{"saml_login_enabled":true,"saml_user_management":"idp","persons_enabled":false,"identity_has_validity":false,"gdpr_privacy_policy_en":"Employee Privacy Statement\r\n\r\nOy Karl Fazer Ab and its affiliates are committed to protecting your privacy and processing your personal data in accordance with applicable data protection legislation and good data protection practices. In this Privacy Statement \u201dFazer\u201d refers to the operative company acting as the controller of your personal data jointly with Oy Karl Fazer Ab.\r\nThis Privacy Statement describes how personal data concerning you is collected, processed and protected during and after your employment at Fazer.\r\nWhere applicable, this Privacy Statement also applies if you are working as a\r\ncontingent worker for Fazer. Fazer is always processing personal data according to the local laws and taking into consideration the business specific differences.\r\n\r\n\u201cPersonal data\u201d means any information relating to an identified or identifiable person.\r\n\u201cSensitive data\u201d refers to any information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. In addition, genetic data and biometric data for the purpose of uniquely identifying a person as well as data concerning health, sex life or sexual orientation are considered as sensitive data.\r\n\r\n\u201cProcessing\u201d refers to any operation which is performed on personal data using manual or automatic processing, for example collecting, storing, organizing anddeleting of data.\r\n\r\n\u201dController\u201d refers to the body who alone or jointly with others determines the purposes and uses for the processing of personal data. i.e. decides how your personal data is processed.\r\n\r\n2. From where the data is collected?\r\nPrimarily, Fazer as an employer collects personal data directly from you. In addition, personal data is collected from third party sources when employees join Fazer through transfer of a business, merger or acquisition. Personal data is collected, for example, during the recruitment, when making the employment contract, during development discussions and when employee is utilizing different tools and HR services.\r\n\r\n3. What kind of data is collected?\r\nFazer collects only personal data that is necessary for the employment relationship, inter alia:\r\n\u2022 Basic Information: Name, national identification number, nationality, residence and work permit, gender, home address, phone number, email, date\r\nof birth and emergency contact details.\r\n\u2022 Payroll and benefits related information: Salary and other benefits, bankaccount details, tax information, vacations, absences, sick pay, trade union\r\ndeductions, travel expenses, pensions, company car arrangements, meal allowance and other benefits information.\r\n\u2022 Employment and performance information: Employment dates, employee identifier (Fazer ID), position at the company, photo, information\r\nabout the work performance and potential, working times, accidents at work, health data, drug and alcohol test results, information about special\r\ndiets, information needed for purchasing work clothing and shoes, possible disciplinary actions and warnings, attended courses and trainings, compe\r\ntences and certificates.\r\n\u2022 Log data and other identification information: Identifiers such as user names, activity logs and user logs.\r\n\u2022 Recruitment information: Completed studies, work experience, language skills, IT-skills, personal webpage, application, cover letter, information re-\r\nceived from third parties (such as references, possible background checks, personality and aptitude assessments, recruitment agencies and social me-\r\ndia used for recruitment e.g. LinkedIn)\r\n\u2022 Location data: <e.g. GPS-information from the vehicles>.\r\nFazer processes sensitive data according to the local and EU laws. Instructions about the processing of sensitive data can be found in Fazernet.\r\n4. What is the data used for?\r\nProcessing of employee personal data is necessary to comply with the obligations and rights arising from an employment relationship, for instance, when employees\u2019 payroll and bank account information is processed for payment of salaries or benefits. Thus, it is important to understand that processing of personal\r\ndata is necessary for entering into and maintaining of employment contract. Employee data is processed based on an employment contract for the following\r\npurposes:\r\n\u2022 Personnel management: Purposes relating to the rights and obligations arising from the employment relationship (such as payment of salaries,\r\nserving of benefits, evaluation of work performance, execution of trainings, international internships and promotions)\r\n\u2022 Tasks management: Purposes relating to the Fazer\u2019s business operations such as planning, scheduling and management of the work.\r\n\u2022 IT-management and tools: Management of systems, devices, applications and tools (for example, CRM, phone, pc, email, and Fazernet) and\r\nenhancing their use with AI-based tools. Fazer is introducing new AI-based tools that aim to make knowledge work more efficient by utilising\r\nexisting data, e.g. the purpose of using M365 Copilot is to make working with M365 tools more efficient. In the use of M365 Copilot, employee\u2019s\r\nprompts, discussion history and so-called user-specific semantic index are created.\r\nFazer processes employees\u2019 personal data also to comply with legal requirements, such as processing for the purposes relating to taxation, employee\r\nhealthcare or statutory insurances. In order to ensure the safety of the workplace, the employer may process the necessary information on the exposure of\r\nworkers to a generalized infectious disease. The information may be disclosed on request to an authority having a legal right of access to the information. The data will be kept for the duration of the statutory requirements or during the acute pandemic, until processing is no longer necessary to prevent and limit the risk.\r\nThe need for continued storage is regularly assessed.\r\nFazer processes employees\u2019 personal data also for security information and event management purposes:\r\nICT information security management organization collects logs from critical systems to a centralized log management system and produces a situational aware ness view of operative information security.\r\nFazer ICT employees with information security related job duties can, with the help of the collected logs and analytics, search for information security related threats and anomalies and will, where necessary, report them as information security incidents. The system can also make automatic alarms for potential in formation security incidents. Logs help to identify what, why and when something has happened.\r\n\r\nFazer has outsourced the parts of these operations to a third party who analyses and registers information security incidents in accordance with the Act on Electronic Communications Services (917\/2014) Articles 144 and 272. The analysis is done mainly automatically, but in some cases manual review is necessary.\r\nManual investigation is commenced only after an automatic alarm or a clear suspicious incident has occurred.\r\nThe following persons have access to the system: the personnel of the outsourced security partner, Fazer infrastructure - team (approximately 10 named\r\nFazer ICT persons) and ICT-infra supplier\u2019s named experts.\r\n\r\nFor serious information security violations, we might disclose personal identification information to national cyber security center specialists.\r\nThe legal basis of processing of the personal data is compliance with the controller\u2019s legal obligations based on binding law to ensure information security of the Fazer information systems (Act on Electronic Communication Services Article 272).\r\n\r\nThe following types of data is collected: traffic data, proxy data, location data or other identifying information, such as username, email address, telephone number, user device identifiers.\r\nSource of information: Firewalls, network monitoring, IT-infra\/application services, end user device Anti-virus solutions, Microsoft based monitoring solutions.\r\nFazer processes personal data also when it is necessary for the purposes of legitimate interests pursued by Fazer. In Fazer\u2019s operations, legitimate interest serves for example one or several of the following purposes:\r\n\u2022 Improvement of IT and HR services, potential evaluation (so-called talentreview) to ensure the continuity of company\u2019s operations.\r\n\u2022 Security management: Activities ensuring the security and safety of the employees, customers, and premises, as well as the protection of the\r\nFazer\u2019s intellectual property rights and trade secrets, for example, with camera surveillance, by identifying employees as well as managing ac-\r\ncess to the buildings and information (read more about this at the end of this statement in Appendix 1). Examination of wrongdoings, freud preven-\r\ntation and denunciation process (whistleblowing service).\r\n\u2022 Transfers of employees\u2019 personal data within the Fazer Group\r\n\u2022 Establishment, exercise or defence of legal claims\r\n\u2022 Execution of business transactions\r\n\u2022 Providing a company credit card or other benefits such as a car benefit or sports allowance to the employee Legitimate interest refers to an interest that is lawful and important to Fazer. In processing activities based on legitimate interest employees\u2019 rights are taken into account and their privacy is not interfered more than necessary. The employee has on grounds relating to his or her particular situation the right to object to processing based on a legitimate interest. Read more about rights in section \u201cHow can you influence the processing of your data?