Privacy Statement for Customer Service Systems

This privacy statement explains how Silta processes personal data in customer service systems used for phone services, handling email communications, and measuring the quality of customer service.

By contacting Silta’s service numbers, sending emails to Silta, or using a service portal agreed upon for communication with Silta, you accept the practices described in this privacy statement. As we may update this privacy statement from time to time, we encourage you to review its contents regularly. We will make reasonable efforts to notify you in advance of any changes.

In its role as a service provider, Silta has entered into a separate data processing agreement with each of its clients. This agreement ensures that Silta processes all personal data related to clients in its customer service system securely and in compliance with applicable laws. When handling its own personnel's data, Silta acts as a data controller, and when processing client-related personal data, Silta acts as a data processor with the client serving as the data controller.

1. Data Controller

Data controller:

"The client"

Contact person for the data controller:

Client's payroll contact person.

Persona Data processor

Silta Oy 0107636-5

Silta Eesti Oü 12622209

Silta Employer Services Oy 3320767-3

Konepajankuja 3, 00510 Helsinki

p. 020 759 5500

Contact person for the processor:

Responsible for customer service

Data Protection Officer:

Anja Hänninen, tietosuoja@silta.fi, p. 040 522 0621

2. Name of the register

Privacy Statement for Customer Service Systems

3. Purpose and Legal Basis for Processing Personal Data

The processing of personal data in customer service systems is based on the agreement between Silta and the client, and on the provision of the agreed-upon service. The customer service system is used to maintain communication with the client's contact persons, supervisors, and employees regarding matters agreed upon in the contract.

The processing of personal data is based on the following legal grounds:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes;
  • or the processing is necessary for the performance of a contract to which the data subject is a party,
  • or to take steps at the request of the data subject before entering into a contract;
  • or the processing is necessary for compliance with a legal obligation to which the data controller is subject;
  • or the processing is necessary for the legitimate interests pursued by the data controller or a third party.

Calls are recorded for the purpose of monitoring customer service quality. The recordings may be used to verify the service interaction, legal protection, and security. At the beginning of the call, there is a message informing the caller that the call will be recorded for customer service quality monitoring purposes. After the call, the caller may receive a feedback form to collect input on their service experience. The information collected through the feedback form is used to improve customer service.

4. What type of information do we collect and process?

Silta processes only the necessary personal data in the customer service system. The personal data processed in the system includes basic personal information (such as first name, last name, address, personal identification number, email address, phone number), employment and payroll information, working hours data, other payroll-related information, access rights, as well as other information provided by the data subject or the client.

For call recordings, our register contains the personal data provided by the caller during the call, such as the caller’s name, personal identification number, contact details, and information related to employment and payroll. Information about Silta’s employees, such as their name and job title, is also recorded as provided by the employee at the beginning of the call. Additionally, the register records the caller’s phone number, if caller ID is allowed, as well as the time and duration of the call. Recording begins when the call is answered and ends when the call is terminated.

From feedback forms, the register retains the information that the sender has provided in their feedback.

5. Regular data sources

Personal data is obtained for the customer service systems from the data subject and the client through their pre-systems, as document-based material, as well as by mail, email, phone, and via the service portal as agreed. Personal data is also received from authorities, such as the Tax Administration and enforcement authorities, as well as from trade unions.

6. Data disclosures and data transfers

Silta complies with data protection legislation and its limitations regarding data disclosures. Information is only disclosed when necessary and to the extent required for the intended use and the proper delivery of services. Since the servers and other technical tools used by Silta may be owned and managed by an external service provider, data may be located either within Finland or outside its borders, depending on the service provider. Regardless of where the data is located, Silta follows appropriate protective measures to ensure the security of personal data during disclosures.

To ensure service quality, Silta discloses information to its technical partners only to the extent necessary. These partners process the data they receive solely to deliver the service, following Silta's instructions. Silta has entered into a separate data processing agreement with each of its partners.

6.1. Transfer of personal data outside the European Union/European Economic Area

Personal data is not transferred outside the EU/EEA countries.

7. Retention period of personal data

Silta retains and processes personal data only for as long and to the extent necessary and permitted by law in relation to the original or compatible purposes for which the data was collected, as agreed with the data controller. Safe practices are followed in the destruction and deletion of data. Silta regularly deletes data that is no longer necessary. The deletion of personal data related to the client is agreed upon separately with the client.

Call recordings are retained for 180 days, emails (including emails in the service portal) for three (3) years. Data collected for monitoring the quality of customer service is retained for 12 months.

8. Protection of Personal Data

The personal data in the register is protected as required by law, ensuring data security. Silta has implemented appropriate technical and organizational measures to safeguard personal data from accidental or unlawful loss, disclosure, misuse, alteration, destruction, or unauthorized access.

Silta adapts its security measures to keep pace with ongoing technological advancements. Data is protected by firewalls and various encryption techniques, and the selected facilities are secure, with proper access control in place. System data is regularly backed up.

Silta's employees are bound by confidentiality obligations. Staff involved in handling personal data have signed data security and privacy agreements and received the necessary instructions and training for data processing. Access to the register is restricted by user rights so that only employees who are authorized due to their job responsibilities and require the information for their duties can access the stored data. Access rights to personal data are tiered, and their granting and use are monitored at Silta. Confidential data, retention periods, archiving, and destruction are defined in the archiving plan.

