PRIVACY POLICIES

Data protection is a corporate responsibility. Safe and careful processing of personal data is of utmost importance to us.

See our registers below

Marketing register
Customer register
Partner register
Recruitment register
Share and shareholder register

Share and shareholder register

ISLET GROUP Marketing Register Privacy Policy

1. Data Controller

Islet Group Oy and its Affiliates (listed below) jointly determine the purposes and means of processing. The companies are joint controllers. Islet Group Oy owns majority of the Affiliates and is the contact point for Data Subject. The lead supervisory authority is Finnish supervisory authority. Contact information of the Data Controller is below.

Islet Group Oy
Company ID: 1445054 – 7
Metsänneidonkuja 12
02130 Espoo

and Islet Group Oy’s Affiliates:
Islet Innovations Oy (Company ID: 3177120 – 3)
Islet Intelligence Oy (Company ID: 3207476 – 8)
Islet Group Kft (Hungary: VAT: 12552652 – 2‑43)

[later jointly together “Islet”]

2. Contact person for matters relating to the register
Janina Luoto
Email: dataprotection(at)isletgroup.fi

3. Name of the register
Islet’s Marketing Register

4. Use and basis for processing personal data
Personal Data of existing, previous and potential customers are used for marketing purposes. These purposes are for example notifications of future campaigns and sending the newsletter. We also use Personal Data for direct marketing. In addition, we maintain and collect information on Islet website that shares information of current activities of our company.

The ground for processing personal data for marketing is the legitimate interest of Islet.

5. Data content of the register
The following information can be stored or registered:
- First name, last name and title
- Contact information: phone number and email
- Name and contact details of the represented company
- Prohibition to direct marketing
- Information about the use of website, for example IP address
- Participation in training events

6. Retention of personal data
Islet retains personal data in Marketing Register no more than 5 years from the end of the marketing relationship. This period of 5 years is calculated from the last communication to the Data Subject.

Unnecessary and outdated information are deleted in certain intervals.

7. Information sources of the register
Information about the representatives of customer companies are collected from the customer company or straight from the data subject. In addition, we collect information through our website. Personal data relating to potential customers are obtained from the following sources:
- From the registered, for example contact or business card;
- LinkedIn;
- Fonecta;
- Companies own websites (Google);
- Participant list of events.

8. Collecting information from our website
We use google analytics that collects information from our website. Google Analytics gathers the following information:
- The language used
- Location (country and city), Google Analytics does not reveal the IP address
- Device used and the web browser that is used
- Visitor behaviour: is the first visit, which pages are visited, how long is the visit and what is the navigation path

More information about Google Analytics: https://support.google.com/analytics/.

9. Provision of information
Islet discloses information to the companies that maintain the customer relationship management system and newsletter transmission system in use. At the moment, we use the customer relationship management system of SAP and newsletter transmission system of MailChimp. Personal Data is also provided to Microsoft, who is the IT Service provider of Islet.

10. Transfer of data outside the EU or EEA
We transfer your personal data to countries outside EU/EEA, such as United States. We will ensure to make the transfers in accordance with the legislation on the processing of personal data. In all situations we will ensure that we only transfer your personal data with one of the following legal basis:
- data is transferred to a country, where European Commission has decided that there is an adequate level of protection;
- the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available; or
- you have given your explicit consent, or there is a legitimate basis for the transfer of your data outside the EU/EEA, such as the Privacy Policy Shield, which has been agreed with United States and European Commission.

MailChimp is part of the Privacy Policy Shield arrangement agreed with United States and European Commission.

11. Protection of the register
Islet processes all personal data in a secure way and constantly aims to develop its processes and systems. The register is held in Microsoft cloud service and Microsoft has protected the service with appropriate technical and organizational measures (Microsoft Trust Center). Only authorised persons, whose job contains marketing activities, have access to the register.

12. Rights of the data subject
At any time, the Data Subject has a right to object to the processing of his/her Personal Data for direct marketing purposes. E‑mails sent by Islet contain either a link from which you can object to direct marketing in the future or alternatively you can answer the message with a request to end direct marketing in the future.

At any time, the data subject has the right:
- to obtain information on the processing of personal data;
- of access to the information and check information regarding themselves;
- to demand correction or completion of inaccurate information;
- to demand the erasure of personal data;
- to obtain from the controller restriction of processing;
- to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, in case where personal data is processed based on the legitimate interest of Islet;
- to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- to object processing of personal data;
- withdraw their consent and object to the processing, which is based on that consent.