\u201d\r\nEmployee\u2019s consent is considered as a basis for the processing only in exceptional cases. In these situations, employee is informed about the processing before collecting the consent. For example, employee\u2019s consent can be collected to publish employee\u2019s photo and story on the Fazer\u2019s website in the material presenting Fazer\u2019s operations. Giving a consent is always voluntary and employees have the possibility to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.\r\nPersonal data is processed for the purposes it has been initially collected for, and for other purposes if they are compatible with the initial purpose.\r\n5. How long the data is stored? Your personal data is primarily stored as long as it is necessary for the purposes described above and to comply with any mandatory legislation, such as laws regarding to employment contracts, working hours or accounting.\r\nRetention times are determined according to the following criteria in Finland:\r\nSalary data 10 years\r\nData required for employment certificate 10 years\r\nBookkeeping data 10 years\r\nHealth data (doctor\u2019s certificates) 1+2 years\r\nEmployment contract 10 years\r\nSecurity information and event management data 1 year\r\nInformation on exposure to generalized infectious disease 10 years\r\nOccupational healthcare has its own Privacy Statement where you can find more\r\ninformation about retention times of health data.\r\n\r\n6. Who can access your data and is it disclosed to third parties?\r\nYour personal data is processed by those Fazer employees who need to process the data due to their work tasks. Some limited information is available for\r\nall Fazer Group employees, such as contact details and photos in Fazernet.\r\nYour personal data is processed within the Fazer Group.\r\nService providers Fazer uses different service providers to process your data.\r\nWhen the processing is outsourced to service providers, they can only use your personal data following the instructions defined by Fazer. Service providers are, for example, companies providing information systems and solutions for Fazer and companies providing consultancy and audit services. In such cases it is ensured by appropriate contractual means that the service providers maintain a level of information security that is adequate to protect your personal data and to comply with the applicable data protection legislation. The service providers and subcontractors process your personal data only for the above-mentioned purposes determined by Fazer.\r\n\r\nFor the purposes of assessing and developing employee work experience, well being at work, occupational safety and management, Fazer discloses personal\r\ndata collected in employee surveys to service provider Effectory B.V. for the performance of personnel surveys and the creation of benchmarks, to service\r\nprovider PricewaterhouseCoopers Oy for the creation of the benchmarks. When necessary for providing you with a company credit card or other benefit,\r\nsuch as car benefit or sports allowance, Fazer discloses your personal data to the third party service provider such as credit card company, leasing company and wellbeing service provider. Fazer does not disclose more personal data than it is necessary to provide the benefit.\r\nLegal obligation: In certain situations, law requires Fazer to disclose your personal data to authorities or other third parties. Personal data is disclosed, for example, in connection with taxation, social benefits, pension payments and insurance. In such situations Fazer does not disclose more personal data than it is necessary to fulfill the obligation. Fazer can disclose your personal data also, when it is necessary for the establishment, exercise or defence of a legal claim. Mergers, acquisitions and other transactions: Your personal data can be disclosed during the possible acquisition, merger or other transaction to the purchaser or to other party relevant to the arrangement.\r\n\r\n7. Is your data transferred beyond the borders of the EU or EEA?\r\nSome service providers that Fazer uses, such as IT system support and consultancy service providers, are located outside the European Union or the Euro-\r\npean Economic Area, e.g. in the United States and in India. Therefore, your personal data can be transferred outside the EU, given that the requirements of the General Data Protection Regulation are fulfilled. In this case processing is organized by data protection clauses approved by European Commission. You may request information on the details of transfers to third countries and safeguards by using the contact details below.\r\n\r\n8. How can you influence the processing of your data?\r\n\u2022 You have the right to request access to the data concerning you or to receive confirmation that your personal data is not processed (right of\r\naccess).\r\n\u2022 You have the right to rectification (right to rectification). It means that if there are errors in the data concerning you, or if the data is inaccurate or deficient, you have the right to ask Fazer to rectify or complete the data.\r\n\u2022 You have the right to have your personal data erased in certain situations, for example, when the processing of your personal data is no longer necessary for the purposes for which it was collected, or if the processing is based on your consent and you want to withdraw your consent and there\r\nare no other bases for processing (right to be forgotten). Please note that Fazer may have a basis to retain the data to comply with mandatory leg-\r\nislation, such as laws regarding employment contracts, working hours or accounting and, therefore, in many cases data cannot be erased.\r\n\u2022 When the processing of your personal data is based on legitimate inter est, you have the right to object to such processing on grounds relating\r\nto your particular situation (right to object).\r\n\u2022 In certain situations you might have the right to restrict the processing of your personal data (right to restriction of processing). When the pro-\r\ncessing has been restricted, your personal data will only be stored and not processed otherwise. For example, if you contest the accuracy of your\r\npersonal data, you have the right to have the contested data under a restriction of processing during the time when it is ensured that your data is\r\naccurate.\r\n\u2022 In certain situations, you have the right to obtain the personal data you have provided to Fazer in a machine readable format so that you can\r\ntransfer it to another controller (right to data portability). You can exercise your data protection rights as follows:\r\n\u2022 If you have access to Workday system, you can print a report of your personal data according to Fazernet instructions. You can also correct some information yourself via Workday.\r\n\u2022 If you do not have access to Workday system, you can ask your manager to print out the report of your personal data. Your manager can also rectify\r\nor complete incorrect data if necessary.\r\n\u2022 If you have other requests concerning your rights, you can send a request form via Fazergroup privacy pages (www.fazergroup.com\/privacy).\r\nIf you believe that Fazer, despite the principles set out in this Employee Privacy Statement, has infringed upon your rights according to applicable data protection law, you have a right to file a complaint with the local data protection authority.\r\n\r\n9. How your data is protected?\r\nFazer has appropriate technical and organizational security measures and processes to secure the personal data from loss, misuse or other similar unauthor\r\nized access to your data. The data is collected to servers and databases that are protected by firewalls, passwords and other technical means. The servers, databases and their backup copies are located in secured premises where the data can only be accessed by specific persons designated in advance. The servers have strong security.\r\n\r\n10. Can Fazer change the Privacy Statement?\r\nFazer continuously develops its practices and services relating to the protection of personal data and, therefore, this Employee Privacy Statement is updated to describe the processing when necessary. Changes in the applicable legislation or interpretations thereof may also result in amendments to this Employee Privacy Statement. Up to date Employee Privacy Statement can always be found in Fazernet.\r\n\r\n11. Who can you turn to if you have questions concerningthe processing of your data?\r\nIf you have any questions about the processing of personal data, please contact a local privacy specialist.\r\nFazer Makeiset Oy: employmentprivacy.fcfi@fazer.com\r\nFazer Leipomot Oy: employmentprivacy.fbfi@fazer.com\r\nFazer Finland Oy: employmentprivacy.fazerfinland@fazer.com\r\nOy Karl Fazer Ab: employmentprivacy.kf@fazer.com\r\nFazer Ravintolat Oy: employmentprivacy.fazerfinland@fazer.com\r\n\r\n12. Controllers\r\nThe controllers of your personal data are Oy Karl Fazer Ab jointly with its affiliate that you have an employment relationship with. If you are working as a contingent worker for Fazer, the controllers of your personal data are Oy Karl Fazer Ab jointly with its affiliate that you work for as a contingent worker.\r\nOy Karl Fazer Ab\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nFazer Makeiset Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nFazer Leipomot Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 17, 00941 Helsinki\r\nFazer Finland Oy\r\nFazerintie 6, 01230 Vantaa\r\nFazer Ravintolat Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\n\r\n13. Links to other Privacy Statements\r\nYou can find more information about how privacy is managed at Fazer on Fazergroup privacy pages (www.fazergroup.com\/privacy).