Data protection

SATO Corporation / Personal data file / Whistleblowing channel

Updated on 8th March 2021.

1. File controller

SATO Corporation, Panuntie 4, PO Box 401, 00601 Helsinki, phone +358 20 334 443
Contact person Privacy Issues, email tietosuoja@sato.fi

2. Purpose of processing of personal data

Personal data may only be processed for the purpose of fulfilment of SATO Corporation’s legal and ethical obligations and for the appropriate case management process of reports received. The processing of personal data is partly based on the obligations under the securities market legislation and partly on the legitimate interest of SATO Corporation in investigating any misconduct or other reported activity. The processors of personal data are persons (whistleblowing team) appointed by SATO Corporation. Third parties and service providers may be used for personal data processing tasks.

3. Data file contents and regular sources of information

The data file contains information provided by persons belonging to SATO's stakeholder groups that may include data on a person reported upon, such as name and office, as well as reported incidents, information and further measures relating to case management, as well as data on the completion of the case management process. The whistleblower’s personal data may be registered if the person does not wish to submit an anonymous report. The data is erased from the data file once no longer necessary for the management of the case. Reports based on the Securities Markets Act are stored for five years and other reports are erased within the calendar year following the reporting year.

4. Regular disclosures of data and transfer of data to destinations outside the EU or the European Economic Area

Data is only disclosed to the SATO whistleblowing team as well as to Finnish authorities where so required by law. Data is not transferred or disclosed to destinations outside the EU or the European Economic Area.

5. Principles of data file protection

Access to the system and processing of data contained in the system is only allowed to designated representatives of SATO personnel or members of the Board of Directors of SATO Corporation (whistleblowing team) who require access to the data for work purposes. The use of personal identifiers is required. The system is protected through technical and administrative means. The SATO whistleblowing team works confidentially.

6. The data subject’s rights

Automated decisions
Personal data is not used for automated decision-making having legal or corresponding consequences to the data subject.

The data subject’s right to object to the processing of personal data
The data subject has, relating to their personal special circumstances, the right to object to profiling and other processing measures aimed at the data subject targeted by the controller on the personal data of the data subject in so far as the ground for data processing is the controller’s legitimate interest.

The data subject may issue their request concerning an objection in accordance with section 7 of this data file description. The data subject must in conjunction with the request specify the special circumstance on the basis of which they object to processing. The controller may refuse to implement a request concerning an objection on grounds laid down in legislation.

The data subject’s right of access to data
The data subject has the right of access to the data on them in the personal data file. Requests for access must be made in accordance with the instructions provided in this data file description. The right of access may be denied on grounds laid down in legislation. As a general rule the right of access may be exercised free of charge.

The data subject’s right to request the rectification, erasure or restriction of processing of data
In so far as the data subject is capable of taking personal action, they must, without undue delay after having been informed of or having personally detected an error, on their own initiative to rectify, erase or supplement personal data contained in the data file and erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.

In so far as the data subject is not capable of rectifying the data by themselves, a request for rectification may be made in accordance with section 7 of this data file description.

The data subject also has the right to request that the controller restrict the processing of the data subject’s personal data in situations including where the data subject is awaiting the controller’s reply concerning their request relating to the rectification or erasure of their personal data.

The data subject’s right to complain to a supervisory authority
The data subject has the right to complain to a competent supervisory authority if the controller has not complied with applicable data protection regulations in its activities.

7. Contacts

The data subject should contact the controller in writing by email or post using a message addressed to the contact person in all matters relating to personal data processing and situations relating to the exercise of the data subject's rights.

Contacting the controller can also be done using the whistleblowing channel.

For contact details please see under section 1 ‘File controller‘.