Privacy Policy

Personal Data Act (10 § and 24 §) and General Data Protection Regulation

Updated: 22.05.2018

Register holder

Hasan & Partners Oy

Business ID: 0555375-5

Pursimiehenkatu 29-31 B


Tel: +358 424 6711

Contact person

Sari Mustonen

Hasan & Partners Oy

Pursimiehenkatu 29-31 B


[email protected]

The purpose for the use of a register and content of the register

Personal data is used for the following purposes:

  • recruitment processes
  • improving services
  • client matters
  • analytics and profiling
  • marketing
  • newsletters and other communication
  • surveys and opinion polls


Data subject shall not obliged to disclose the information mentioned in the prospectus, but a failure to provide certain personal information may cause the service provided by the controller to be partly unavailable.


The register holder can handle the following categories of information:

  • basic personal information (name, birth date, contact details)
  • IP address
  • profiles on social media
  • client relations and information related to ordered services
  • information relating to education, work experience and skills;
  • if supplied: job application, resume, attachment files;
  • job seeker´s information relating to job seeking process, LinkedIN-address ja profile information.

In addition, the register contains details of changes to the above mentioned data.

Basis of keeping the register                  

Personal information is processed based on:

  • consent of the data subject
  • contract
  • law
  • legitimate interest

Regular sources of information right to resist processing, automatic decision making and profiling

Personal data is collected from the data subject when the data subject uses the service and via email, telephone, social media, cookies, contracts, client meetings and in other situations where the client discloses personal data. Personal data can also be updated by obtaining appropriate data services from the companies and authorities providing them.

The user has the right, at any time, to oppose the automatic decision-making and profiling of personal data processing, unless the Controller can demonstrate that there is a substantial and well-founded reason for processing that overrides the rights, privileges and immunities of the data subject, or if it is for the purpose of building, presenting or defending a lawsuit. If the user objects to the processing of personal data for direct marketing, they may no longer be processed for this purpose. User profiling shall be based on their explicit consent.

Regular destinations of disclosed data and whether the data is transferred to countries outside the European Union or the European Economic Area

Personal data may only be transferred outside the territory of the Member States of the European Union or to the European Economic Area if the country concerned provides sufficient level of data protection. Information shall not be disclosed to third parties for any other purposes than service related processing.

Data protection principles and disclosure of information

Manual materials

Manual materials are kept in a locked space and are available only to those entitled to the materials.

Digitally stored data

The personal data contained in the register will be kept confidential. The use of the register is controlled by the controller in the organization and access to the personal register is restricted so that the information contained in the register stored in the computerized system is accessible and entitled to use only by the registrar’s employees who have the right to do so.

The computer system is protected by security software. Access to the system requires each user from the register to enter a username and password. The computer network and hardware in which the register is located are protected by a firewall and other appropriate technical measures such as encryption. Information on the website is protected by SSL or TLS 1.2 secure connection.

The processing of personal data can be outsourced to a third party, Hasan & Partners Oy guarantees by contractual arrangements that personal data is processed in accordance with the General Data Protection Regulation (2016/679) and other applicable laws in Finland. More information on adequate data protection states can be found on the European Commission’s website:

Right of access and realization of the right of access

Data subject has the right to check what information about them has been stored in the

personal register.

Data subject must send an inspection as a separate signed document to:

Hasan & Partners Oy

Pursimiehenkatu 29-31 B



OR by email to: [email protected]

Rectification and the realization of the rectification

The data subject has the right to influence their personal data processing.

The controller must rectify, erase or supplement personal data contained in its personal data  file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. The controller may also repair such information on their own initiative.

A claim shall be sent as a separate signed document to:

Hasan & Partners Oy

Pursimiehenkatu 29-31 B


OR by email to: [email protected]

Duties of the controller, transferring rights of the data subject, right to be forgotten

The controller shall, without undue delay, either on its own initiative or at the request of the data subject, rectify, erase or supplement personal data contained in its personal daata file if it is erroneous, unnecessary, incomplete or obsolete relating to the purpose of the processing. The registrar shall also prevent the spread of such information if the information may compromise the privacy of the data subject or his rights. Furthermore, the data subject has the right to data portability.

The controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. The controller shall inform repair of data to the party whom the controller has disclosed or from which controller has received incorrect personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Personal data shall only be retained as long as there is a valid purpose for the processing. When there is no valid purpose for processing, the data will be erased appropriately. The data subject has the right to withdraw consent for the processing of data. If the data subject withdraws consent, data subject may file a written request to the controller for the deletion of data, for which there is no other legitimate purpose for processing. The request must be presented in written form as a separate signed document and shall be sent to:

Hasan & Partners Oy

Pursimiehenkatu 29-31 B


OR by email to: [email protected]

11. Supervisory authority

The data subject may bring the matter to the attention of the supervisory authority (Data

Protection Ombudsman).