1. Name of the register

Executive search and board assessment register

2. Controller

Company name: Granarium Oy

Business ID: 2134850-8

Address: Erottajankatu 15-17, 00130 Helsinki

3. Contact Person

Name:  Ari Virtanen

Phone number: +358 400 435878

E-mail: ari@granariumadvisors.com

4. The purpose of the personal data usage

Personal data will be collected and processed so that Granarium can serve its customers who acquire executive search, board assessment or other services from Granarium.

The data can also be used for communicating with candidates or people to be assessed (“candidate”, “assessed person” or “you”).

According to the EU's General Data Protection Regulation, the legal basis for the processing of personal data is the controller's legitimate interest due to the measures required by the customer relationships. The purpose of processing personal data is to collect the information needed for search assignments or board assessments. 

The traffic on the website is monitored to enable development work and marketing.

The collection and processing of personal data is always based on legislation, customer or service agreement, the legitimate interest of Granarium or on the consent from you.

The information is not used for automated decision-making, profiling or other unrelated functions. The information is only used for the purpose it was collected for.

5. The content of the personal data

The data collected may include information such as your name, contact information, picture of you, place of residence, education, working history, historical compensation data, other information provided by you on yourself, agreements signed with Granarium, information provided by people giving references about you, psychometric test results, and a consultant’s subjective view of you as a candidate for the given executive search or board evaluation assignment.

If you have visited the website of Granarium, the IP address, the device used, the browser and the location will remain in the data.

If you have sent a contact form through the web site, the information contained in it will remain in the data.

6. Sources of the personal data

The information to be saved in the register is obtained from messages sent via web forms, by e-mail, by phone, via social media services, contracts, customer or candidate meetings and other situations where personal information is disclosed.

7. Transfers of data and transfer of data outside the EU

Data is not disclosed to other parties without your consent. Granarium’s accounting has the opportunity to see the information needed for the customer invoicing (mandatory for the company's operations), which may include your name, but they do not have access to any other part of your personal data.

Data can be transferred by the controller outside the EU only with your consent.

8. Principles of registry protection

All data will be stored electronically or on paper as physical documentation. Information will be collected to Granarium’s database. Access to the database is protected with user right management. Appropriate technical and organizational means are used to secure the personal data from inappropriate access, accidental or unlawful destruction, amendment, distribution and transfer of personal data as well as from other unlawful processing.

The controller ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it belongs to.

9. The right of inspection and the right to demand correction of information

You have the right to check your information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If you want to check the information stored about you or demand correction, the request must be sent in writing to the controller. If necessary, the controller may ask you to prove your identity. The controller responds to you within the time stipulated in the EU data protection regulation (generally within a month).

10. Other rights related to the processing of personal data

You have the right to request the removal of personal data about you from the register ("the right to be forgotten"). You also have other rights according to the EU's General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may ask you to prove your identity. The controller responds to you within the time stipulated in the EU data protection regulation (generally within a month).