Privacy Notice

EU General Data Protection Regulation, Articles 13 and 14 Prepared: 24 May 2018

1. Data controller

Wapice Ltd
Yliopistonranta 5
FI-65200 VAASA, FINLAND
Business identity code 1572040-6
Telephone: +358 10 277 5000
Email: tietosuoja@wapice.com

2. Data controller’s representative

Data files related to marketing are managed by Kaisa Harju. She can be reached at marketing@wapice.com or +358 10 277 5000.

3. Contact data of the data protection officer

Sami Kinnunen
Telephone: +358 10 277 5000
Email: tietosuojavastaava@wapice.com

4. Names of data files

Personal and contact data collected for marketing purposes.

5. Purpose of processing personal data

We only collect and process personal data that is necessary for pursuing our business and managing customer relationships, as well as for appropriate commercial purposes. We process your personal data for the following purposes:

Marketing

We only collect and process personal data that is necessary for pursuing our business and managing customer relationships, as well as for appropriate commercial purposes. We process your personal data for the following purposes:

6. Legal basis for processing personal data

The basis for processing business related personal data is legitimate interest.

7. Data content and storage limits

Personal data includes items such as name, company, address, phone number, email address, job title, type of customer relationship and additional information about customer. The data is retained for five years after the end of the customer relationship.

8. Sources of processed personal data

Personal data can be obtained in several different ways. We collect and process data that are:

  • provided by you when in contact with us
  • generated when you visit our website or use our services/products
  • obtained from other sources, such as third-party data sources

We collect and process categories of personal data including:

  • basic information, such as name, job title and contact data (address, email and telephone number)
  • contacts with customers and related correspondence
  • other data provided on a case-by-case basis subject to your consent.

9. Regular transfers and disclosures of data

We may disclose your personal data, to the extent permitted by law, for Wapice Ltd’s internal use in the sale/marketing of products/services.

10. Transfer of data outside the EU or EEA

No personal data will be transferred outside the EU or EEA.

11. Personal data protection policy

In its role as controller, Wapice uses appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against damage and loss.

Manually processed data

  • Personal data is protected against unauthorised access and unlawful processing (e.g. destruction, modification or disclosure). The processors are only allowed to process personal data they need to do their jobs.
  • Any documents are stored in a locked space protected from outside parties. Documents are only printed when needed, and printouts are destroyed after use.

Data processed automatically

  • All data processing is based on access rights that depend on the person’s role and position in the organisation and, where applicable, permits granted by the person responsible for the data file. The validity of the access rights is checked daily.
  • IT systems and services are protected against unauthorised access in accordance with good practices in the field, their operational capability is secured to the extent necessary, and their life cycle is controlled.

12. Automated decisions

Automated decisions are not made.

13. General rights of data subjects

A data subject has the right to

  • check what personal data is stored in the data file for him or her
  • request that incomplete personal data be completed and that Wapice rectify any inaccurate personal data without undue delay
  • have their personal data erased without undue delay, provided that

    • the personal data are no longer needed to the purposes for which they were collected or otherwise processed
    • the data subject withdraws his or her consent on which the processing is based, and there is no other legal ground for the processing
    • the personal data has been unlawfully processed
    • the personal data has to be erased for compliance with a legal obligation in the European Union or Member State law.

  • restrict and object to the processing, if

    • the data subject contests the accuracy of his or her personal data
    • the processing is unlawful or the data subject opposes the erasure of his or her personal data
    • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to prepare, present or defend a legal claim
    • the data subject has objected to the processing of personal data pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

  • withdraw his or her consent
  • withdraw his or her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, if the processing of personal data is based on the consent of the data subject.

The data subject also has the right to lodge a complaint with a supervisory authority. A data subject may have the right to data portability if the data is such that this right is applicable.

The data protection officer will provide advice and guidance in matters related to the rights of data subjects.

14. Other relevant information

The use of the service generates log entries used to manage the security of the service and to develop the technology behind the service, as well as to detect, prevent and resolve faults (Information Society Code (917/2014), sections 138, 141, 144 and 272). The logs are retained for these purposes for as long as necessary and will not be used for any other purpose.

15. Changes to the privacy notice

Wapice continuously develops its operations and reserves the right to update this privacy notice. Changes may also be based on changes in legislation. We recommend that you review this notice from time to time.

In the case of major operating changes resulting in material changes in the privacy notice, we may also use other means to announce the matter before its entry into force.

This notice was last updated on 24 May 2018.

Recruitment register


Recruitment register is currently available only in Finnish. Please switch the language to FI (from the top right corner of this page) to view it. We apologize for the inconvenience.