\r\n\r\nPublished on the 5th of February 2024\r\nAPPENDIX 1\r\nVideo surveillance systems\r\nVideo surveillance enables us to ensure the personal safety, protection of property and food safety of our employees, customers and other persons staying at or visiting our facilities as well as to prevent and resolve situations that jeopardise safety, property and production processes.\r\nVideo surveillance stores data on persons who are within the range of the cameras at any given time. Surveillance may target, among other things, public\r\nspaces, loading docks, factory areas and, under certain conditions, areas where money is handled. This will enable us to ensure safety and protect people and property from harm. If Fazer uses video surveillance systems in the premises, the covered area is marked with clear notice tags (for example with camera images or with a notice reading \u201cvideo surveillance\u201d or other similar notification). Fazer processes the data based on the legitimate interest of the controller. The retention period of the data is defined based on requirements of local legislation and\/or supervisory authority recommendations and the initial retention time ranges from two weeks to three months, as applicable country-by-country. The data may be retained for longer if required by presenting, resolving or defending a legal claim; in other words, until the judgment is legally valid or the matter has been finally settled. Surveillance has been outsourced to a security company whose security guards monitor events on the property through a TV monitor. The security guards have technical access to the video surveillance material and they are allowed to access the material if necessary on prior consent from Fazer security director. The security system is maintained on premise by Fazer itself. Data can be disclosed to the authorities on the basis of the statutory right to oobtain information. Such authorities include the police.\r\n\r\nAccess control systems\r\nAccess control enables us to ensure the personal safety, protection of property and food safety of our employees, customers and other persons staying at or visiting our facilities as well as to prevent and resolve situations that jeopardise safety, property and production processes. The access control register stores data on persons who have applied for access rights and who at any given time have entered or exited through doors or gates included in the system or used the facilities included in the system. The information to be stored in the system includes the person's background information,\r\nsuch as name, role, employer and possibly their personal identity code, date of birth and picture, as well as the date and time of access and the vehicle\u2019s registration number and picture. The background information is usually obtained from the person themselves or their representative when the access right is applied for, and the other information is obtained from the access control systems. Fazer processes the data based on the legitimate interest of the controller. Processing the personal identity code is required for unambiguous identification of the person in question in order to ensure the safety of persons, among other things. The data is retained for a maximum of three years or longer, if required by presenting, resolving or defending a legal claim; in other words, until the judgment is legally valid or the matter has been finally settled. If access rights have\r\nnot been granted, the data will be erased within three months of entering the application in the system.\r\nAccess control has been outsourced to a security company whose security guards monitor events on the property through a TV monitor. The security\r\nguards have technical access to the access control material and they are allowed to access the material if necessary on prior consent from Fazer security\r\ndirector. The security system is maintained on premise by Fazer itself. Data can be disclosed to the authorities on the basis of the statutory right to\r\nobtain information. Such authorities include the police.","gdpr_privacy_policy_fi":"Tietosuojaseloste ty\u00f6ntekij\u00f6ille\r\n\r\nOy Karl Fazer Ab on yhdess\u00e4 samaan konserniin kuuluvien maayhti\u00f6idens\u00e4 kanssa sitoutunut suojaamaan yksityisyytt\u00e4si ja k\u00e4sittelem\u00e4\u00e4n henkil\u00f6tietojasi\r\nkulloinkin voimassa olevan lains\u00e4\u00e4d\u00e4nn\u00f6n ja hyvien tietosuojak\u00e4yt\u00e4nt\u00f6jen mukaisesti. T\u00e4ss\u00e4 tietosuojaselosteessa \u201dFazer\u201d viittaa siihen maayhti\u00f6\u00f6n, joka toimii henkil\u00f6tietojesi rekisterinpit\u00e4j\u00e4n\u00e4 yhdess\u00e4 Oy Karl Fazer Ab:n kanssa.T\u00e4ss\u00e4 tietosuojaselosteessa kuvataan, miten henkil\u00f6tietojasi ker\u00e4t\u00e4\u00e4n, k\u00e4sitell\u00e4\u00e4n ja suojataan Fazer-konsernissa ty\u00f6suhteesi aikana ja sen j\u00e4lkeen. T\u00e4t\u00e4 tietosuojaselostetta sovelletaan soveltuvin osin my\u00f6s silloin, kun ty\u00f6skentelet Fazerilla vuokraty\u00f6ntekij\u00e4n\u00e4. Fazer k\u00e4sittelee henkil\u00f6tietoja aina paikallisia lakeja noudattaen ja toimialakohtaiset eroavaisuudet huomioiden. \u201cHenkil\u00f6tiedolla\u201d tarkoitetaan kaikkea tietoa, joka liittyy tunnistettuun tai tunnistettavissa olevaan henkil\u00f6\u00f6n.\r\n\u201cArkaluontoisella tiedolla\u201d viitataan tietoon, joista ilmenee henkil\u00f6n rotu, etninen alkuper\u00e4, poliittinen mielipide, uskonnollinen tai filosofinen vakaumus tai ammattiliiton j\u00e4senyys. Arkaluontoisia tietoja ovat my\u00f6s geneettiset ja biometriset tiedot, jos niit\u00e4 k\u00e4ytet\u00e4\u00e4n henkil\u00f6n yksiselitteiseen tunnistamiseen, sek\u00e4 terveyteen, seksuaaliseen k\u00e4ytt\u00e4ytymiseen ja suuntautumiseen liittyv\u00e4t tiedot. \u201cK\u00e4sittelyll\u00e4\u201d tarkoitetaan kaikkia toimintoja, joita kohdistetaan henkil\u00f6tietoihin joko automaattista tietojenk\u00e4sittely\u00e4 k\u00e4ytt\u00e4en tai manuaalisesti, esimerkiksi tietojen ker\u00e4\u00e4mist\u00e4, tallentamista, j\u00e4rjest\u00e4mist\u00e4 ja poistamista. \u201dRekisterinpit\u00e4j\u00e4ll\u00e4\u201d viitataan siihen tahoon, joka yksin tai yhdess\u00e4 toisten kanssa m\u00e4\u00e4rittelee henkil\u00f6tietojen k\u00e4sittelyn tarkoitukset ja keinot eli toisin sanoen p\u00e4\u00e4tt\u00e4\u00e4 henkil\u00f6tietojen k\u00e4sittelyst\u00e4.\r\n\r\n2. Mist\u00e4 tietoa ker\u00e4t\u00e4\u00e4n?\r\nFazer ty\u00f6nantajana ker\u00e4\u00e4 henkil\u00f6tiedot l\u00e4ht\u00f6kohtaisesti ty\u00f6ntekij\u00e4lt\u00e4 itselt\u00e4\u00e4n eli suoraan sinulta. Tietoja ker\u00e4t\u00e4\u00e4n my\u00f6s kolmansilta osapuolilta silloin, kun ty\u00f6ntekij\u00f6it\u00e4 siirtyy Fazerille liikkeenluovutuksen, yritysoston tai yhdistymisen kautta. Ty\u00f6ntekij\u00f6ist\u00e4 ker\u00e4t\u00e4\u00e4n henkil\u00f6tietoja esimerkiksi rekrytoinnin, ty\u00f6sopimuksen solmimisen, ty\u00f6v\u00e4lineiden k\u00e4yt\u00f6n, HR-palveluiden hy\u00f6dynt\u00e4misen ja kehityskeskustelujen yhteydess\u00e4.\r\n\r\n3. Millaista tietoa ker\u00e4t\u00e4\u00e4n?\r\nFazer ker\u00e4\u00e4 ty\u00f6ntekij\u00f6ist\u00e4\u00e4n vain ty\u00f6suhteen kannalta tarpeellisia henkil\u00f6tietoja, muun muassa:\r\n\u2022 Perustiedot: nimi, henkil\u00f6tunnus, kansalaisuus, oleskelu- ja ty\u00f6lupa, sukupuoli, kotiosoite, puhelinnumero, s\u00e4hk\u00f6postiosoite, syntym\u00e4aika ja l\u00e4-\r\nheisen yhteystiedot onnettomuuksien varalta.\r\n\u2022 Palkanmaksuun ja muihin etuihin liittyv\u00e4t tiedot: palkan m\u00e4\u00e4r\u00e4 ja muut edut, pankkitiedot, verotiedot, lomat, poissaolot, sairaslomat, ammattiliiton\r\nj\u00e4senyys, el\u00e4kkeet, matkakustannukset, autoj\u00e4rjestelyt, ruokaraha ja muut etuuksiin liittyv\u00e4t tiedot.\r\n\u2022 Ty\u00f6skentelyyn ja ty\u00f6suoritukseen liittyv\u00e4t tiedot: ty\u00f6suhteen p\u00e4iv\u00e4m\u00e4\u00e4r\u00e4t, ty\u00f6ntekij\u00e4tunnus (Fazer ID), toimenkuva, valokuva, suoritukseen ja ar-\r\nvioituun potentiaaliin liittyv\u00e4t tiedot, ty\u00f6aikatiedot, ty\u00f6tapaturmat, terveystiedot, alkoholi- ja huumetestien tulokset, tiedot ruokavalioista, ty\u00f6kenkien ja vaatetuksen hankkimiseksi tarvittavat kokotiedot, mahdolliset kurinpidolliset toimenpiteet ja varoitukset, k\u00e4ydyt koulutukset ja kurssit, todistukset ja sertifikaatit.\r\n\u2022 Lokitiedot ja muut tunnisteet: tunnisteita kuten k\u00e4ytt\u00e4j\u00e4tunnukset sek\u00e4 tapahtuma- ja k\u00e4ytt\u00e4j\u00e4lokit.\r\n\u2022 Rekrytointitiedot: suoritetut tutkinnot, ty\u00f6kokemus, kielitaito, IT-taidot,henkil\u00f6kohtainen nettisivu, ty\u00f6hakemus, saatekirje sek\u00e4 antamiltasi suosit-\r\ntelijoilta, mahdollisesta turvallisuusselvityksest\u00e4, soveltuvuus- tai personallisuustestist\u00e4 ja rekrytointiyrityksilt\u00e4 tai ty\u00f6nhakusivustolta (esim. LinkedIn) saadut tiedot.\r\n\u2022 Paikkatiedot: mm. gps-tietoja ajoneuvoista. Fazer k\u00e4sittelee arkaluontoisia henkil\u00f6tietoja paikallisten lakien ja EU:n lains\u00e4\u00e4d\u00e4nn\u00f6n mukaisesti. Ohjeet arkaluonteisen tiedon k\u00e4sittelyst\u00e4 l\u00f6yd\u00e4t Fazernetist\u00e4.\r\n\r\n4. Mihin tietoja k\u00e4ytet\u00e4\u00e4n?\r\nTy\u00f6ntekij\u00f6iden tietojen k\u00e4sittely on tarpeen ty\u00f6sopimukseen liittyvien velvollisuuksien ja oikeuksien toteuttamiseksi, esimerkiksi, kun ty\u00f6ntekij\u00e4n palkka- ja tilitietoja k\u00e4sitell\u00e4\u00e4n palkan tai etujen maksamiseksi. On t\u00e4rke\u00e4\u00e4 huomata, ett\u00e4 henkil\u00f6tietojen k\u00e4sittely on v\u00e4ltt\u00e4m\u00e4t\u00f6nt\u00e4 ty\u00f6sopimuksen tekemiseksi ja ty\u00f6suhteen yll\u00e4pit\u00e4miseksi. Ty\u00f6ntekij\u00f6iden henkil\u00f6tietojen k\u00e4sittely perustuu ty\u00f6sopimukseen, kun tietoja k\u00e4sitell\u00e4\u00e4n seuraaviin tarkoituksiin:\r\n\u2022 Henkil\u00f6st\u00f6hallinto: Ty\u00f6suhteeseen liittyvien oikeuksien ja velvollisuuksien toteuttaminen (muun muassa palkanmaksu, ty\u00f6suhde-etujen tarjoa-\r\nminen, ty\u00f6suoritusten arviointi, koulutusten toteuttaminen, urasuunnittelu, kansainv\u00e4liset vaihdot ja ylennykset).