This is a statement on the processing of your personal data pursuant to the EU’s General Data Protection Regulation (679/2016).
Multi-Agent Technology Oy
Business ID: 2917989-2
Name of the filing system
Smart Field Services android mobile application
Basis and purpose of processing personal data
The legal basis for the processing of personal data is the contractual relationship between the data subject and controller.
The purposes of processing personal data include only necessary organization user information from organizations that have subscribed Smart Field Services software service. This software service is used to process service requests in field service operations.
Regular data sources
The personal data to be processed is regularly received from the data subject themselves.
Personal data being processed
The controller only collects personal data concerning the data subjects that is essential and relevant for the purposes explained in this privacy statement.
The following data concerning the data subjects is processed:
- User IDs
- Location – approximate and precise – optional
- Photos – optional
- Crash logs
Disclosure of personal data
Personal data will not be disclosed to third parties, unless the law imposes an obligation to do so. Data may, therefore, be disclosed in exceptional cases, such as to the authorities when so required by law.
Transfers of personal data to third countries
As a rule, personal data will not be transferred outside of the EU and the European Economic Area. However, if this is done for a special reason, the transfer will be implemented in accordance with the European Commission’s decision on the adequacy of privacy protection.
Protection of personal data
The controller processes personal data in a manner that aims to ensure the appropriate security of the personal data, including their protection against unauthorised processing and accidental loss, destruction or damage.
The controller uses appropriate technical and organisational safeguards in order to achieve this goal; these include the use of firewalls, encryption techniques and safe equipment rooms, appropriate access control, careful management of data system user IDs, and providing instructions to the personnel participating in the processing of personal data.
All employees processing personal data have a non-disclosure obligation for matters related to the processing of personal data of the data subjects based on the Employment Contracts Act (55/2001) and non-disclosure agreements that supplement it.
Retention period for personal data
The controller will process the personal data for the time as organization is having active subscription for software service. At the end of this period, the controller will delete or anonymise the data as agreed with organization in accordance with the deletion processes it follows.
The controller may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.
Personal data will not be used for profiling or other automated decision-making.
Rights of the data subject
Right to erasure
The data subject has the right to request erasure of personal data concerning them if
- the personal data is no longer required for the purposes for which they were collected; or
- the personal data has been unlawfully processed.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning them if
- the data subject contests the accuracy of their personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority
The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.