Access control register

Privacy Policy

Created 17.9.2019
Updated 21.6.2023

Data controller

Esa Vennola
Lemminkäisenkatu 50, 02520 Turku, Finland

+358 20 7669 447

Contact person in matters related to the filing system

Esa Vennola
Lemminkäisenkatu 50,02520 Turku, Finland

+358 20 7669 447

Name of filing system

Access control register

Purpose of personal data processing

Personnel access and (working hours, if combined) monitoring.

Data content of filing system

Person’s first and last name
Number of access pass
Premises in which office is located
Access pass validity permanent/temporary
Access permission group
Working hours monitoring group

Regular data sources

System contact persons for units
Access grant applications
Clock-ins at working hour recorders

User tracking
We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy ( for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see

Regular disclosure of data

For the part of working hour monitoring, realisation and deviation reports to supervisors by month of by wage period.

Data in the filing system will not be disclosed to third parties unless disclosure is required for the maintenance of employee relations of the payment of wages.

Transferring data outside the EU or the EEA

Data in the filing system will not be transferred outside the EU or the EEA.

Filing system’s principles of protection A: Manual material

Manual materials are stored in locked premises.

Filing system’s principles of protection B: Electronically processed functions

Username and password are required for data processing.

Right of access

The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

Right to rectification

Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated 1 / 2 must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.

The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Other rights related to the processing of personal data

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten after employment is terminated.