We may ask the data subject to clarify their request. In addition, we may verify your identity before processing the request. We may refuse to execute your request on the basis of data protection legislation.

Data subject has a right to lodge a complaint with a supervisory authority if it thinks that Islet has not complied with the applicable data protection legislation.

13. Contact
Questions about the processing of personal data or request for the use of rights of data subject must be done in writing or by email to the following address:

Data protection
Islet Group Ltd
Metsänneidonkuja 12
02130 Espoo
Email: dataprotection(at)isletgroup.fi

Islet will respond to the requests as soon as possible. However, the respond will be given within one month unless there are special reasons to extend this time.

14. Changing the Privacy Policy
We may change this privacy statement from time to time, if necessary. We will inform the registered from changes to this Privacy Policy.

Last update to this Privacy Policy was made: 8.8.2023

ISLET GROUP Customer Register Privacy Policy

1. Data Controller

Islet Group Oy
Company ID: 1445054 – 7
Metsänneidonkuja 12
02130 Espoo

and Islet Group Oy’s Affiliates:
Islet Innovations Oy (Company ID: 3177120 – 3)
Islet Intelligence Oy (Company ID: 3207476 – 8)
Islet Group Kft (Hungary: VAT: 12552652 – 2‑43)

[later jointly together “Islet”]

2. Contact person for matters relating to the register
Janina Luoto
Email: dataprotection(at)isletgroup.fi

3. Name of the register
Islet’s Customer Register

4. Use and basis for processing personal data
Personal Data of representatives of existing customers is used to manage the customer relationship and communicate with the customers. Personal data are also used to collect and process customer feedback.

The ground for processing Personal Data of our customer is the performance of a contract between our customer and Islet.

5. Data content of the register
The following information can be stored or registered:
- First name, last name, and title
- Contact information: phone number and email
- Name and contact details of the represented company
- Information produced by the Data Subject for example customer feedback, unless it is anonymized

6. Retention of personal data
Islet retains information of representatives of existing customers in Customer Register until the customer relationship between the customer and Islet terminates and for five years after this time. After this the information is deleted from the register. The customer relationship is considered to have ended when there is no longer a valid agreement with the customer.

If the representative stops working in the customer company, the Personal Data will be deactivated in the system.

7. Information sources of the register
Collection of information about the representatives of customer companies is based on customer relationship. We may receive information from the customer company or straight from the Data Subject.

8. Provision of information
We disclose information about our customer representatives to Islet network consultants and partners who work as subcontractors for the purposes only to communicate with the customer and retain the customer relationship. Islet also discloses information to Islet affiliates (listed on top of the document), if necessary. In addition, Islet discloses information to the company that maintains its customer relationship management system. Now, SAP’s customer relationship management system is in use.

9. Transfer of data outside the EU or EEA
We will not transfer your data outside the EU/EEA.

10. Protection of the register
Islet processes all personal data in a secure way and constantly aims to develop its processes and systems. The register is protected with firewall, password and other technical means. Only authorised persons, whose job contains customer work, have access to the register.

11. Rights of the data subject
At any time, the data subject has the right:
- to obtain information on the processing of personal data;
- of access to the information and check information regarding themselves;
- to demand correction or completion of inaccurate information;
- to demand the erasure of personal data;
- to obtain from the controller restriction of processing;
- to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, in case where personal data is processed based on the legitimate interest of Islet;
- to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- to object processing of personal data;
- withdraw their consent and object to the processing, which is based on that consent.

Data subject has a right to lodge a complaint with a supervisory authority if it thinks that Islet has not complied with the applicable data protection legislation.

12. Contact
Questions about the processing of personal data or request for the use of rights of data subject must be done in writing or by email to the following address:

Data protection
Islet Group Ltd
Metsänneidonkuja 12
02130 Espoo
Email: dataprotection(at)isletgroup.fi

Islet will respond to the requests as soon as possible. However, the respond will be given within one month unless there are special reasons to extend this time.

13. Changing the Privacy Policy
We may change this privacy statement from time to time, if necessary. We will inform the registered from changes to this Privacy Policy.

