PERSONAL DATA PROCESSING


1. Purpose of the Agreement

1.1. “Client” - the Service user of the Service provided by Bisse.fi owned by RNN Group OY (-tunnus 3091611-6) with registered address at Merikapteenintie 38B, 00890 Helsinki, Finland, as Service Provider - “RNN”, commonly referred to as Parties, have entered into a Contract according to the Terms of Service, whereas RNN provides the Client with invoicing and other additional services described in Terms of Service.


1.2. When providing the Service RNN processes personal data (“data”) on behalf of the Client, whereas the Client is the Controller and RNN is the Processor of personal data in the meaning of the EU General Data Protection Regulation (the GDPR).


1.3. When processing personal data the Parties agree to apply best efforts to comply with GDPR, Data Protection Act (5.12.2018/1050) and any other applicable valid legislation related to data protection (“Legislation on data protection”).


1.4. The Client, as the Controller, guarantees that he/she has the right to use and provide personal data to RNN to be processed by RNN pursuant to the Contract.


1.5. The data is mainly collected from the Clients. Personal data may be also collected and updated from authorities in cases required to perform the Service and/or additional services.



2. RNN obligations

2.1. The Processor shall keep the personal data confidential and shall process the personal data only for the purpose of Service provision and development and additional services in manner compliant with Legislation on data protection.


2.2. The Processor is entitled to process personal data in its operations during the validity of the Contract, however in cases required by law, personal data can be stored for periods exceeding the term of the Contract.


2.3. In course of Service personal data required to deliver the Service will be processed by the Processor and includes, but not limited to the following data:


  • Name
  • Contact information (telephone number, address and email address)
  • Age
  • Profession
  • Personal identity number
  • Taxation data
  • Details related to salary payments
  • Customer data (Assignor data) and details of the assignments
  • Necessary identification data and technical usage such as cookies and log details etc.
  • Nationality and work permit-related information, when necessary
  • Copy of identity document, when necessary


2.4. Personal data can be processed for customer relationship management, services, analysis, and development purposes.


2.5. The processor shall ensure that persons authorized to process personal data perform their duties in a confidential manner.


2.6. When entering into the Contract the Client gives his/her consent for the Processor to use services of other personal data processors (sub-processors) provided that the Processor ensures that the same data protection obligations apply.


2.7. The processor shall not be entitled to transfer personal data to a third party outside the EU and the EEA area without a prior written consent from the Client, except cases in Article 2.7.1. below.


2.7.1. When entering into the Service Agreement the Client gives the express consent to that personal data will be processed in connection with the Service by the following enterprises operating in the USA. By giving the permission, the Client is aware that such transfers may pose certain risks due to potential lack of EU-level protection measures:


  • Google LLC (used services – Analytics, Google Workspace, YouTube) : Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: https://policies.google.com/privacy?hl=en_US
  • GCloud (used services- App engine, Kubernetes engine, Storage, Database): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA https://cloud.google.com/terms/cloud-privacy-notice – Data is stored at Hamina, Finland and Belgium

  • 2.8. Upon Client’s request, RNN shall provide without undue delay a copy of stored personal data of the Client.


    2.9. The processor shall ensure that personal data is processed safely, any personal data breach shall be notified to the relevant authority and if required, communicated to the data subjects.


    2.10. The data processor shall not have a right to sell Client’s personal data to third parties.


    2.11. The maximum liability for damages of the RNN group on the basis of the Contract is limited to the annual amount of the Service fee charged for the Service from a specific Client. RNN shall not be liable for any indirect damage incurred by the Client, such as lost profit, decrease in Client’s operations etc.



    3. Validity

    3.1. The terms described herein shall become valid when the Client has registered as a Service user of the Bisse.fi provided by the RNN.


    3.2. RNN shall have a right to update the terms and conditions of personal data processing which have to be communicated to the Client before the amendment is in force.


    3.3. Personal data will be stored for the time necessary to carry out the purposes for which the data was collected, but no longer than 10 years from the date of the last service usage of the Client, unless the Client has withdrawn his/her consent for data processing.




    Date updated: 1st of August 2021


    RNN Group Oy