kaj.weissenberg@kiwa.com · +358 40 555 9628

Order an HSEQ® assessment

Privacy Statement

Controller

Kiwa Sertifiointi Oy
P.O. Box 1000
00581 Helsinki
Tel. +358 10 521 600
fi.asiakaspalvelu@kiwa.com

Contact Person for Registry Matters

Vesa Haakana
P.O. Box 1000
00581 Helsinki
Tel. +358 400 707 878
vesa.haakana@kiwa.com

Purpose of Processing Personal Data

The HSEQ database has been established to transmit supplier company information and assessment results to principal members and for the supplier’s own use.
The contact details of supplier representatives and system users form a personal data register used for system administration, customer relationship management, and conducting assessments.

The register contains information necessary for organizing evaluations, communicating upcoming assessments, and related services.

Data Content of the Register

Information provided by the supplier:

  • Supplier name, company/organization, address, and business ID
  • Contact person’s name, title, email address, and phone number
  • Maturity assessment of the supplier company, self-assessment responses
  • Evidence data, attachments, and responses related to delivery capability
  •  

Information provided by the lead assessor:

  • Supplementary data collected from the supplier’s public website, such as company description and policies, if not already provided
  • Maturity level for each assessment criteria
  • Working notes
  • Records of strengths, deviations, recommendations, and best practices

Information provided by system users:

  • Buyers and lead assessors from member organizations provide their name, phone number, email address, and company name to create user credentials and access restrictions.

Regular Sources of Information

Data is obtained from the supplier and the lead assessor. Other sources, such as the Finnish Business Information System (YTJ) or certification databases, may be used to verify or supplement the supplier’s information.

Regular Data Disclosures

The name and sometimes the organization of the evaluation participant may appear in correspondence and reports related to the evaluation.

After the assessment, data may be transferred to the members’ own supplier management systems as CSV files. Transferred data includes assessment results, excluding working notes and attachments.

Transfer of Data Outside the EU or EEA

No data collected in the register is transferred outside the EU or European Economic Area.

Principles of Register Protection

Tietojärjestelmissä käsiteltävät tiedot

Supplier data is not stored on Softers Oy’s servers. Softers Oy has confirmed appropriate monitoring and security in its agreement with Pohto Oy.
The connection between the user’s browser and the server environment is encrypted. Data is stored in a data center within the EU.

System access requires HSEQ® assessor training for buyers and written personal qualification and authorization from the HSEQ® cluster for lead assessors.
Designated Kiwa customer service representatives are authorized to print reports from the system for each supplier.

System data may occasionally be used for scientific research with authorization from HSEQ® members, e.g., by the University of Oulu’s Department of Work Science.

Each user has a personal username and password, granted after authorization. Access rights depend on the user’s role in the HSEQ® cluster.
Access is governed by the principle of minimum necessary data and is regularly monitored.
Upon termination of employment, the user’s password is changed to prevent further access.

Access rights

Registered individuals have the right to review their personal data stored in the register.

Requests must be made in writing to fi.asiakaspalvelu@kiwa.com.

Retention Period

Registered individuals remain listed as supplier contacts until replaced by a new contact.

Typically, data is needed until the HSEQ® assessment is renewed (usually every 3 years), but in cases of delayed renewal, contact information may be retained longer.

Maximum retention is 10 years unless the supplier is re-evaluated within that time.

Right to Rectification

Registered individuals have the right to request correction of inaccurate data. Requests must be made in writing to fi.asiakaspalvelu@kiwa.com.

Other Rights Related to Personal Data Processing

Registered individuals have the right to prohibit the use of their data for direct marketing, distance selling, and other promotional purposes.