\r\n\u2022 Toiminnanohjaus: Tarkoitukset, joka liittyv\u00e4t Fazerin liiketoimintaan, kuten ty\u00f6n suunnittelu, aikatauluttaminen ja johtaminen.\r\n\u2022 IT-palvelut ja ty\u00f6v\u00e4lineet: j\u00e4rjestelmien, laitteiden, sovelluksien ja ty\u00f6kalujen hallinta (esimerkiksi CRM, puhelin, tietokone, s\u00e4hk\u00f6posti ja Fazernet) ja n\u00e4iden k\u00e4yt\u00f6n tehostaminen teko\u00e4lypohjaisilla ty\u00f6v\u00e4lineill\u00e4. Fazer ottaa k\u00e4ytt\u00f6\u00f6n uusia teko\u00e4lypohjaisia ty\u00f6v\u00e4lineit\u00e4, joiden tarkoituksena on jo olemassa olevaa tietoa hy\u00f6dynt\u00e4en tehostaa tietoty\u00f6t\u00e4, esim. M365 Copilot on tarkoitettu apuv\u00e4lineeksi muiden M365 -ty\u00f6kalujen yhteyteen ja sen on tarkoitus tehostaa niill\u00e4 ty\u00f6skentely\u00e4. M365 Copilotin k\u00e4yt\u00f6st\u00e4 muodostuu ty\u00f6ntekij\u00e4n sille antamia kehotteita (prompteja), keskusteluhistoriaa sek\u00e4 ns. k\u00e4ytt\u00e4j\u00e4kohtainen semanttinen indeksi.\r\n\r\nFazer k\u00e4sittelee ty\u00f6ntekij\u00f6iden henkil\u00f6tietoja my\u00f6s lakis\u00e4\u00e4teisten velvoitteiden noudattamiseksi, esimerkiksi verotukseen, ty\u00f6terveydenhuollon tai lakis\u00e4\u00e4teisten vakuutuksien j\u00e4rjest\u00e4miseen liittyviss\u00e4 tarkoituksissa. Ty\u00f6nantaja voi ty\u00f6paikan turvallisuudesta huolehtimiseksi k\u00e4sitell\u00e4 tarpeellisia tietoja ty\u00f6ntekij\u00f6iden altistumisesta yleisvaaralliselle tartuntataudille. Tietoja voidaan luovuttaa pyynn\u00f6st\u00e4 viranomaiselle, jolla on lakiin perustuva oikeus tietojen saantiin. Tiedot s\u00e4ilytet\u00e4\u00e4n lakis\u00e4\u00e4teisten vaatimusten ajan taikka akuutin pandemian aikana, kunnes k\u00e4sittely vaaran torjumiseksi ja rajaamiseksi ei en\u00e4\u00e4 ole tarpeen. S\u00e4ilytt\u00e4misen tarpeellisuutta arvioidaan s\u00e4\u00e4nn\u00f6llisesti.\r\n\r\nFazer k\u00e4sittelee ty\u00f6ntekij\u00f6iden tietoja my\u00f6s turvallisuustietojen ja tapahtumien hallinnan tarkoituksiin:\r\nTietojen turvallisuuden hallinnasta vastaava ICT-organisaatio ker\u00e4\u00e4 kriittisten j\u00e4rjestelmien lokitiedot keskitettyyn lokitietojen hallintaj\u00e4rjestelm\u00e4\u00e4n ja laatii tilannetietokuvan operatiivisesta tietoturvasta.\r\n\r\nFazerin ICT-ty\u00f6ntekij\u00e4t, joilla on tietoturvaan liittyvi\u00e4 ty\u00f6teht\u00e4vi\u00e4, voivat etsi\u00e4 ker\u00e4ttyjen lokitietojen ja analytiikkatietojen avulla tietoturvaan liittyvi\u00e4 uhkia ja poikkeavuuksia, ja he ilmoittavat niist\u00e4 tarvittaessa tietoturvaongelmina. J\u00e4rjestelm\u00e4 voi h\u00e4lytt\u00e4\u00e4 automaattisesti mahdollisista tietoturvaongelmista. Lokitiedot auttavat m\u00e4\u00e4ritt\u00e4m\u00e4\u00e4n, mit\u00e4 on tapahtunut sek\u00e4 miksi ja milloin se on tapahtunut.\r\nFazer on ulkoistanut osan n\u00e4ist\u00e4 toiminnoista kolmannelle osapuolelle, joka analysoi ja rekister\u00f6i tietoturvaongelmat s\u00e4hk\u00f6isen viestinn\u00e4n palveluista annetun lain (917\/2014) 144 ja 272 artiklan mukaisesti. Analyysi tehd\u00e4\u00e4n p\u00e4\u00e4asiassa automaattisesti, mutta manuaalinen arviointi on tarpeen joissakin tapauksissa. Manuaalinen tutkimus aloitetaan vain automaattisen h\u00e4lytyksen tai selv\u00e4sti ep\u00e4ilytt\u00e4v\u00e4n ongelman vuoksi.\r\n\r\nSeuraavilla henkil\u00f6ill\u00e4 on p\u00e4\u00e4sy j\u00e4rjestelm\u00e4\u00e4n: ulkoistetun turvallisuuskumppanin henkil\u00f6kunta, Fazerin infrastruktuuritiimi (noin 10 nimetty\u00e4 Fazerin ICT-henkil\u00f6\u00e4) ja ICT-infrastruktuurin toimittajan nimetyt asiantuntijat. Voimme paljastaa henkil\u00f6n yksil\u00f6inti\u00e4 koskevat tiedot Kyberturvallisuuskeskuk-\r\nsen asiantuntijoille vakavien tietoturvaloukkausten yhteydess\u00e4. Henkil\u00f6tietojen k\u00e4sittelyn oikeusperusta on sitovaan lakiin perustuvien rekiste-\r\nrinpit\u00e4j\u00e4n velvollisuuksien noudattaminen, jotta varmistetaan Fazerin tietoj\u00e4rjestelmien tietoturva (s\u00e4hk\u00f6isen viestinn\u00e4n palveluista annetuin lain 272 artikla).\r\nSeuraavanlaisia tietoja ker\u00e4t\u00e4\u00e4n: liikennetiedot, v\u00e4lityspalvelimen tiedot, sijaintitiedot tai muut yksil\u00f6iv\u00e4t tiedot, kuten k\u00e4ytt\u00e4j\u00e4nimi, s\u00e4hk\u00f6postiosoite, puhelinnumero, k\u00e4ytt\u00e4j\u00e4n laitteen tunnistetiedot.\r\nTietol\u00e4hteet: Palomuurit, verkon valvonta, IT-infrastruktuuri-\/-sovelluspalvelut, loppuk\u00e4ytt\u00e4j\u00e4n virustentorjuntaratkaisut, Microsoft-pohjaiset valvontaratkaisut.\r\nFazer k\u00e4sittelee tietoja my\u00f6s silloin, kun se on tarpeen Fazerin oikeutettujen etujen toteuttamiseksi. Fazerin toiminnassa oikeutettu etu tarkoittaa alla olevaa yht\u00e4 tai useampaa k\u00e4ytt\u00f6tarkoitusta:\r\n\u2022 IT-j\u00e4rjestelmien ja HR-palveluiden kehitt\u00e4minen, ty\u00f6ntekij\u00f6iden potentiaalin arviointi (ns. talent review) Fazerin toimintojen jatkuvuuden varmista-\r\nmiseksi\r\n\u2022 Turvallisuustoimenpiteet: Toiminta, joilla varmistetaan ty\u00f6ntekij\u00f6iden, asiakkaiden ja tilojen turvallisuus sek\u00e4 Fazerin immateriaalioikeuksien ja lii-\r\nkesalaisuuksien suojaaminen esimerkiksi kameravalvonnalla, tunnistamalla ty\u00f6ntekij\u00e4t ja hallitsemalla kulkulupia ja p\u00e4\u00e4sy\u00e4 tietoihin (lue n\u00e4ist\u00e4\r\nlis\u00e4\u00e4 t\u00e4m\u00e4n tietosuojaselosteen lopusta liitteest\u00e4 1). V\u00e4\u00e4rink\u00e4yt\u00f6sten ja petosten selvitt\u00e4minen ja ilmiantopalvelu (whistle-blowing-palvelu)\r\n\u2022 Ty\u00f6ntekij\u00f6iden henkil\u00f6tietojen siirto Fazer-konsernin sis\u00e4ll\u00e4\r\n\u2022 Oikeusvaateiden laatiminen, esitt\u00e4minen ja puolustaminen\r\n\u2022 Yritysj\u00e4rjestelyiden toteuttaminen\r\n\u2022 Yrityksen luottokortin tai muiden etujen, kuten auto- tai urheiluedun tar-\r\njoaminen ty\u00f6ntekij\u00e4lle.\r\n\u2022 Fazer tarjoaa el\u00e4k\u00f6ityneille ty\u00f6ntekij\u00f6illeen, joilla on v\u00e4hint\u00e4\u00e4n 10 vuoden ty\u00f6historia Fazerilla, el\u00e4kel\u00e4isetuja ja oikeuden liitty\u00e4 el\u00e4kel\u00e4isten yhdistykseen. Etuihin sis\u00e4ltyy kuvallinen henkil\u00f6kortti, jolla saa alennusta Fazerin henkil\u00f6kuntamyym\u00e4l\u00e4st\u00e4.\r\n\r\nOikeutetulla edulla tarkoitetaan intressi\u00e4, joka on lainmukainen ja jonka toteutuminen on t\u00e4rke\u00e4\u00e4 Fazerin toiminnalle. Ty\u00f6ntekij\u00e4n etu ja oikeudet otetaan huomioon t\u00e4llaisen k\u00e4sittelyn toteuttamisessa eik\u00e4 ty\u00f6ntekij\u00e4n yksityisyyteen kajota enemp\u00e4\u00e4 kuin on v\u00e4ltt\u00e4m\u00e4t\u00f6nt\u00e4. Sinulla on my\u00f6s oikeus vastustaa oikeutetun edun perusteella tapahtuvaa k\u00e4sittely\u00e4. Lue lis\u00e4\u00e4 oikeuksista kohdasta \u201dMiten voit vaikuttaa henkil\u00f6tietojesi k\u00e4sittelyyn?\u201d.\r\nFazer k\u00e4sittelee ainoastaan poikkeuksellisissa tilanteissa tietoja ty\u00f6ntekij\u00e4n suostumuksen perusteella. N\u00e4iss\u00e4 tilanteissa ty\u00f6ntekij\u00e4\u00e4 informoidaan suostumuksen antamisen yhteydess\u00e4 henkil\u00f6tietojen k\u00e4sittelyst\u00e4. Esimerkiksi ty\u00f6ntekij\u00e4lt\u00e4 voidaan pyyt\u00e4\u00e4 lupaa julkaista h\u00e4nen kuvansa ja tarinansa Fazerin verkkosivuilla Fazerin toimintaa esitteleviss\u00e4 materiaaleissa. Suostumuksen antaminen on aina vapaaehtoista ja ty\u00f6ntekij\u00e4ll\u00e4 on oikeus peruuttaa suostumuksensa milloin tahansa. Suostumuksen peruuttaminen ei vaikuta k\u00e4sittelyn lainmukaisuuteen ennen peruuttamista.\r\nHenkil\u00f6tietoja k\u00e4sitell\u00e4\u00e4n niihin tarkoituksiin, joihin ne on alun perin ker\u00e4tty sek\u00e4 muihin tarkoituksiin, jos ne ovat yhteensopivia alkuper\u00e4isen tarkoituksen kanssa.\r\nFazer k\u00e4sittelee arkaluontoisia henkil\u00f6tietoja kuten tietoja, jotka koskevat ty\u00f6ntekij\u00e4n terveydentilaa tai paljastavat ammattiliiton j\u00e4senyyden, ainoastaan, kun se on tarpeen rekisterinpit\u00e4j\u00e4n tai rekister\u00f6idyn velvoitteiden ja erityisten oikeuksien noudattamiseksi ty\u00f6oikeuden alalla tai, kun k\u00e4sittely on tarpeen ty\u00f6ntekij\u00e4n ty\u00f6kyvyn arvioimiseksi. Joskus poikkeuksellisissa tapauksissa arkaluontoisia henkil\u00f6tietoja voidaan my\u00f6s joutua k\u00e4sittelem\u00e4\u00e4n oikeusvaateiden yhteydess\u00e4.\r\n\r\n5. Kuinka kauan tietoja s\u00e4ilytet\u00e4\u00e4n?\r\nHenkil\u00f6tietojasi s\u00e4ilytet\u00e4\u00e4n p\u00e4\u00e4s\u00e4\u00e4nt\u00f6isesti niin kauan kuin on tarpeen yll\u00e4 kuvattujen tarkoitusten toteuttamiseksi sek\u00e4 mahdollisen muun pakottavan lains\u00e4\u00e4d\u00e4nn\u00f6n, kuten ty\u00f6sopimus-, ty\u00f6aika- ja kirjanpitolains\u00e4\u00e4d\u00e4nn\u00f6n noudattamiseksi.\r\nHenkil\u00f6tietojen s\u00e4ilytysaika m\u00e4\u00e4r\u00e4ytyy seuraavien kriteerien perusteella:\r\n\u2022 Palkanoikaisu 10 vuotta\r\n\u2022 Ty\u00f6todistus 10 vuotta\r\n\u2022 Ty\u00f6sopimus 10 vuotta\r\n\u2022 Kirjanpito 10 vuotta\r\n\u2022 Opinto- ja vuorotteluvapaisiin liittyv\u00e4t tiedot 5 vuotta\r\n\u2022 Terveystiedot (sairauspoissaolotodistukset) 1+2 vuotta\r\n\u2022 Turvallisuustiedot ja tapahtumien hallinta 1 vuosi\r\n\u2022 Yleisvaarallisille tartuntataudeille altistumista koskevat tiedot 10 vuotta\r\nTy\u00f6terveyshuollolla on oma tietosuojaseloste, josta ilmenee tarkemmat lakiperusteiset terveystietojen s\u00e4ilytysajat.\r\n\r\n6. Ketk\u00e4 voivat k\u00e4sitell\u00e4 tietojasi ja luovutetaanko niit\u00e4 muille tahoille?