Privacy statement

Privacy statement – Greenstep Hub Last updated 28.10.2024

1. Introduction

This privacy statement concerns processing the data necessary for the proper functioning of the customer collaboration portal called Greenstep Hub (the “Portal”). The Portal has been created by Greenstep Oy (“Greenstep”) for Greenstep Group entities. The purpose of the Portal is to enable secure communication and transfer of customer data such as accounting materials, payroll data and project-specific documents.

2. Why do we process your data?

Purpose of the processing operation: Greenstep (the “Data Controller”) collects and uses your personal information with the sole purpose to provide agreed services to the customer and to collaborate with the customer and its staff. Lawfulness of the processing operation: The data processing is considered lawful because it is necessary for the performance of tasks carried out on the basis of the contractual relationship. In addition, the Data Controller has legitimate interest based on the customer relationship. For example, the customer relationship management consists of servicerelated information such as newsletters as well as customer satisfaction surveys.

3. Which data do we collect and process?

The personal data collected and further processed are:

• names of customers’ Portal users

• their work email addresses, phone numbers and job titles

• IP addresses

• date and time of login

4. How long do we keep your data?

We keep the personal data only for the time necessary to fulfil the purpose of collection or further processing. Personal data associated with the provision of Greenstep services shall be retained in the Portal until the occurrence of the earlier of the following events: (i) five (5) years from the termination of the service agreement; or (ii) the automatic removal cycle of inactive Portal users; or (iii) upon the receipt of a request for removal. This retention period may be extended if required by applicable law or regulation, or if necessary to exercise our legal rights.

5. How do we protect your data?

© Greenstep Oy -All rights reserved Greenstep and Customer Confidential It is important to Greenstep to take care of data security. Greenstep has at its disposal current technical, organisational and administrative security protocols that safeguard all personal data against disappearance, misconduct, unlawful conduct, transfer, changes and erasure.

6. Who has access to your data and to whom is it disclosed?

Access to your data is granted to authorised personnel specified below according to the “need to know” principle. All staff members are obligated to comply with relevant statutory laws and confidentiality agreements.

• Admin users:
o IT and quality control

• Customer-specific users:
o Customer team: customer responsible, accountants, payroll specialists, project specialists and management users as required for performing the service

7. What are your rights and how can you exercise them?

According to the GDPR (Regulation (EU) 2016/679), you are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer and if necessary, the Data Protection Supervisor using the contact information given at point 8 below.

8. Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:
• Greenstep Oy, Business ID: 2306461-3, Keilaranta 5, 02150 Espoo, Finland
• compliance@greenstep.com
The Data Protection Officer (DPO): jonathan.teir@greenstep.fi
The Data Protection Supervisor in Finland: tietosuoja@om.fi