Privacy policy

Handling and registration of your personal data as well as the maintenance of Zeroni service are governed by Personal Data Act (2016/679) and other applicable laws of Finland.

“Personal data” means any information relating to a natural person (“data subject”) from which a person can be identified, directly or indirectly, as defined in data protection law.

In the context of this Privacy Policy, the “User” refers to a client and a user who represents a processor, the “Service” refers to Zeroni service.

1. DATA CONTROLLER

The company that has ordered the Zeroni service acts as the ”Data Controller”.

Zeroni Oy (“Data Processor”) is responsible for the operational maintenance and management of the register.

Finnish Business Id: 0861964-1

Address: 

Kappelikuja 6 A, 02200 Espoo

2. PERSON IN CHARGE OF THE REGISTER

Toni Oksanen, Chief Architect

3. NAME OF THE REGISTER

The Register of the Zeroni Services

4. PURPOSE OF THE REGISTER

  • Registering contract and employee information required by the Act on the Contractor’s Obligations and Liability when Work is Contracted Out (1233/2006), and reporting that information to the Tax Administration. 
  • Handling and reporting of obligations to supervisory authority as required by the Occupational Safety and Health Act (738/2002).
  • Supervising that employment relationships on site fulfill applicable laws.
  • Carrying out the obligations of the main contractor and buyer.
  • Managing the employee’s access permits and other permits on the site.

The Operator maintains the register and the tasks authorized by the Processor. The Processor and the Operator may disclose personal data to the obligations of operators in the construction sector compliance. Personal data will not be disclosed to third parties unless law or other regulations obligate this. However, the necessary information may also be disclosed to the Processors and the Operators service providers and experts for statutory obligations. The Processor and the Operator may disclose information to their affiliated companies in compliance with the Personal Data Act. The Operator may also use and disclose information on the extent permitted by the Personal Data Act for the marketing of the services provided by the Operator and/or its partners to the Processor. 

The Service stores and retains the information provided by the Processor through the Service, or otherwise announced in the Service for as long as the Processor is registered in the Service. When the Processor terminates the use of the Service the Operator saves the particulars for five years, to be able to answer questions/inquiries regarding the information on the above-mentioned registry within the scope of use. After that, the particulars of the Processor will be destroyed from the Operators Information System, excluding the information that is legally required to be retained. The Processors contents of the register are published on the Service and handed over to the users of the Service.

5. CONTENTS OF THE REGISTER

1) First and last name, date of birth, email address, phone number, tax number, photo, citizenship and country of residence. 

2) Presence on the site and competences. 

3) Additional information about the person: collective agreement, postal code, number of years of work experience, clothing size, shoe size.

4) Company-specific information: person id.

5) The date of when the working started and ended on the site.

6) The name of the employee’s employer and business ID.

7) Identification to certify the identity.

8) Name and contact details in Finland to the representative referred to in Article 4 of the Act on Posting workers (447/2016) and other required documents.

9) Mobile check-ins utilize location information if the User so permits. Location information is not saved, but only information about whether a person is on site or outside it.

In addition, of the Users of the Service (user logging into the service) will be stored the User password. The User is identified by email and password. 

“Cookies” are used to identify the User in the Service. Cookies are used

generally, on web services. Cookies are software technology that helps you use the Service, by editing the content to match the User’s preferences. The User can set up the internet browser to prevent the use of cookies completely or to point out when cookies are used.

The User has the right to check the data relating to him/her, that is stored in the register. This can be done on the User’s own pages or by contacting the Operator.

The Processor and the Operator that is responsible for the operational maintenance, will take reasonable action to prevent the misuse and loss of User’s particulars as well as unauthorized access to data.

Applicable laws:

• Occupational Safety and Health Act (738/2002) 52 b § (24.5.2013/364)

• EU General Data Protection Regulation (2016/679)

• Tax Procedure Act 15 b – d §

• Personal Data Act (523/1999) 2 §, 3 §, 5 §, 6 §, 10 §, 24 §, 32 §, 36 §

• Act on the Protection of Privacy in Working Life (759/2004) 3 §, 4 § 2 and 3 mom.

6. REGULAR DATA SOURCES

Most of the information is obtained from the Processors or Users themselves. Their contact persons are responsible for the accuracy and maintenance of personal and company information. 

Personal data is not directly imported to the register from other external systems. Instead the VALTTI interface of Suomen Tilaajavastuu Oy is utilized in the addition of the basic information of a person.

Data on report for contractor’s liability and obligations is obtained from Suomen Tilaajavastuu Oy (for those companies belonging to Luotettava Kumppani = Reliable Partner program)

7. REGULAR DATA DISCOURSES

Information in the register is disclosed to the Tax Administrator, the Regional Administrative Office and other competent authorities as required by law.

In addition, the information in the register can be transmitted to other systems of the Processors companies, such as ERP, HR, or reporting systems. In this case, only the information that the Processor has access to will be passed on.

8. TRANSFER OF DATA OUTSIDE THE EU OR EUROPEAN ECONOMIC AREA

The information in the register will not be disclosed to third parties other than described above. The information shall not be disclosed outside the European Union or the European Economic Area except for within the limits permitted by the Personal Data Act and based on the authorization given by the Processor to those registered as service users who need information on business in Finland to fulfill the legal and contract-based obligations.

9. SERVICE TRANSFER, MERGE OR ACQUISITION

If the Operator or part of its business is sold or merged with a third party or the Service is transferred to a third party, in all these cases the Operator reserves the right to move or indicate the information collected by the Processors as part of the merge, trade, sale, transfer or other change of management.

10. CHANGES AND UPDATES

The Register can be updated periodically without notice and made changes will be announced later with the ”last update” notification. 

The User of the Service accepts the changes by continuing to use the Service.

11. PRINCIPLES OF REGISTRY SECURITY

Personal and business information is secured by the user authorization cropping. All the information is in electronical form. 

Only a contact person authorized by the personal employer, as well as those responsible for work safety and working conditions and inspection authorities are entitled to confidential personal data. 

Data is protected against unauthorized access and data is only processed by persons entitled to this information. Data is protected in accordance with the Privacy Act and the Privacy Act at Work

The register is located on a secure server in Finland.

12. EFFECTIVE DATE

The Privacy Policy is effective from 1st of June 2015. Last update 5th of October 2023.