\r\nHenkil\u00f6tietojasi k\u00e4sittelev\u00e4t vain ne Fazerin ty\u00f6ntekij\u00e4t, joilla on ty\u00f6teht\u00e4viens\u00e4 vuoksi tarve k\u00e4sitell\u00e4 tietoja. Rajattuihin tietoihin, kuten yhteystietoihin ja valokuviin Fazernetiss\u00e4, on p\u00e4\u00e4sy kaikilla Fazer-konsernin ty\u00f6ntekij\u00f6ill\u00e4. Henkil\u00f6tietojasi k\u00e4sitell\u00e4\u00e4n Fazer-konsernin sis\u00e4ll\u00e4.\r\nPalveluntarjoajat: Fazer k\u00e4ytt\u00e4\u00e4 henkil\u00f6tietojesi k\u00e4sittelyss\u00e4 apuna erilaisia palveluntarjoajia. Kun tietojen k\u00e4sittely ulkoistetaan palveluntarjoajalle, heid\u00e4n on k\u00e4sitelt\u00e4v\u00e4 henkil\u00f6tietoja Fazerin antamien ohjeiden mukaisesti. Palveluntarjoajia ovat esimerkiksi tietoj\u00e4rjestelmien palveluja ja ratkaisuja tarjoavat yritykset ja konsultointi- ja tilintarkastuspalveluja tarjoavat yritykset. Palveluntarjoajat velvoitetaan asianmukaisin sopimusj\u00e4rjestelyin huolehtimaan riitt\u00e4v\u00e4st\u00e4 tietoturvan tasosta tietojesi suojaamiseksi sek\u00e4 noudattamaan muutoinkin kulloinkin voimassa olevaa tietosuojalains\u00e4\u00e4d\u00e4nt\u00f6\u00e4. Fazerin k\u00e4ytt\u00e4m\u00e4t alihankkijat ja palveluntarjoajat k\u00e4sittelev\u00e4t tietojasi ainoastaan edell\u00e4 kuvattujen Fazerin m\u00e4\u00e4ritt\u00e4mien k\u00e4ytt\u00f6tarkoitusten toteuttamiseen. Henkil\u00f6st\u00f6n ty\u00f6kokemuksen, ty\u00f6hyvinvoinnin, ty\u00f6turvallisuuden ja johtamisen kartoittamis- ja kehitt\u00e4mistarkoituksissa\r\nFazer luovuttaa henkil\u00f6st\u00f6kyselyiss\u00e4 ker\u00e4tt\u00e4vi\u00e4 tietoja palveluntarjoajalleen Effectory B.V.:lle ja PricewaterhouseCoopers Oy:lle, joka k\u00e4sittelee tietoja vertailuarvojen luomiseksi.\r\nJos saat k\u00e4ytt\u00f6\u00f6si yrityksen luottokortin tai sinulle tarjotaan muita etuja, kuten auto- tai urheiluedun, Fazer luovuttaa tietosi ulkopuolisille palveluntarjoajille, kuten luottokorttiyhti\u00f6lle, leasing-yhti\u00f6lle ja hyvinvointipalveluiden tuottajalle. Fazer ei luovuta enemp\u00e4\u00e4 tietoja, kuin on tarpeen edun tarjoamiseksi. Lainmukainen velvoite: Tietyiss\u00e4 tilanteissa Fazer on lain nojalla velvollinen luovuttamaan henkil\u00f6tietojasi viranomaisille tai muille kolmansille osapuolille. Tietoja luovutetaan esimerkiksi verotusta, sosiaalitukia, el\u00e4kkeen maksua, yleisvaarallisten tartuntatautien torjumista ja vakuutuksia varten. Kyseisiss\u00e4 tilanteissa Fazer ei luovuta enemp\u00e4\u00e4 tietoa, kuin mit\u00e4 lain nojalla vaaditaan. Fazer voi my\u00f6s luovuttaa henkil\u00f6tietojasi, jos se on tarpeen oikeusvaateen laatimiseksi, esitt\u00e4miseksi tai puolustamiseksi. Yrityskaupat, sulautumiset ja muut yritysj\u00e4rjestelyt: Henkil\u00f6tietojasi voidaan luovuttaa mahdollisen liiketoiminnan myynnin, sulautumisen tai muun yritysj\u00e4rjestelyn yhteydess\u00e4 liiketoiminnan ostajalle tai muulle j\u00e4rjestelyn kannalta olennaiselle taholle.\r\n\r\n7. Voidaanko tietojasi siirt\u00e4\u00e4 EU:n tai ETA- maiden ulkopuolelle?\r\nFazer k\u00e4ytt\u00e4\u00e4 yksitt\u00e4isi\u00e4 palveluntarjoajia, joissa esimerkiksi IT-j\u00e4rjestelmien tukipalveluita tarjotaan EU\/ETA-alueen ulkopuolella, kuten Yhdysvalloissa ja Intiassa. N\u00e4in ollen henkil\u00f6tietojasi voidaan siirt\u00e4\u00e4 EU\/ETA:n ulkopuolelle, edellytt\u00e4en, ett\u00e4 EU:n yleisess\u00e4 tietosuoja-asetuksessa mainitut edellytykset t\u00e4yttyv\u00e4t. T\u00e4ll\u00f6in tiedonsiirto on j\u00e4rjestetty k\u00e4ytt\u00e4m\u00e4ll\u00e4 Euroopan komission hyv\u00e4ksymi\u00e4 mallilausekkeita. Saat yksityiskohtaisempaa tietoa tiedonsiirroista ja niiss\u00e4 k\u00e4ytetyist\u00e4 suojakeinoista ottamalla yhteytt\u00e4 alla mainittuja yhteystietoja k\u00e4ytt\u00e4en.\r\n\r\n8. Miten voit vaikuttaa henkil\u00f6tietojesi k\u00e4sittelyyn?\r\n\u2022 Sinulla on oikeus pyyt\u00e4\u00e4 p\u00e4\u00e4sy\u00e4 sinua itse\u00e4si koskeviin tietoihin tai Saada vahvistus siit\u00e4, ett\u00e4 sinua koskevia henkil\u00f6tietoja ei k\u00e4sitell\u00e4 (oikeus Saada p\u00e4\u00e4sy tietoihin).\r\n\u2022 Sinulla on oikeus oikaista tietosi (oikeus tietojen oikaisemiseen). T\u00e4m\u00e4 tarkoittaa sit\u00e4, ett\u00e4 mik\u00e4li henkil\u00f6tietosi ovat virheelliset, ep\u00e4tarkat tai puutteelliset, sinulla on oikeus pyyt\u00e4\u00e4 Fazeria oikaisemaan tai t\u00e4ydent\u00e4m\u00e4\u00e4n tiedot.\r\n\u2022 Sinulla on oikeus saada henkil\u00f6tietosi poistetuksi tietyiss\u00e4 tilanteissa, esimerkiksi silloin, jos henkil\u00f6tietojesi k\u00e4sittely ei en\u00e4\u00e4 ole tarpeellista niihin tarkoituksiin, joita varten ne ker\u00e4ttiin, tai jos henkil\u00f6tietojesi k\u00e4sittely on perustunut suostumukseen ja haluat peruuttaa suostumuksesi eik\u00e4 k\u00e4sittelylle ole muuta perustetta (oikeus saada tiedot poistetuksi). Huomaathan, ett\u00e4 Fazerilla on tietyiss\u00e4 tilanteissa oikeudellinen peruste s\u00e4ilytt\u00e4\u00e4 henkil\u00f6tietosi esimerkiksi ty\u00f6sopimus- tai kirjanpitolains\u00e4\u00e4d\u00e4nn\u00f6n noudattamiseksi, ja n\u00e4in ollen monissa tilanteissa tietojasi ei ole mahdollista poistaa.\r\n\u2022 Sinulla on oikeus vastustaa henkil\u00f6tietojesi k\u00e4sittely\u00e4 (vastustamisoikeus) silloin, kun tietojasi k\u00e4sitell\u00e4\u00e4n oikeutetun edun perusteella ja vastustami\r\nselle on henkil\u00f6kohtaiseen erityiseen tilanteeseesi liittyv\u00e4 peruste.\r\n\u2022 Tietyiss\u00e4 tilanteissa sinulla voi olla oikeus rajoittaa henkil\u00f6tietojesi k\u00e4sittely\u00e4. (oikeus k\u00e4sittelyn rajoittamiseen) T\u00e4m\u00e4 tarkoittaa sit\u00e4, ett\u00e4 k\u00e4sittelyn rajoittamisen ajan henkil\u00f6tietojasi ainoastaan s\u00e4ilytet\u00e4\u00e4n. Mik\u00e4li esimerkiksi kiist\u00e4t tietojesi paikkansapit\u00e4vyyden, sinulla on oikeus saada rajoitus kiistetyn tiedon k\u00e4sittelyyn siksi ajaksi, kun Fazer varmistaa tietojesi paikkansapit\u00e4vyyden.\r\n\u2022 Tietyiss\u00e4 tilanteissa sinulla voi olla oikeus saada meille toimittamasi henkil\u00f6tiedot s\u00e4hk\u00f6isess\u00e4 muodossa, jolloin voit halutessasi siirt\u00e4\u00e4 ne my\u00f6s toiselle rekisterinpit\u00e4j\u00e4lle (oikeus siirt\u00e4\u00e4 tiedot j\u00e4rjestelm\u00e4st\u00e4 toiseen). Voit k\u00e4ytt\u00e4\u00e4 tietojesi k\u00e4sittelyyn liittyvi\u00e4 oikeuksiasi seuraavalla tavalla:\r\n\u2022 Mik\u00e4li sinulla on p\u00e4\u00e4sy Workday-j\u00e4rjestelm\u00e4\u00e4n, voit tarkastella henkil\u00f6tietojasi tulostamalla raportin henkil\u00f6tiedoistasi Fazernetin ohjeiden mukaisesti. Osan tiedoista voit my\u00f6s oikaista Workday-j\u00e4rjestelm\u00e4n kautta.\r\n\u2022 Mik\u00e4li sinulla ei ole p\u00e4\u00e4sy\u00e4 Workday-j\u00e4rjestelm\u00e4\u00e4n, voit pyyt\u00e4\u00e4 esimiest\u00e4si tulostamaan sinulle raportin henkil\u00f6tiedoistasi. Esimiehesi voi my\u00f6s tarvittaessa oikaista tai t\u00e4ydent\u00e4\u00e4 sinua koskevat virheelliset tiedot.\r\n\u2022 Mik\u00e4li sinulla on muita oikeuksiesi toteuttamiseen liittyvi\u00e4 pyynt\u00f6j\u00e4, voit l\u00e4hett\u00e4\u00e4 pyynn\u00f6n Fazergroupin tietosuojasivun kautta (www.fazergroup.com\/pri-vacy).\r\n\r\nJos katsot, ett\u00e4 Fazer on t\u00e4ss\u00e4 tietosuojaselosteessa mainituista periaatteista huolimatta loukannut tietosuojalains\u00e4\u00e4d\u00e4nt\u00f6\u00f6n perustuvia oikeuksiasi, sinulla onoikeus tehd\u00e4 valitus paikalliselle tietosuojasuojaviranomaiselle.\r\n\r\n9. Miten henkil\u00f6tietojasi suojataan?\r\nFazerilla on asianmukaiset tekniset ja organisatoriset turvallisuusk\u00e4yt\u00e4nn\u00f6t ja prosessit turvaamassa henkil\u00f6tietoja h\u00e4vi\u00e4miselt\u00e4, v\u00e4\u00e4rink\u00e4yt\u00f6lt\u00e4 tai muulta vastaavalta laittomalta p\u00e4\u00e4sylt\u00e4. Tiedot ker\u00e4t\u00e4\u00e4n palvelimiin ja tietokantoihin, jotka ovat palomuurein, salasanoin\r\nja muilla teknisill\u00e4 keinoilla suojattuja. Palvelimet, tietokannat ja niiden varmuuskopiot sijaitsevat lukituissa tiloissa ja tietoihin p\u00e4\u00e4sev\u00e4t k\u00e4siksi vain ennalta nimetyt henkil\u00f6t. Palvelimet ovat vahvasti suojattuja.\r\n\r\n10. Voiko Fazer muuttaa tietosuojaselostetta?\r\nFazer kehitt\u00e4\u00e4 yksityisyydensuojaa koskevia k\u00e4yt\u00e4nt\u00f6j\u00e4\u00e4n ja palvelujaan jatkuvasti, mink\u00e4 vuoksi t\u00e4t\u00e4 tietosuojaselostetta p\u00e4ivitet\u00e4\u00e4n tarvittaessa niin, ett\u00e4 se kuvaa tietojen k\u00e4sittely\u00e4. My\u00f6s muutokset soveltuvassa lains\u00e4\u00e4d\u00e4nn\u00f6ss\u00e4 tai sen tulkinnoissa voivat aiheuttaa muutoksia tietosuojaselosteeseen.\r\nAjantasainen ty\u00f6ntekij\u00f6ille suunnattu tietosuojaseloste l\u00f6ytyy aina Fazernetist\u00e4.\r\n\r\n11. Kenen puoleen voit k\u00e4\u00e4nty\u00e4 tietojesi k\u00e4sittely\u00e4 koskevissa kysymyksiss\u00e4?\r\nMik\u00e4li sinulla on kysymyksi\u00e4 liittyen henkil\u00f6tietojesi k\u00e4sittelyyn, otathan yhteytt\u00e4 paikalliseen privacy specialistiin \/ tietosuoja-asiantuntijaan. Mik\u00e4li haluat Saada p\u00e4\u00e4syn tietoihisi tai sinulla on muita oikeuksiesi toteuttamiseen liittyvi\u00e4 pyynt\u00f6j\u00e4, tee tietopyynt\u00f6 kohdan 8 mukaan.\r\nFazer Makeiset Oy: employmentprivacy.fcfi@fazer.com\r\nFazer Leipomot Oy: employmentprivacy.fbfi@fazer.com\r\nFazer Finland Oy: employmentprivacy.fazerfinland@fazer.com\r\nOy Karl Fazer Ab: employmentprivacy.kf@fazer.com\r\nFazer Ravintolat Oy: employmentprivacy.fazerfinland@fazer.com\r\n\r\n12. Rekisterinpit\u00e4j\u00e4t\r\nTietojesi rekisterinpit\u00e4jin\u00e4 toimivat Oy Karl Fazer Ab yhdess\u00e4 sen maayhti\u00f6n kanssa, johon olet ty\u00f6suhteessa. Mik\u00e4li olet vuokraty\u00f6ntekij\u00e4, henkil\u00f6tietojesi rekisterinpit\u00e4ji\u00e4 ovat Oy Karl Fazer Ab yhdess\u00e4 sen Fazer-konserniin kuuluvan maayhti\u00f6n kanssa, jossa ty\u00f6skentelet vuokraty\u00f6ntekij\u00e4n\u00e4.