9. Rights of the Data Subject

As a data subject, you have various ways to influence the processing of your personal data. Below, we provide more detailed information about your rights under the GDPR. Please note that not all rights are absolute; they apply differently depending on the legal basis for processing personal data. If you wish to exercise any of your rights listed below, each request will be evaluated on a case-by-case basis.

You can contact us informally at any time if you have questions about your privacy how your personal data is processed, or if you wish to exercise your rights related to your personal data. Our detailed contact information for this purpose is provided in the section of this privacy statement under "Data Controller." You may also directly contact your designated contact person. To respond to your request, we may ask you for additional information if necessary. This might occur, for example, when we are unable to sufficiently identify you based on the information provided with your request.

We will process your request as quickly as possible without undue delay. The time limit for providing the requested information or additional details regarding the request is one month from the receipt of the request. If the request is exceptionally complex or extensive, the deadline may be extended by two months. In most cases, the information will be provided to you in the same manner in which your request was received. The exact method of delivery will be agreed upon between us.

The information is provided free of charge by default. However, if the request is unfounded or excessive, particularly if it is repetitive, Silta may charge administrative costs associated with fulfilling the request. You will always be informed in advance of any costs and the reasoning behind them.

Your Privacy Rights

You have the following rights regarding your personal data held by Silta:

The right to access your personal data (right of access).

You may request access to your personal data that we process at any time, as well as information on the source of this data and how it is used. You have the right to know the retention periods for your personal data and to whom your data is disclosed, both in Finland and abroad, as applicable. However, your right to access this information may be restricted by law, the privacy of others, and the requirements of our business and practices. If your right to access your personal data is restricted, you will be informed of this when your request is processed. A report on your personal data will be provided based on a valid and identified request.

The right to rectification. 

If you notice that the personal data we hold is incorrect, you have the right to request the rectification of that data. If the data is incomplete, you have the right to have it completed, for example, by providing additional information.

The right to erasure (right to be forgotten)

 

We are obligated to delete your personal data upon your request if one of the following conditions is met:

  • You withdraw your consent for the processing of your personal data;
  • the personal data is no longer needed for the purposes for which it was processed;
  • you object to the processing due to your specific personal situation, and there is no justified reason for the processing;
  • you object to the processing of your personal data for direct marketing purposes;
  • your personal data has been processed unlawfully; or
  • your personal data must be deleted to comply with a legal obligation under European Union law or Finnish legislation applicable to Silta.

However, in the following cases, we may or are required to retain your data:

  • Compliance with a legal obligation, for example, when we are legally required to retain your data for a certain period, such as under anti-money laundering and counter-terrorism financing laws or accounting legislation. In these situations, we cannot delete your data until the specified time period has passed.
  • Preparation, establishment, or defense of a legal claim.

The right to restrict processing.  

If you believe that your personal data held by us is inaccurate in some way, or if you dispute the lawfulness of the data processing or object to the processing in accordance with your rights, you have the right to request a temporary restriction of processing. In this case, data processing will be limited to storage until the accuracy of the data has been verified or it has been determined whether our legitimate interests outweigh yours.

The right to object to the processing of your personal data.

You have the right, in certain situations, to object to the processing of your personal data, for example, when the processing is based on our legitimate interests. In this case, the data may only continue to be processed if there is a significantly important and justified reason that can be demonstrated. Everyone whose data is included in the registers covered by this privacy statement has the right to object to the processing of their personal data for direct marketing purposes, including profiling related to such purposes. You can contact us at any time to request the cessation of all forms of direct marketing.

The right to withdraw consent. 

If consent is the legal basis for a particular processing activity, you may withdraw your consent at any time. Please note that if you withdraw your consent, we may not be able to provide certain services or products to you. Also, be aware that we may continue to use your personal data, for example, to fulfill a contract we have with you or if required by law. An example of consent is the permission given for email marketing, which can be withdrawn.

The right to data portability.

You have the right to receive the personal data you have provided to us in a machine-readable format. This right applies to personal data that has been processed automatically based on your consent or the performance of a contract. You can retain this data yourself or transfer it to another data controller, provided it is secure and technically feasible. This right applies only to the data you have personally provided to us.

The right to lodge a complaint with a supervisory authority.

If you are dissatisfied with the way we process your personal data, and any disagreement regarding the processing of your data cannot be resolved amicably between you and Silta, you have the right to refer the matter to the data protection authority. In Finland, the data protection authority is the Office of the Data Protection Ombudsman. You can submit a complaint regarding an issue in personal data processing on the data protection office's website:

 https://tietosuoja.fi/en/report-of-fault-in-personal-data-processing

10. Automated Decision-Making and Profiling

The processing of personal data does not involve automated decision-making, and no profiling is conducted based on personal data..

11. Changes to the Privacy Statement

Silta continuously develops its business operations, and therefore reserves the right to amend this privacy statement by notifying changes in its services. Changes to the privacy statement may also be based on changes in legislation.

Silta will inform about updates to the privacy statement by publishing the updated version along with the modification date on its website. For this reason, Silta recommends that data subjects regularly check the current privacy statement on Silta Oy’s website. If significant changes are made to the privacy statement, Silta will also notify in other ways, such as by sending an email or publishing a notice on its website and/or social media pages before the changes take effect.

This privacy statement was last updated on November 7, 2023.

12. Data Privacy Inquiries

In all matters related to the processing of personal data and situations concerning the fulfillment of their rights, the data subject can primarily contact the payroll contact person of the employer acting as the data controller. Requests for information from the data subject are processed through the contact persons at Silta and the client company. Silta treats all inquiries confidentially.