Privacy Policy

Privacy Policy concerning the Register of service users and personnel administration

Update of 16.2.2023

1 Data Controller

Eezy Kevytyrittäjät Oy (hereinafter ”Eezy”)
BIC: 2197002-2
Address: Itämerenkatu 3, 4. floor, 00180 HELSINKI
Phone: +358 (0) 9 4247 5630

2 Contact information of the person responsible for data protection

Otto Liulia
c/o Eezy Kevytyrittäjät Oy
Phone: 09 4247 5644
Email: otto.liulia@eezy.fi

3 Description of the Privacy Policy

This Privacy Policy pursuant to the Articles 13 and 14 of General Data Protection Regulation (679/2016/EU) describes how the Data Controller will process personal data of service users and users registered in the service.

The group of data subjects consists of service users who have themselves registered in the service or have been registered by an eventual third party, however always with a consent of the data subject.

4 Personal Data to be processed

The following categories of personal data shall be collected and processed from the data subjects:

  • Identification and contact details of the data subject such as name, email address, mail address, phone number, nationality and personal identification code
  • Other essential information in regard to payment of salary, inter alia
    • details concerning bank account for payment of salary
    • professional information
    • competence in specific trades (e.g. electrical installations)
    • information relating to compensations payable on basis of employment relationship (inter alia taxation details and travelling specifications e.g. regarding kilometer allowance)
    • information of possible entrepreneur’s pension insurance
    • information of possible orders from authorities regarding payment of salary, such as execution office
  • Pictures (logo in the invoice and profile picture/photo, in case the user adds these him/herself)
  • Information about possible recommendations
  • Amendments in the information under personal data categories as specified above and concerning the data subject

5 Sources from which personal data is regularly collected

Personal data is collected from and updated by the data subject.

Upon consent of the data subject, personal data may be collected and updated also from other sources, e.g. from cooperation partners of the Data Controller or from authorities (e.g. credit information agencies). Personal data may be collected and updated also without a consent from the data subject provided this is carried out under circumstances where the legislation permits such collection.

6 Purpose and legal basis of processing of personal data

The Data Controller shall process personal data to administer the processes of invoicing the work performed, payment of salary and managing thereto related matters.

Personal data shall also be processed to manage customer communication by the Data Controller. Communication may be directed to the data subject e.g. electronically, for example by newsletters sent by email. The processing of personal data is in such cases based on the legitimate interest of the Data Controller to inform the service users of current issues of the Data Controller and to offer the service users benefits and information concerning the use of the service and self-employment. The user is entitled to reject to receive communication by clicking the “unsubscribe” link in the newsletter or by contacting the customer service of Eezy.

Personal data is also processed to implement the customer experience by random sampling. If you wish, Eezy can reply to the open feedback you provide. In this case, the processing of your personal data is based on your consent to implement the customer experience.

The legal ground for processing personal data is the legitimate interest of the Data Controller and the legitimate interest established on basis of the Data Subject using the service, as well as Data Controller having to comply with legislation (such as but not limited to taxation, execution and statistic legislation) that it is subject to when managing the invoicing and salary payments.

When reporting expenses and address information, Eezy is utilizing Google Maps (API) and Places (API) interfaces, making the Google Privacy Statement applicable.

7 Disclosure and transfers of personal data

The personal data stored in the register may be disclosed when approved or obligated by applicable legislation or on consent of the data subject to authorities having statutory right to obtain data from the register, such as taxation authorities and KELA (The Social Insurance Institution of Finland) as well as to other third parties relating to administration of employment relationships, such as pension insurance and accident insurance companies, trade unions and third parties offering occupational health services. In addition, personal information can be forwarded on to Eezy Plc companies for employment purposes.

In addition, personal data may be transferred to such cooperation partners of the Data Controller that will process personal data on behalf of and on documented instructions from the Data Controller. In these cases the cooperation partner of the Data Controller, i.e. the processor, shall not have the right to process personal data for its own purposes.

In principle, personal data will not be transferred outside of the Member States of the European Union or outside of the European Economic Area, unless it will be necessary for the purpose of processing personal data or for technically facilitating the processing, whereby the requirements of data protection legislation shall be complied with in transfer of personal data.

For the purpose of mailing the newsletters, the customer’s email address and name will be transferred to a separate customer register in which case the technical operator will be Liana Technologies Oy.

8 Protection of personal data

The Data Controller will implement appropriate technical and organisational data-protection measures to ensure protection of personal data. Personal data is recorded and saved in both electronic data bases and manually maintained materials. The electronic data bases are protected by fire walls, passwords and other generally in the data-protection branch accepted technical measures. The manually maintained and processed materials are stored in premises where access by unauthorized persons is prevented.

Access to the personal data is given only to persons that are separately determined and specified and who need to process the personal data in the register in order to carry out their duties. These persons will have access to the system only by using their personal usernames and passwords.

9 Cookies and tracking

Cookies are small text files that are saved on your computer when you visit our service.

We are using chat by Giosg. When using chat in our service we are identifying logged in user, IP-address, browser used and for example which invoice or salary the chat is concerning. Additionally, we’re using Giosg Interaction Designer tool for example for questionnaire pop-ups in our service.

We collect information about your use of our service through Google Analytics. It is possible to opt-out of Google Analytics tracking by using Google Analytics Opt-out tool.

We are using Mouseflow -tool to improve are service. The tool is used for tracking service user movements and clicks. You can check what information is collected by visiting https://mouseflow.com/gdpr/. You can opt-out from tracking at Mouseflow’s Opt Out page.

Our website uses the Facebook pixel and the Conversion API.
Facebook Conversion API events (CAPIs) help us understand how users interact with the website. CAPI events allow us to measure the impact of ads on website conversions and improve the targeting of our ads with custom audiences. A Facebook pixel is a code attached to a website that allows us to target Facebook advertising to users who visit the website.

10 Storage period of personal data

The personal data of a data subject will be stored only as long as necessary to carry out the purposes specified in this Privacy Policy.

11 Rights of the data subject

The registered data subject can exercise the following rights provided by the data protection legislation:

  • The data subject has right to obtain access to the personal data concerning him or her and right to obtain correction of this data. The request of rectification must be specified in such a manner that the inaccurate personal data can be easily noticed and rectified.
  • The data subject has right to obtain erasure of personal data in accordance with and within the framework of applicable General Data Protection Regulation.
  • The data subject has right to obtain restriction of processing of his or her personal data in accordance with and within the framework of applicable data protection legislation.
  • The data subject has the right to data portability i.e. to transmit his or her personal data from one register to another and obtain the personal data in a structured, commonly used and machine-readable format, and transmit them to another data controller in accordance with and within the framework of applicable data protection legislation.
  • The data subject has right to file a complaint to the national data protection authority (in Finland Data Protection Ombudsman) or to another data protection authority in the European Union or in the European Economic Area, if the data subject considers that his or her statutory rights regarding processing of personal data have been breached.

The data subject can direct the requests to exercise the above referred rights to the contact person responsible for data-protection matters.

12 Amendments to the Privacy Policy of personal data processing

The Data Controller develops on a continuous basis its business operations and reserves itself right to amend this Privacy Policy. Any amendments will be announced in Eezy’s services and on its website kevytyrittajat.eezy.fi. The amendments can also be based on changes in legislation. The Data Controller recommends that service users check the contents of the Privacy Policy regularly from time to time.