\r\nOy Karl Fazer Ab\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nSuomi\r\nFazer Makeiset Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nFazer Leipomot Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 17, 00941 Helsinki\r\nFazer Finland Oy\r\nFazerintie 6, 01230 Vantaa\r\nFazer Ravintolat Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\n\r\n13. Linkit muihin tietosuojaselosteisiin\r\nL\u00f6yd\u00e4t lis\u00e4\u00e4 tietoa tietosuojan hallinnasta Fazernetist\u00e4 tai Fazer Groupin tietosuojasivuilta (www.fazergroup.com\/privacy).\r\nPublished on the 5th of February 2024\r\n\r\nLIITE 1\r\nKameravalvonnan j\u00e4rjestelm\u00e4t\r\nKameravalvonnan avulla varmistamme ty\u00f6ntekij\u00f6idemme, asiakkaidemme ja muiden tiloissamme oleskelevien tai vierailevien henkil\u00f6iden henkil\u00f6kohtaista\r\nturvallisuutta, omaisuuden suojaa, elintarviketurvallisuutta sek\u00e4 ennaltaehk\u00e4isemme ja selvit\u00e4mme turvallisuutta, omaisuutta, ja tuotantoprosesseja vaa-\r\nrantavia tilanteita. Kameravalvonnan avulla tallentuu tietoja henkil\u00f6ist\u00e4, jotka kulloinkin ovat kameroiden valvonta-alueella. Valvonta voi kohdistua muun muassa yleisiin tiloihin, lastauslaitureille, tehdasalueille sek\u00e4 tietyin edellytyksin my\u00f6s pisteisiin, joissa k\u00e4sitell\u00e4\u00e4n rahaa. N\u00e4in kykenemme parhaiten varmistamaan turvallisuutta ja suojaamaan ihmisi\u00e4 ja omaisuutta vahingoilta. Jos Fazer kohdistaa tiloihin kameravalvontaa, tilassa ilmoitetaan valvonnasta n\u00e4kyv\u00e4sti (esimerkiksi kameraa kuvaavilla kylteill\u00e4 tai ilmoituksella, jossa lukee \u201dkameravalvonta\u201d tai muulla vastaavalla tavalla).\r\nFazer k\u00e4sittelee tietoja rekisterinpit\u00e4j\u00e4n oikeutettuun etuun pohjautuen. Tietojen s\u00e4ilytysaika m\u00e4\u00e4ritet\u00e4\u00e4n paikallisten s\u00e4\u00e4d\u00f6sten ja \/ tai valvontaviranomaisten suositusten perusteella ja alkuper\u00e4inen s\u00e4ilytysaika vaihtelee kahdesta viikosta kolmeen kuukauteen maasta riippuen. Tietoja voidaan s\u00e4ilytt\u00e4\u00e4 pidemp\u00e4\u00e4n, jos oikeusvaateen esitt\u00e4minen, selvitt\u00e4minen tai puolustaminen niin vaatii eli kunnes tuomio on lainvoimainen tai asia on lopullisesti sovittu. Kameravalvonta on ulkoistettu vartiointiliikkeelle, jonka vartijat valvovat kiinteist\u00f6\u00e4 tv-kameroiden v\u00e4-\r\nlityksell\u00e4. Vartijoilla on tekninen p\u00e4\u00e4sy videovalvonta-aineistoon ja heill\u00e4 on mahdollisuus tutustua materiaaliin tarvittaessa Fazerin turvallisuusjohtajan ennakkosuostumuksella. Valvontaj\u00e4rjestelm\u00e4\u00e4 yll\u00e4pidet\u00e4\u00e4n Fazerin kiinteist\u00f6ll\u00e4. Tietoja voidaan luovuttaa viranomaisille lakiin perustuvan tiedonsaantioikeuden perusteella. T\u00e4llaisia viranomaisia ovat esimerkiksi poliisiviranomaiset.\r\n\r\nKulunvalvonnan j\u00e4rjestelm\u00e4t\r\nKulunvalvonnan avulla varmistamme ty\u00f6ntekij\u00f6idemme, asiakkaidemme ja muiden tiloissamme oleskelevien tai vierailevien henkil\u00f6iden henkil\u00f6kohtaista tur-\r\nvallisuutta, omaisuuden suojaa, elintarviketurvallisuutta sek\u00e4 ennaltaehk\u00e4isemme ja selvit\u00e4mme turvallisuutta, omaisuutta, ja tuotantoprosesseja vaa-\r\nrantavia tilanteita. Kulunvalvonnan rekisteriin tallentuvat tiedot henkil\u00f6ist\u00e4, jotka ovat hakeneet kulkuoikeutta, ja jotka kulloinkin ovat liikkuneet j\u00e4rjestelm\u00e4\u00e4n liitetyist\u00e4 ovista, porteista tai k\u00e4ytt\u00e4neet j\u00e4rjestelm\u00e4\u00e4n liitettyj\u00e4 tiloja. Tietoina j\u00e4rjestelm\u00e4\u00e4n tallentuvat taustatiedot, kuten nimi, rooli, ty\u00f6nantaja ja mahdollisesti henkil\u00f6tunnus, syntym\u00e4aika tai veronumero ja henkil\u00f6n kuva, sek\u00e4 kulun ajankohta ja ajoneuvon\r\nrekisterinumero ja kuva. Taustatiedot saadaan yleens\u00e4 henkil\u00f6lt\u00e4 itselt\u00e4\u00e4n tai t\u00e4m\u00e4n edustajalta silloin, kun kulkuoikeutta haetaan, ja muut tiedot saadaan kulunhallintaj\u00e4rjestelmist\u00e4. Fazer k\u00e4sittelee tietoja rekisterinpit\u00e4j\u00e4n oikeutettuun etuun pohjautuen. Henkil\u00f6tunnuksen k\u00e4sittely on tarpeen, koska henkil\u00f6n yksiselitteinen yksil\u00f6inti on t\u00e4rke\u00e4\u00e4 muun muassa henkil\u00f6iden turvallisuuden varmistamiseksi. Tietoja s\u00e4ilytet\u00e4\u00e4n enint\u00e4\u00e4n kolme vuotta tai pidempi aika, jos oikeusvaateen esitt\u00e4minen, selvitt\u00e4minen tai puolustaminen niin vaatii eli kunnes tuomio on lainvoimainen tai asia on lopullisesti sovittu. Jos kulkuoikeutta ei ole my\u00f6nnetty, tiedot poistuvat kolmen kuukauden kuluttua hakemuksen sy\u00f6tt\u00e4misest\u00e4 j\u00e4rjestelm\u00e4\u00e4n.\r\nKulunvalvonta on ulkoistettu vartiointiliikkeelle, jonka vartijat valvovat kiinteist\u00f6\u00e4 tv-kameroiden v\u00e4lityksell\u00e4. Vartijoilla on tekninen p\u00e4\u00e4sy kulunvalvonta-aineistoon ja heill\u00e4 on mahdollisuus tutustua materiaaliin tarvittaessa Fazerin turvallisuusjohtajan ennakkosuostumuksella. Valvontaj\u00e4rjestelm\u00e4\u00e4 yll\u00e4pidet\u00e4\u00e4n Fazerin kiinteist\u00f6ll\u00e4. Tietoja voidaan luovuttaa viranomaisille lakiin perustuvan tiedonsaantioikeuden perusteella. T\u00e4llaisia viranomaisia ovat esimerkiksi poliisiviranomaiset.","gdpr_privacy_policy_se":"Employee Privacy Statement\r\n\r\nOy Karl Fazer Ab and its affiliates are committed to protecting your privacy and processing your personal data in accordance with applicable data protection legislation and good data protection practices. In this Privacy Statement \u201dFazer\u201d refers to the operative company acting as the controller of your personal data jointly with Oy Karl Fazer Ab.\r\nThis Privacy Statement describes how personal data concerning you is collected, processed and protected during and after your employment at Fazer.\r\nWhere applicable, this Privacy Statement also applies if you are working as a\r\ncontingent worker for Fazer. Fazer is always processing personal data according to the local laws and taking into consideration the business specific differences.\r\n\r\n\u201cPersonal data\u201d means any information relating to an identified or identifiable person.\r\n\u201cSensitive data\u201d refers to any information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. In addition, genetic data and biometric data for the purpose of uniquely identifying a person as well as data concerning health, sex life or sexual orientation are considered as sensitive data.\r\n\r\n\u201cProcessing\u201d refers to any operation which is performed on personal data using manual or automatic processing, for example collecting, storing, organizing anddeleting of data.\r\n\r\n\u201dController\u201d refers to the body who alone or jointly with others determines the purposes and uses for the processing of personal data. i.e. decides how your personal data is processed.\r\n\r\n2. From where the data is collected?\r\nPrimarily, Fazer as an employer collects personal data directly from you. In addition, personal data is collected from third party sources when employees join Fazer through transfer of a business, merger or acquisition. Personal data is collected, for example, during the recruitment, when making the employment contract, during development discussions and when employee is utilizing different tools and HR services.\r\n\r\n3. What kind of data is collected?\r\nFazer collects only personal data that is necessary for the employment relationship, inter alia:\r\n\u2022 Basic Information: Name, national identification number, nationality, residence and work permit, gender, home address, phone number, email, date\r\nof birth and emergency contact details.\r\n\u2022 Payroll and benefits related information: Salary and other benefits, bankaccount details, tax information, vacations, absences, sick pay, trade union\r\ndeductions, travel expenses, pensions, company car arrangements, meal allowance and other benefits information.\r\n\u2022 Employment and performance information: Employment dates, employee identifier (Fazer ID), position at the company, photo, information\r\nabout the work performance and potential, working times, accidents at work, health data, drug and alcohol test results, information about special\r\ndiets, information needed for purchasing work clothing and shoes, possible disciplinary actions and warnings, attended courses and trainings, compe\r\ntences and certificates.\r\n\u2022 Log data and other identification information: Identifiers such as user names, activity logs and user logs.\r\n\u2022 Recruitment information: Completed studies, work experience, language skills, IT-skills, personal webpage, application, cover letter, information re-\r\nceived from third parties (such as references, possible background checks, personality and aptitude assessments, recruitment agencies and social me-\r\ndia used for recruitment e.g. LinkedIn)\r\n\u2022 Location data: <e.g. GPS-information from the vehicles>.\r\nFazer processes sensitive data according to the local and EU laws. Instructions about the processing of sensitive data can be found in Fazernet.\r\n4. What is the data used for?\r\nProcessing of employee personal data is necessary to comply with the obligations and rights arising from an employment relationship, for instance, when employees\u2019 payroll and bank account information is processed for payment of salaries or benefits. Thus, it is important to understand that processing of personal\r\ndata is necessary for entering into and maintaining of employment contract. Employee data is processed based on an employment contract for the following\r\npurposes:\r\n\u2022 Personnel management: Purposes relating to the rights and obligations arising from the employment relationship (such as payment of salaries,\r\nserving of benefits, evaluation of work performance, execution of trainings, international internships and promotions)\r\n\u2022 Tasks management: Purposes relating to the Fazer\u2019s business operations such as planning, scheduling and management of the work.