Privacy statement – Freelancers - Punainen Risti Ensiapu

Entry into force: 11.08.2025

1. Data controller

Punainen Risti Ensiapu Oy, Training Services

Business ID: 2843118-7

Sturenkatu 16, 6th floor, 00510 Helsinki

2. Data Protection Officer contact information

tietosuoja.ensiapu@punainenristiensiapu.fi

3. Name of the data file

Punainen Risti Ensiapu, Training Services: Freelancers

4. Purpose and legal basis for the processing of personal data

The basis for processing personal data is a training assignment with Punainen Risti Ensiapu. The purpose of processing personal data is to manage the reservation of instructors related to the training assignment and to implement related rights and obligations. The processing of certain data is necessary in order to comply with legal obligations. In addition, the processing is based on a legitimate interest of Punainen Risti Ensiapu and possible third parties to process personal data. The legitimate interest is based on the relationship formed when a person acts on behalf of Punainen Risti Ensiapu.

Punainen Risti Ensiapu only processes personal data that are directly necessary for the assignment and related to the management of the parties’ rights and obligations. The processing of the required personal data is a necessary prerequisite, for example, for the payment of fees.

Initiation, management and termination of assignment-related tasks
Statistics, such as number of training sessions
User management of equipment, systems and software related to the implementation of the assignment
Improving the instructor experience

5. Content of the data file

Name and contact details of the instructor
Information used to assess aptitude and suitability (e.g. work experience and educational background, language skills and other competence)
Information relating to compensation paid on the basis of the assignment.
Transaction-specific data and customer feedback related to the assignment
Information generated during the period of collaboration, such as feedback and summaries of audits and competence development.
Collaborative grouping data and other analytics-derived data
Correspondence related to the freelance relationship
Possible user IDs for digital services managed by Punainen Risti Ensiapu
Log data from the user accessing digital services managed by Punainen Risti Ensiapu

6. Personal data storage time

Punainen Risti Ensiapu stores personal data in the register for as long as it is necessary for the purposes defined in this privacy statement. Punainen Risti Ensiapu stores personal data related to assignments for a period of time in accordance with legal obligations.

7. Data sources

The data in the register comes from the data subjects themselves and from the functions related to the assignments.

8. Recipients and processors of personal data

The personal data on the freelancers data file is processed and maintained by persons responsible for the execution of assignments, such as Punainen Risti Ensiapu employees working in sales, training arrangements and coordination.

External service providers responsible for the technical maintenance of the freelancers data file act as personal data processors.

9. Regular disclosure of data

The freelancer’s contact details, such as their name, telephone number and email address, may be disclosed to the training event organiser for practical arrangements.

Personal data may be disclosed to third parties, such as financial administration where permitted by applicable legislation. These third parties are partners who support the mission of the register and whose purpose of use of the data is not incompatible with the purposes of Punainen Risti Ensiapu. Punainen Risti Ensiapu has signed agreements for the processing of personal data with such third parties. In addition, the data controller has the right to disclose data from the register to third parties if required by law, decrees or the authorities.

10. Transfer of data outside the EU or the EEA

The data processor may transfer personal data outside the EU/EEA in order to provide recruitment services. In this case, the data processor is obligated to use a legally valid transfer mechanism to ensure a sufficient level of data protection.

11. Data protection principles

As the data controller, Punainen Risti Ensiapu is responsible for ensuring that data are processed in accordance with good data security practices. The data on the data file can only be accessed by the controller and the service providers and administrators specifically authorised by it.

People designated by the system provider process data only to the extent necessary to maintain the service. With regard to technical maintenance, the processing of data is the responsibility of an external service provider on whose servers the data are stored.

The data are processed in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked rooms.

Only those employees who have the right to process personal data as part of their work are entitled to use systems containing personal data. Each processor has signed a non-disclosure agreement and has their own usernames and passwords for the systems.

12. Rights of the data subject

The data subjects have the following rights:

Right to access data: The data subject has the right to request a copy of their personal data file.
Right to rectification and erasure: The data subject has the right to request that the data concerning them be corrected or deleted, unless the retention of data is required by applicable data protection or other regulations.
Right to restrict processing: The data subject has the right to request the restriction of processing their data.
Right to object to data processing: The data subject has the right to object to the processing of their data if there are grounds for this.
Right to data portability: right to request the transfer of their data from one system to another in a machine-readable format
Right to withdraw consent to data processing: If the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time.
Right to file a complaint with a supervisory authority: Data subjects have the right to file a complaint about shortcomings in the processing of personal data with the controller, the processor or a supervisory authority.

Data subjects have the right to be forgotten in this system. The deletion of a data subject’s personal data from the system will cease all processing of their data and also cause the data subject’s first aid certificate to expire. Once deleted, the data subject will not have access to their data. The data controller will review the request prior to anonymising the identifying information. A data subject’s request to have their data deleted may not be fulfilled if the data subject has a certificate that the data controller is legally obligated to keep on file.

Data subjects have the right to inspect their personal data file and to demand the rectification, erasure or completion of any personal data of theirs that are incorrect, outdated, incomplete or unnecessary for the purpose of processing. Requests for access to personal data files can be submitted as instructed at www.ensiapukoulutus.fi/en/data-protection. We respond to requests within one month.

Where appropriate, data subjects have the right to lodge a complaint with the competent authority concerning the processing of personal data by the controller. The competent authority in Finland is the Data Protection Ombudsman.