S-BUSINESS SUPPLIER REGISTER
PRIVACY POLICY (updated in March 2025)
Data controller
S-Business Oy
Fleminginkatu 34, FI-00510 Helsinki, Finland
email: s-business@sok.fi
Phone: +358 10 768 0820
Business ID 2389183-8
Contact details of the data protection officer
tietosuojavastaava@sok.fi
Purpose of personal data processing
The purpose of the processing of personal data stored in the business partner and supplier register is the preparation and implementation of an agreement with a business partner or service provider, as well as the implementation of communication, information sharing and cooperation with the contact persons of service providers, business partners and other stakeholders.
Grounds for the processing of personal data
We process the personal data of the contact persons of our business partners and service providers based on an agreement. We also process personal data based on a legitimate interest created by a customer relationship.
Processed personal data groups
- Contact persons for suppliers and business partners
The personal data processed
- Name
- Phone number
- Email address
- The employer’s name and job title in the company
- Username
Recipients of personal data
We process personal data for the purposes defined in this privacy policy in the electronic systems and services of S-Business and S Group. We use external service partners in the provision of system and support services. Personal data can be transferred to said service providers insofar as the service providers participate in the implementation of measures within the framework of the relevant assignment.
We ensure that our partners protect personal data sufficiently as required by law.
Personal data may be transferred to the following service partners in order to produce the service:
- Consulting and reporting partners
- The authorities to whom we release information according to the limits permitted and obligated by valid legislation, when responding to the authorities’ data requests, for example
In addition, contact person data can be disclosed between S Group’s organisations to ensure operational flexibility and the quality of contact person data and for the execution of the agreement.
Transfer of personal data to third countries or international organisations and data protection safeguards used
We do not transfer personal data to third countries outside the European Union or the European Economic Area or to international organisations.
Period for storing personal data or criteria for determining the storage period
We only store personal data in accordance with this privacy policy for as long and to the extent that a contractual relationship exists with the business partner or service provider supplier and the contact person is employed by the business partner or service provider.
We regularly review and delete outdated data. The checking and deletion of the data stored in the register is performed twice a year.
Rights of the data subject
The data subject has the following rights:
- Right to access personal data
- Right to rectification of data
- Right to erasure
- Right to restrict processing
- Right to object
- Right to withdraw consent
- Right to data portability
If a data subject wishes to exercise these rights or to obtain further information about the processing of their personal data, they can contact the controller named in this privacy policy.
Data subjects also have the right to lodge a complaint with the supervisory authority if they deem that the processing of their personal data violates the applicable data protection regulations.
If a data subject wishes to exercise their rights or to obtain further information about the processing of their personal data, they can contact the controller named in this privacy policy.
General description of technical and organisational safety measures
We protect the personal data for the whole duration of its life cycle by using appropriate security measures.
At S Group, we protect personal data with, among other things, anticipatory risk management and security planning, data communication protection means, the continuous maintenance of information systems and backups, and by using secure hardware facilities, access control and security systems. The granting and monitoring of user rights is a well-managed process. We regularly train our personnel involved in the processing of personal data. We select our subcontractors with care. We continuously update our internal practices and guidelines.
If, despite all of our safeguards, we detect a data security breach concerning personal data, we will immediately begin investigating the matter and strive to prevent any damage. We will inform the relevant authorities and data subjects of any data security breaches in accordance with legislative requirements.