\r\n\u2022 IT-management and tools: Management of systems, devices, applications and tools (for example, CRM, phone, pc, email, and Fazernet) and\r\nenhancing their use with AI-based tools. Fazer is introducing new AI-based tools that aim to make knowledge work more efficient by utilising\r\nexisting data, e.g. the purpose of using M365 Copilot is to make working with M365 tools more efficient. In the use of M365 Copilot, employee\u2019s\r\nprompts, discussion history and so-called user-specific semantic index are created.\r\nFazer processes employees\u2019 personal data also to comply with legal requirements, such as processing for the purposes relating to taxation, employee\r\nhealthcare or statutory insurances. In order to ensure the safety of the workplace, the employer may process the necessary information on the exposure of\r\nworkers to a generalized infectious disease. The information may be disclosed on request to an authority having a legal right of access to the information. The data will be kept for the duration of the statutory requirements or during the acute pandemic, until processing is no longer necessary to prevent and limit the risk.\r\nThe need for continued storage is regularly assessed.\r\nFazer processes employees\u2019 personal data also for security information and event management purposes:\r\nICT information security management organization collects logs from critical systems to a centralized log management system and produces a situational aware ness view of operative information security.\r\nFazer ICT employees with information security related job duties can, with the help of the collected logs and analytics, search for information security related threats and anomalies and will, where necessary, report them as information security incidents. The system can also make automatic alarms for potential in formation security incidents. Logs help to identify what, why and when something has happened.\r\n\r\nFazer has outsourced the parts of these operations to a third party who analyses and registers information security incidents in accordance with the Act on Electronic Communications Services (917\/2014) Articles 144 and 272. The analysis is done mainly automatically, but in some cases manual review is necessary.\r\nManual investigation is commenced only after an automatic alarm or a clear suspicious incident has occurred.\r\nThe following persons have access to the system: the personnel of the outsourced security partner, Fazer infrastructure - team (approximately 10 named\r\nFazer ICT persons) and ICT-infra supplier\u2019s named experts.\r\n\r\nFor serious information security violations, we might disclose personal identification information to national cyber security center specialists.\r\nThe legal basis of processing of the personal data is compliance with the controller\u2019s legal obligations based on binding law to ensure information security of the Fazer information systems (Act on Electronic Communication Services Article 272).\r\n\r\nThe following types of data is collected: traffic data, proxy data, location data or other identifying information, such as username, email address, telephone number, user device identifiers.\r\nSource of information: Firewalls, network monitoring, IT-infra\/application services, end user device Anti-virus solutions, Microsoft based monitoring solutions.\r\nFazer processes personal data also when it is necessary for the purposes of legitimate interests pursued by Fazer. In Fazer\u2019s operations, legitimate interest serves for example one or several of the following purposes:\r\n\u2022 Improvement of IT and HR services, potential evaluation (so-called talentreview) to ensure the continuity of company\u2019s operations.\r\n\u2022 Security management: Activities ensuring the security and safety of the employees, customers, and premises, as well as the protection of the\r\nFazer\u2019s intellectual property rights and trade secrets, for example, with camera surveillance, by identifying employees as well as managing ac-\r\ncess to the buildings and information (read more about this at the end of this statement in Appendix 1). Examination of wrongdoings, freud preven-\r\ntation and denunciation process (whistleblowing service).\r\n\u2022 Transfers of employees\u2019 personal data within the Fazer Group\r\n\u2022 Establishment, exercise or defence of legal claims\r\n\u2022 Execution of business transactions\r\n\u2022 Providing a company credit card or other benefits such as a car benefit or sports allowance to the employee Legitimate interest refers to an interest that is lawful and important to Fazer. In processing activities based on legitimate interest employees\u2019 rights are taken into account and their privacy is not interfered more than necessary. The employee has on grounds relating to his or her particular situation the right to object to processing based on a legitimate interest. Read more about rights in section \u201cHow can you influence the processing of your data?\u201d\r\nEmployee\u2019s consent is considered as a basis for the processing only in exceptional cases. In these situations, employee is informed about the processing before collecting the consent. For example, employee\u2019s consent can be collected to publish employee\u2019s photo and story on the Fazer\u2019s website in the material presenting Fazer\u2019s operations. Giving a consent is always voluntary and employees have the possibility to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.\r\nPersonal data is processed for the purposes it has been initially collected for, and for other purposes if they are compatible with the initial purpose.\r\n5. How long the data is stored? Your personal data is primarily stored as long as it is necessary for the purposes described above and to comply with any mandatory legislation, such as laws regarding to employment contracts, working hours or accounting.\r\nRetention times are determined according to the following criteria in Finland:\r\nSalary data 10 years\r\nData required for employment certificate 10 years\r\nBookkeeping data 10 years\r\nHealth data (doctor\u2019s certificates) 1+2 years\r\nEmployment contract 10 years\r\nSecurity information and event management data 1 year\r\nInformation on exposure to generalized infectious disease 10 years\r\nOccupational healthcare has its own Privacy Statement where you can find more\r\ninformation about retention times of health data.\r\n\r\n6. Who can access your data and is it disclosed to third parties?\r\nYour personal data is processed by those Fazer employees who need to process the data due to their work tasks. Some limited information is available for\r\nall Fazer Group employees, such as contact details and photos in Fazernet.\r\nYour personal data is processed within the Fazer Group.\r\nService providers Fazer uses different service providers to process your data.\r\nWhen the processing is outsourced to service providers, they can only use your personal data following the instructions defined by Fazer. Service providers are, for example, companies providing information systems and solutions for Fazer and companies providing consultancy and audit services. In such cases it is ensured by appropriate contractual means that the service providers maintain a level of information security that is adequate to protect your personal data and to comply with the applicable data protection legislation. The service providers and subcontractors process your personal data only for the above-mentioned purposes determined by Fazer.\r\n\r\nFor the purposes of assessing and developing employee work experience, well being at work, occupational safety and management, Fazer discloses personal\r\ndata collected in employee surveys to service provider Effectory B.V. for the performance of personnel surveys and the creation of benchmarks, to service\r\nprovider PricewaterhouseCoopers Oy for the creation of the benchmarks. When necessary for providing you with a company credit card or other benefit,\r\nsuch as car benefit or sports allowance, Fazer discloses your personal data to the third party service provider such as credit card company, leasing company and wellbeing service provider. Fazer does not disclose more personal data than it is necessary to provide the benefit.\r\nLegal obligation: In certain situations, law requires Fazer to disclose your personal data to authorities or other third parties. Personal data is disclosed, for example, in connection with taxation, social benefits, pension payments and insurance. In such situations Fazer does not disclose more personal data than it is necessary to fulfill the obligation. Fazer can disclose your personal data also, when it is necessary for the establishment, exercise or defence of a legal claim. Mergers, acquisitions and other transactions: Your personal data can be disclosed during the possible acquisition, merger or other transaction to the purchaser or to other party relevant to the arrangement.\r\n\r\n7. Is your data transferred beyond the borders of the EU or EEA?\r\nSome service providers that Fazer uses, such as IT system support and consultancy service providers, are located outside the European Union or the Euro-\r\npean Economic Area, e.g. in the United States and in India. Therefore, your personal data can be transferred outside the EU, given that the requirements of the General Data Protection Regulation are fulfilled. In this case processing is organized by data protection clauses approved by European Commission. You may request information on the details of transfers to third countries and safeguards by using the contact details below.\r\n\r\n8. How can you influence the processing of your data?\r\n\u2022 You have the right to request access to the data concerning you or to receive confirmation that your personal data is not processed (right of\r\naccess).