Last update to this Privacy Policy was made: 8.8.2023

ISLET GROUP Partner Register Privacy Policy

1. Data Controller

Islet Group Oy
Company ID: 1445054 – 7
Metsänneidonkuja 12
02130 Espoo

and Islet Group Oy’s Affiliates:
Islet Innovations Oy (Company ID: 3177120 – 3)
Islet Intelligence Oy (Company ID: 3207476 – 8)
Islet Group Kft (Hungary: VAT: 12552652 – 2‑43)

[later jointly together “Islet”]

2. Contact person for matters relating to the register
Tommi Luoto
Email: dataprotection(at)isletgroup.fi

3. Name of the register
Islet’s Partner Register

4. Use and basis for processing personal data
The register contains Personal Data of Network Consultants and Partners of Islet. Personal Data is processed to allocate consultants for customer projects. This is done based on the contractual relationship between the network consultant / partner and Islet. Personal Data is also used to communicate with the consultants and for the payment of fees.

The basis for processing is the performance of a contract between the network consultant / partner and Islet. The basis for storing Personal Data after the termination of the contractual relationship is the
legitimate interest of Islet.

5. Data content of the register
The following information can be stored or registered:
- First name and last name
- Contact information (phone number, email)
- Linkedin profile
- Educational information and information about previous employment history
- Photo

6. Retention of personal data
Personal Data is stored during the contractual relationship between the consultant/partner and Islet and for five years after the end of this contractual relationship. After this the information is manually deleted.

7. Information sources of the register
The information is obtained from the data subject themselves.

8. Provision of information
Personal Data are transferred between Islet and to customers to whom projects / assignments are offered or done. Personal Data are also provided to Microsoft, who is the IT Service provider of Islet. In addition, the resumes of the partners’ consultants are stored in a cloud service called CV Deals.

9. Transfer of data outside the EU or EEA
We will not transfer your data outside the EU/EEA.

10. Protection of the register
Islet processes all personal data in a secure way and constantly aims to develop its processes and systems. The register is protected with firewall, password and other technical means as well as with password. Only authorized persons, who have a need in order to do their work, have access to the register.

Data subject has a right to lodge a complaint with a supervisory authority if it thinks that Islet has not complied with the applicable data protection legislation.

12. Contact
Questions about the processing of personal data or request for the use of rights of data subject must be done in writing or by email to the following address:

Data protection
Islet Group Ltd
Metsänneidonkuja 12
02130 Espoo
Email: dataprotection(at)isletgroup.fi

Islet will respond to the requests as soon as possible. However, the respond will be given within one month unless there are special reasons to extend this time.

13. Changing the Privacy Policy
We may change this privacy statement from time to time, if necessary. We will inform the registered from changes to this Privacy Policy.

Last update to this Privacy Policy was made: 8.8.2023

ISLET GROUP Recruitment Register Privacy Policy

1. Data Controller

Islet Group Oy
Company ID: 1445054 – 7
Metsänneidonkuja 12
02130 Espoo

and Islet Group Oy’s Affiliates:
Islet Innovations Oy (Company ID: 3177120 – 3)
Islet Intelligence Oy (Company ID: 3207476 – 8)
Islet Group Kft (Hungary: VAT: 12552652 – 2‑43)

[later jointly together “Islet”]

2. Contact person for matters relating to the register
Eriika Hiltunen
Email: dataprotection(at)isletgroup.fi

3. Name of the register
Islet’s Recruitment Register

4. Use and basis for processing personal data
The register contains Personal Data of job applicants of Islet. Personal Data are used to recruit new employees for Islet. The information is processed to evaluate applicants, to develop the recruitment process and to communicate with applicants. Information may also be stored for future recruitment purposes.

Contact information of references are processed with the consent of reference which the applicant obtains. Personal Data may also be used for personal assessment of the applicants in which case an external HR advisor is used.
The basis for processing Personal Data for recruitment purposes is the legitimate interest of Islet.

The basis for storing information is the legal obligation of Islet. The basis for processing information about personal evaluation is the consent of applicant. If an applicant does not give consent to the evaluation, there is a risk that the recruitment process will not be continued.

5. Data content of the register
The following information can be stored or registered:
- First name and last name
- Contact information (address, phone number, email)
- LinkedIn profile
- Date of birth and nationality (if applicant provides this)
- Photo (if applicant provides this)
- Educational information and information about previous employment history
- information about personal evaluation
- Information about the recruitment process
- Contact information of references
- Other information that the applicant provides

6. Retention of personal data
Personal Data is stored during the recruitment process and for five years after the end of the process. The recruitment process ends when all the applicants have received results of the process. After five years the personal data is manually deleted from the systems.

