibility to
review a person´s data and receive reports regularly of persons on Orion´s
construction sites. ILVE notifies the tax authorities of any changes to the
information.
Storage of the trump card´s data (commercial product, which is a card
with a photo and a tax number). Usage of the card is a statutory
requirement for those on the premises. Orion´s contact person has the
right to process the personal data.

Management and documentation of Orion´s construction projects.
Personal data is received and processed by Orion´s designated person,
who also determines what projects a person can handle.

The data in this data file is also used for other internal services of Orion, such as
CCTV and access control.

We may share your information with third parties who assist us by performing
technical operations such as data storage and hosting.

If ownership or control of Orion Corporation or all or any part of our products,
services or assets changes, we may disclose your personal data to any new
owner, successor or assignee.

Legal Basis of Processing of Personal Data:

If processing of personal data is necessary to fulfil Orion´s legal obligations, such
as for tax purposes, the legal basis is article 6.1(c) of the GDPR.

If processing of personal data is necessary for the performance of a contract, such
as, the service contract with the data subject, the legal basis is article 6.1(b) of the
GDPR.

To the extent that processing is not necessary for the above-mentioned purposes,
the legal basis of processing of personal data is legitimate interests of the
controller/ to ensure the health and safety of Orion employees and other data
subjects staying on the premises. We only process personal data based on our
legitimate interests, in case we have deemed, based on the balancing of interest
test, that the rights and interests of the data subject will not override our legitimate
interest.

5. Content of the data file

The data file contains following personal data of Orion´s external actors:

Name
Date of birth
Phone number
Email
Address
Home country
Nationality and personal identification number (personal identification
number is only visible when data is being fed)
Tax number
Company, business identity code, company´s name and email, contact
person
Data on the content of the induction/training
Completed access right´s induction /training
Status data of the security clearance situations
Data about the keys in a person´s possession. There are also paper copies
of the receipts of the keys
Period of validity of the fire work permit
Task profile (e.g. entrepreneur, employee)
Date and time of the first and last signing in to the ILVE system
Period of validity of the card
Photo

6. Source of information

1-2. The information is entered by hand into the training register and key control

system based on the personal data in the IAM system.

3. Fire work permit/work permit application data is entered by hand based on the

data given by the user.

4. Construction site management register constitutes of data reported by the

person him/herself to the ILVE system in accordance with the system

instructions.

5. The information concerning the trump card is entered by hand to the system

based on the information given by the user.

6. The construction project register constitutes of data reported by the data

subject him/herself to the Sokopro system in accordance with the system

instructions.

7. Transfers of personal data to countries outside the European Union or the European Economic Area

Personal data from the register is not transferred outside of EU or European Ecomic Area.

8. Retention period of the personal data

The retention period of this data file is determined by the duration of the ongoing

projects per system or depending on whether the data subject still works for the

company providing services to Orion. Controller also stores the information for

as long as necessary in order for the controller to satisfy legal or contractual

obligations, industry self-regulation, or in order to establish, exercise or defend

legal claims.

9. The principles how the data file is secured

A. Manual data

Key receipt forms are stored in locked and monitored areas of the guards. Only

the security staff has access to the area.

Department specific training documents are stored in the department’s locked

area.

B. Electronic data

1. Training register table is situated at security related matters working site,

and the right to make modifications is restricted to the information

administrator (guards, instructors, processors of security clearances).

Other Orion users have the right to view the site.

2. Access to the key control system is restricted to persons maintaining

security. User rights are processed via IAM-rights management system

and are checked annually by the register´s contact person. All users have

a personal account to the system.

3. Access to the fire work permit application/work permit application is

restricted to persons maintaining security and persons granting work

permits. Users have a personal account to the system.

4. Access to the Ilmoitusvelvollisuus.fi application is restricted to a

separately named person. Users have a personal account to the system.

5. Access to the Tilaajavastuu.fi application is restricted to a separately

named person. Users have a personal account to the system.

6. Access to Sokopro application is restricted to a separately named person.

Users have a personal account to the system.

10. Right of access

The data subject shall have the right of access, after having supplied sufficient

search criteria, to the data on himself/herself in the personal data file, or to a

notice that the file contains no such data. The controller shall at the same time

provide the data subject with information on the sources of the data, on the uses

for the data in the file, and the destinations of disclosed data.

The data subject who wishes to have access to the data on himself/herself, as

referred to above, shall make a request to this effect to the person in charge at

controller by a personally signed or otherwise comparably verified document and

by verifying his or her identity by attaching a copy of an official identification

document.

11. Right to object to processing

In case the legal basis for processing the personal data is the legitimate interests

of the controller, the data subject has the right to object to processing on grounds

relating to his or her particular situation.

In case the data subject wishes to use its above-mentioned right, he or she shall

make a request to this effect to the person in charge at the data controller by a

personally signed or otherwise comparably verified document in writing to the

representative of the data controller named under section 2. hereinabove.

12. Rectification, restriction of processing and erasure

A controller shall, on its own initiative or at the request of the data subject, without

undue delay rectify, erase or supplement personal data contained in its personal

data file if it is erroneous, unnecessary, incomplete or obsolete as regards the

purpose of the processing. The data controller shall also prevent the dissemination

of such data, if this could compromise the protection of the privacy of the

individual or his/her rights.

Under specific circumstances, the data subject has the right to obtain from the

controller restriction of processing of his or her personal data.

If the controller refuses the request of the data subject of the rectification of an

error, a written certificate to this effect shall be issued. The certificate shall also

mention the reasons for the refusal. In this event, the data subject may bring the

matter to the attention of the Data Protection Ombudsman.

The data controller shall notify the rectification to the recipients to whom the data

have been disclosed and to the source of the erroneous personal data. However,

there is no duty of notification if this is impossible or unreasonably difficult.

Requests for the above uses of data subject’s rights shall be made by contacting

the representative of the controller named under section 2 hereof.

Our locations

Visit global site 

What are you looking for?