Skip to content
English

SILVERSKIN INFORMATION SECURITY OY PRIVACY STATEMENT (OR POLICY)

Last Updated: December 1, 2025

This Privacy Statement describes how Silverskin Information Security Oy (hereinafter referred to as "Silverskin" or "the Controller") processes personal data in its customer, marketing, and recruitment activities. We comply with the EU General Data Protection Regulation (GDPR).

1. Controller and Contact Information

Controller: Silverskin Information Security Oy Business ID: 2296092-6 Address: Kalevankatu 6, 00100 Helsinki, Finland Privacy Matters and Contact: privacy@silverskin.fi

For all matters related to the processing of personal data and exercising your rights, please contact us at the email address provided above.

2. Personal Data Registers Processed and Purposes of Use

Silverskin maintains two primary registers.

A. Customer and Marketing Register

Register Name: Customer and Marketing Register Purpose of Processing: The purpose of processing personal data is the management of Silverskin's customer relationships, the performance of the agreement between Silverskin and the customer, and marketing. Legal Basis for Processing:

  • Performance of a contract (customer relationship).

  • Legitimate Interest of the Controller (maintaining, developing the customer relationship, and marketing).

  • Consent (e.g., newsletter subscription).

Categories of Personal Data Processed:

  • Name, contact information (phone number, work email address, work mailing address).

  • Sales information concerning individuals in the customer system.

  • Data provided by the individual themselves via contact or newsletter subscription forms.

  • Other data provided by the individual themselves.

Regular Sources of Data:

  • From the data subjects themselves.

  • From the Trade Register.

  • From commercial entities providing corporate contact information.

Data Retention Period: For the purpose of managing the customer relationship, data is retained for as long as necessary. For direct marketing purposes, the data is removed when requested by the data subject. If the data subject prohibits direct marketing, we will retain the information regarding the prohibition. The Controller may have an obligation to process some data for a longer period to comply with legislation or official requirements.

B. Recruitment Privacy Register

Register Name: Recruitment Privacy Register Purpose of Processing: The purpose of processing personal data is the execution of the recruitment process and the evaluation of job applicants. Legal Basis for Processing:

  • Entering into an employment contract (preparation of a contract).

  • Legitimate Interest of the Controller (execution of the recruitment process).

  • Consent provided by the job applicant, if requested.

Categories of Personal Data Processed:

  • Contact information: name, address, phone number, email address.

  • Information related to the application: CV, job application, references, possible certificates.

  • Interview information and other data accumulated during the recruitment process.

  • Possible aptitude assessments or test results.

Regular Sources of Data:

  • From the data subject themselves.

  • Data may also be collected from other sources with the applicant's consent, such as from referees indicated by the applicant.

Data Retention Period: For the purpose of managing the recruitment process, data is retained for six (6) months in the case of an open application and two years in the case of a targeted job title search.

3. Use of Cookies and Web Analytics

This site uses cookies to implement functions, track visitors, and target marketing. We use the Google Analytics tool, Google Tag Manager, and LinkedIn Tag Manager. If a user declines data collection upon arriving at the site, the user will not be tracked on the site. If desired, cookies can also be disabled in the browser settings.

4. Disclosure of Personal Data and Transfers Outside the EU/EEA

Subcontractors: We use subcontractors (e.g., IT services, marketing platforms) for processing personal data, and we require them to process data in accordance with current legislation and the principles of this Statement.

Data Transfers Outside the EU/EEA: Customer personal data is primarily processed within the EU or EEA area. Data collected by the website's cookies may be transferred to the United States. In such cases, the legal basis for the transfer is the Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms that ensure an adequate level of data protection.

Other Disclosures: Personal data is not disclosed to other external parties unless required by law. Data may be exceptionally disclosed, for example, to authorities when required by law.

5. Data Protection and Data Security

The Controller processes personal data in a manner that aims to ensure appropriate security of the personal data, including protection against unauthorized processing and accidental loss, destruction, or damage.

The Controller uses appropriate technical and organizational security measures (including the use of firewalls, encryption technologies, secure server facilities, appropriate access control, and careful management of user IDs for information systems) to ensure this objective.

All employees who process personal data are bound by a duty of confidentiality regarding matters related to the processing of data subjects' personal data. Cooperation partners processing the data are committed to retaining and processing personal data in the manner required by the General Data Protection Regulation.

6. Profiling and Automated Decision-Making

Personal data is not used for profiling or other purely automated decision-making.

7. Rights of the Data Subject

The data subject has the following rights. Requests concerning the exercise of these rights should be addressed to the Contact Information in Section 1 (privacy@silverskin.fi):

  • Right of Access: The right to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to a copy of the personal data.

  • Right to Rectification: The right to request that inaccurate and incorrect personal data concerning them be corrected.

  • Right to Erasure ("Right to be Forgotten"): The right to request the deletion of personal data concerning them if the personal data is no longer necessary or the processing has been unlawful.

  • Right to Restriction of Processing: The right to restrict processing if the data subject contests the accuracy of the data or the processing is unlawful.

  • Right to Object: The right to object to processing at any time on grounds relating to their particular situation. The data subject always has the right to prohibit direct marketing.

  • Right to Withdraw Consent: The right to withdraw consent to processing at any time.

  • Right to Data Portability: The right to receive the personal data concerning them, which they have provided, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller.


    Right to Lodge a Complaint with a Supervisory Authority: The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman. The data subject has the right to bring their matter before the supervisory authority if they consider that the processing of their personal data violates legislation.