The applicant can object to the processing of their personal data after the end of the recruitment process. However, the information is stored for two years so that Islet can answer to the possible legal claims arising from the process. After two years, the information is manually deleted from the systems.

7. Information sources of the register
The information is mainly obtained from the data subject themselves. In some selected cases, an external recruitment partner or HR advisor is used to make a personal assessment of the applicant. In these circumstances, personal data relating to the assessment are obtained from the recruitment partner or HR advisor.

8. Provision of information
In principle, we do not transmit your personal data. In special circumstances, when needed, information will be transmitted to an external HR advisor who does a personal evaluation.

Personal Data is also provided to Microsoft, who is the IT Service provider of Islet.

9. Transfer of data outside the EU or EEA
We will not transfer your data outside the EU/EEA.

10. Protection of the register
Islet processes all Personal Data in a secure way and constantly aims to develop its processes and systems. The register is protected with firewall, password and other technical means. Only authorized persons, who have a need in order to do their work, have access to the register.

Data subject has a right to lodge a complaint with a supervisory authority if it thinks that Islet has not complied with the applicable data protection legislation.

12. Contact
Questions about the processing of personal data or request for the use of rights of data subject must be done in writing or by email to the following address:

Data protection
Islet Group Ltd
Metsänneidonkuja 12
02130 Espoo
Email: dataprotection(at)isletgroup.fi

Islet will respond to the requests as soon as possible. However, the respond will be given within one month unless there are special reasons to extend this time.

13. Changing the Privacy Policy
We may change this privacy statement from time to time, if necessary. We will inform the registered from changes to this Privacy Policy.

Last update to this Privacy Policy was made: 8.8.2023

1. Data Controller

Islet Group Oy
Company ID: 1445054 – 7
Metsänneidonkuja 12
02130 Espoo

and Islet Group Oy’s Affiliates:
Islet Innovations Oy (Company ID: 3177120 – 3)
Islet Intelligence Oy (Company ID: 3207476 – 8)
Islet Group Kft (Hungary: VAT: 12552652 – 2‑43)

[later jointly together “Islet”]

2. Contact person for matters relating to the register
Janina Luoto
Email: dataprotection(at)isletgroup.fi

3. Name of the register
Islet’s Share and Shareholder Register

4. Use and basis for processing personal data
Personal Data are used to list shareholders and determine their ownership of Islet companies. Share Register and Shareholder Register are also used to evidence ownership.

The basis for processing is the legal obligation of Islet to maintain a Share and Shareholder register of the ownership of the company.

5. Data content of the register
The following information can be stored or registered:
- First name and last name
- Address
- Ownership information

6. Retention of personal data
Personal Data are stored as long as Islet exists or at least as long as the Data Subject owns part of Islet. If the Data Subject sells his or her ownership, the information will be deleted.

7. Information sources of the register
The information is obtained from the Data Subject themselves. Information about the ownership, for example number of shares, are obtained from Islet.

8. Provision of information
Due to the public nature of the Share register and shareholder register, information can be provided to anyone who asks. In addition, information is provided to Finnish patent and registration office and Finnish Tax Administration. Personal Data are also provided to Microsoft, who is the Cloud Service provider of Islet.

9. Transfer of data outside the EU or EEA
We will not transfer your data outside the EU/EEA. However, due to the public nature of the share register and shareholder register, the information must be given to anyone who asks it, even outside the EU or EEA.

10. Protection of the register
slet processes all Personal Data in a secure way and constantly aims to develop its processes and systems. The register is held in the secure Microosft cloud service, hosting partner of Islet. Only authorised persons of management team and owners, have access to the register.

Information in the register is public and everyone has a right to obtain copy of it. However, Islet does not
store a paper copy of the register.

Data subject has a right to lodge a complaint with a supervisory authority if it thinks that Islet has not complied with the applicable data protection legislation.

12. Contact
Questions about the processing of personal data or request for the use of rights of data subject must be done in writing or by email to the following address:

Data protection
Islet Group Ltd
Metsänneidonkuja 12
02130 Espoo
Email: dataprotection(at)isletgroup.fi

Islet will respond to the requests as soon as possible. However, the respond will be given within one month unless there are special reasons to extend this time.

13. Changing the Privacy Policy
We may change this privacy statement from time to time, if necessary. We will inform the registered from changes to this Privacy Policy.

Last update to this Privacy Policy was made: 8.8.2023