Whistleblowing channel


Privacy Notice

This Privacy Notice explains how the personal data received through Wapice whistleblowing channel may be processed and how the privacy rights of individuals may be exercised.

1. Data controller

Wapice Ltd
Yliopistonranta 5
FI-65200 VAASA, FINLAND
Business identity code 1572040-6
Telephone: +358 10 277 5000
Email: tietosuoja@wapice.com

2. Data controller’s representative

In case you have any questions or requests concerning your personal data or data protection, you may always contact us through the following email address: tietosuoja@wapice.com.

3. Contact data of the data protection officer

Sami Kinnunen Telephone: +358 10 277 5000 Email: tietosuojavastaava@wapice.com

4. Names of data files

Wapice whistleblowing channel.

5. Purpose of processing personal data

We will only process personal data that is strictly necessary for the purposes described below and when we have a legal justification to do so. In connection with the whistleblowing channel, we only process personal data for the purposes of reporting and investigating reports of alleged violations or misconduct related to our activities. Personal data concerning various data subjects can be processed in the context of the whistleblowing channel, such as a person making a report, individuals mentioned in a report, a person investigating a report or a person serving as a witness or otherwise being involved in the investigation.

6. Legal basis for processing personal data

The processing is based on legal requirements compliance, in particular concerning mandatory whistleblowing system, and for the purposes of our legitimate interests, especially to monitor the compliance of our activities with applicable laws and regulations.

7. Data content and storage limits

Wapice collects and processes the following personal data about you for the mentioned purposes: • whistleblower’s name, phone number and other contact details (all are optional, reports can be filed anonymously) • description of the alleged violation • names of any persons involved in the violation • any documents or evidence related to the violation attached when filing the report • any other relevant detail, evidence or information that may facilitate the investigation We retain your data only for as long as it is necessary for the processing purposes stated above or as long as we have a legal obligation to do so. In any case, if legal or disciplinary proceedings are initiated, the personal data provided will be kept until those proceedings are definitively closed.

8. Sources of processed personal data

We may obtain your personal data in the context of the use of the whistleblowing channel. In particular, we may obtain your personal data because

  • you provide it to us (e.g. by filing a report)
  • others provide it to us (e.g. because you occur in a report)
  • personal data relating to you is generated by using the whistleblowing channel (e.g. because you are involved in the investigation of a report)

9. Regular transfers and disclosures of data

Your personal data will be accessed by specially appointed employees at Wapice. We will generally not disclose the personal data to third parties, however, we will transfer your personal data to

  • our IT service provider hosting the whistleblowing channel
  • our external attorney in connection with the processing of the concern
  • relevant authorities when there is a legal obligation to do so

10. Transfer of data outside the EU or EEA

Personal data is not transferred outside the EU/EEA.

11. Personal data protection policy

In its role as controller, Wapice uses appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against damage and loss. Wapice complies with all applicable data protection legislation and aims to ensure that your privacy is not infringed in any phase of the processing and that the applicable confidentiality requirements regarding whistleblowing reporting are always ensured. External service providers hosting the whistleblowing channel have no access to readable content.

12. Automated decisions

Automated decisions are not made.

13. General rights of data subjects

You have the right to ask us for information about or access to your personal data. In some circumstances you may also have the right to have your unnecessary or inaccurate data deleted, to object to how we use or share your data, and to restrict how we process your data. Please note that we may not need to stop the processing of your personal data if we can give legitimate reasons to continue using your personal data. The data protection officer will provide advice and guidance in matters related to the rights of data subjects. You can exercise these rights by contacting tietosuojavastaava@wapice.com. If you have any complaints about Wapice’s processing of your personal data, you may contact a data protection authority.

14. Changes to the privacy notice

Wapice continuously develops its operations and reserves the right to update this privacy notice. Changes may also be based on changes in legislation. We recommend that you review this notice from time to time. In the case of major operating changes resulting in material changes in the privacy notice, we may also use other means to announce the matter before its entry into force.

What We Collect and Receive


In order for us to provide you the best possible experience on our websites, we need to collect and process certain information. Depending on your use of the Services, that may include:

  • Contact us via email — for example, when you inquire about our services, products or open positions, place order, send us questions or comments, or report a problem, we will collect your name, email address, message, etc. We use this data solely in connection with answering the queries we receive.
  • Usage data — when you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more.
  • Cookies — We use cookies (small data files transferred onto computers or devices by sites) for record-keeping purposes, analytics, leads, marketing and to enhance functionality on our site. You may also deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time. No tracking cookies will be used on this website unless you opt-in to the use of cookies.