\r\n\u2022 You have the right to rectification (right to rectification). It means that if there are errors in the data concerning you, or if the data is inaccurate or deficient, you have the right to ask Fazer to rectify or complete the data.\r\n\u2022 You have the right to have your personal data erased in certain situations, for example, when the processing of your personal data is no longer necessary for the purposes for which it was collected, or if the processing is based on your consent and you want to withdraw your consent and there\r\nare no other bases for processing (right to be forgotten). Please note that Fazer may have a basis to retain the data to comply with mandatory leg-\r\nislation, such as laws regarding employment contracts, working hours or accounting and, therefore, in many cases data cannot be erased.\r\n\u2022 When the processing of your personal data is based on legitimate inter est, you have the right to object to such processing on grounds relating\r\nto your particular situation (right to object).\r\n\u2022 In certain situations you might have the right to restrict the processing of your personal data (right to restriction of processing). When the pro-\r\ncessing has been restricted, your personal data will only be stored and not processed otherwise. For example, if you contest the accuracy of your\r\npersonal data, you have the right to have the contested data under a restriction of processing during the time when it is ensured that your data is\r\naccurate.\r\n\u2022 In certain situations, you have the right to obtain the personal data you have provided to Fazer in a machine readable format so that you can\r\ntransfer it to another controller (right to data portability). You can exercise your data protection rights as follows:\r\n\u2022 If you have access to Workday system, you can print a report of your personal data according to Fazernet instructions. You can also correct some information yourself via Workday.\r\n\u2022 If you do not have access to Workday system, you can ask your manager to print out the report of your personal data. Your manager can also rectify\r\nor complete incorrect data if necessary.\r\n\u2022 If you have other requests concerning your rights, you can send a request form via Fazergroup privacy pages (www.fazergroup.com\/privacy).\r\nIf you believe that Fazer, despite the principles set out in this Employee Privacy Statement, has infringed upon your rights according to applicable data protection law, you have a right to file a complaint with the local data protection authority.\r\n\r\n9. How your data is protected?\r\nFazer has appropriate technical and organizational security measures and processes to secure the personal data from loss, misuse or other similar unauthor\r\nized access to your data. The data is collected to servers and databases that are protected by firewalls, passwords and other technical means. The servers, databases and their backup copies are located in secured premises where the data can only be accessed by specific persons designated in advance. The servers have strong security.\r\n\r\n10. Can Fazer change the Privacy Statement?\r\nFazer continuously develops its practices and services relating to the protection of personal data and, therefore, this Employee Privacy Statement is updated to describe the processing when necessary. Changes in the applicable legislation or interpretations thereof may also result in amendments to this Employee Privacy Statement. Up to date Employee Privacy Statement can always be found in Fazernet.\r\n\r\n11. Who can you turn to if you have questions concerningthe processing of your data?\r\nIf you have any questions about the processing of personal data, please contact a local privacy specialist.\r\nFazer Makeiset Oy: employmentprivacy.fcfi@fazer.com\r\nFazer Leipomot Oy: employmentprivacy.fbfi@fazer.com\r\nFazer Finland Oy: employmentprivacy.fazerfinland@fazer.com\r\nOy Karl Fazer Ab: employmentprivacy.kf@fazer.com\r\nFazer Ravintolat Oy: employmentprivacy.fazerfinland@fazer.com\r\n\r\n12. Controllers\r\nThe controllers of your personal data are Oy Karl Fazer Ab jointly with its affiliate that you have an employment relationship with. If you are working as a contingent worker for Fazer, the controllers of your personal data are Oy Karl Fazer Ab jointly with its affiliate that you work for as a contingent worker.\r\nOy Karl Fazer Ab\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nFazer Makeiset Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\nFazer Leipomot Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 17, 00941 Helsinki\r\nFazer Finland Oy\r\nFazerintie 6, 01230 Vantaa\r\nFazer Ravintolat Oy\r\nFazerintie 6, 01230 Vantaa\r\nPL 4, 00941 Helsinki\r\n\r\n13. Links to other Privacy Statements\r\nYou can find more information about how privacy is managed at Fazer on Fazergroup privacy pages (www.fazergroup.com\/privacy).\r\n\r\nPublished on the 5th of February 2024\r\nAPPENDIX 1\r\nVideo surveillance systems\r\nVideo surveillance enables us to ensure the personal safety, protection of property and food safety of our employees, customers and other persons staying at or visiting our facilities as well as to prevent and resolve situations that jeopardise safety, property and production processes.\r\nVideo surveillance stores data on persons who are within the range of the cameras at any given time. Surveillance may target, among other things, public\r\nspaces, loading docks, factory areas and, under certain conditions, areas where money is handled. This will enable us to ensure safety and protect people and property from harm. If Fazer uses video surveillance systems in the premises, the covered area is marked with clear notice tags (for example with camera images or with a notice reading \u201cvideo surveillance\u201d or other similar notification). Fazer processes the data based on the legitimate interest of the controller. The retention period of the data is defined based on requirements of local legislation and\/or supervisory authority recommendations and the initial retention time ranges from two weeks to three months, as applicable country-by-country. The data may be retained for longer if required by presenting, resolving or defending a legal claim; in other words, until the judgment is legally valid or the matter has been finally settled. Surveillance has been outsourced to a security company whose security guards monitor events on the property through a TV monitor. The security guards have technical access to the video surveillance material and they are allowed to access the material if necessary on prior consent from Fazer security director. The security system is maintained on premise by Fazer itself. Data can be disclosed to the authorities on the basis of the statutory right to oobtain information. Such authorities include the police.\r\n\r\nAccess control systems\r\nAccess control enables us to ensure the personal safety, protection of property and food safety of our employees, customers and other persons staying at or visiting our facilities as well as to prevent and resolve situations that jeopardise safety, property and production processes. The access control register stores data on persons who have applied for access rights and who at any given time have entered or exited through doors or gates included in the system or used the facilities included in the system. The information to be stored in the system includes the person's background information,\r\nsuch as name, role, employer and possibly their personal identity code, date of birth and picture, as well as the date and time of access and the vehicle\u2019s registration number and picture. The background information is usually obtained from the person themselves or their representative when the access right is applied for, and the other information is obtained from the access control systems. Fazer processes the data based on the legitimate interest of the controller. Processing the personal identity code is required for unambiguous identification of the person in question in order to ensure the safety of persons, among other things. The data is retained for a maximum of three years or longer, if required by presenting, resolving or defending a legal claim; in other words, until the judgment is legally valid or the matter has been finally settled. If access rights have\r\nnot been granted, the data will be erased within three months of entering the application in the system.\r\nAccess control has been outsourced to a security company whose security guards monitor events on the property through a TV monitor. The security\r\nguards have technical access to the access control material and they are allowed to access the material if necessary on prior consent from Fazer security\r\ndirector. The security system is maintained on premise by Fazer itself. Data can be disclosed to the authorities on the basis of the statutory right to\r\nobtain information. Such authorities include the police.","site_company_id_required":true,"site_company_id_vies_validation_enabled":false,"site_company_id_prh_validation_enabled":true,"custom_tickets_enabled":true,"allow_creating_application_for_multiple_identities":true,"self_registration_links_enabled":true,"projects_enabled":true,"cards_enabled":true,"partial_application_approval_allowed":true,"tilaajavastuu_api_enabled":true,"theme":{"header_background_color":"#15256b","footer_background_color":"#15256b","primary_button_color":"#15256b","primary_button_hover_color":"#1d2c4e","secondary_button_color":"#6c757d","secondary_button_hover_color":"#5c636a","tertiary_button_color":"#15256b","tertiary_button_hover_color":"#15256b","content_text_color":"#15256b","link_text_color":"#15256b"}}