Privacy Policy for eFina Mobile

This privacy policy describes how personal data is processed in connection with eFina Mobile application (“application”) for iOS and Android. This privacy policy is valid from 9 March 2022 onwards.

1. Data Collector

This Privacy Policy applies to the eFina Mobile application and its collected data. Administer Plc is responsible for the technical administration of the personal data file and acts as a single point of contact with regard to data protection issues.

Administer Plc

Itämerenkatu 5

FI-00180 Helsinki

Business ID 0593027-4

Telephone: +358 (0) 20 703 2000

All joint controllers of the register can be found on the Group’s website at https://administergroup.com/administer-konserni-yhtiolistaus/.

2. Purpose and Legal Basis of Personal Data Processing

Personal data is only processed in the service in connection with customer relationship management and to the extent that is necessary in order to provide the service in accordance with the terms of agreement concerning the service.

All data is treated according to Finnish law and used only in accordance with the agreement made with your employer.

Personal data can also be used for direct marketing of services provided by the data collector, or companies that are part of the same group, to corporate customers.

3. Processed Personal Data

When corporate customers register in the service, the following information is saved:

– Company or community name

– Register data

– Address and contact information

– Main user’s first and last name, date of birth, and contact information.

The customer’s material saved in the service by the customer may also include other personal data, such as names, addresses-, and contact information of the contracting parties.

This data may also include other personal data from using the different functions in the application, such as scanned receipts, and location data.

3.1 Processing of the Location Data

While using the “Travel Expense” function, your device collects data about your phone location and route. When you send data to Administer Plc’s eFina server, only the journey’s time, length, legend, chosen vehicle, chosen daily or half-day allowance, country, starting- and endpoints of the route, location of the stops, and their addresses are shown on the kilometer claim. All data is treated according to Finnish law and used only in accordance with the agreement made with your employer.

By using the “Travel Expense” function you are bound by Google’s Terms of Service and Google Privacy Policy.

You are, at any time, able to disable the application’s location data access from the operating system’s application settings page on iOS and Android 6.0 or newer, therefore disabling the “Travel Expense” function.

4. Personal Data Protection Principles

The following principles are applied to personal data protection:

– Data processing authorisation management is used for ensuring that only authorised persons may process personal data

– Persons processing personal data are bound by the statutory confidentiality obligation or have signed a non-disclosure agreement

– Personal data is stored in an information network that is isolated from the public communications network with firewall solutions

– Confidential data transferred via the public communications network is encrypted technically – Documentation is stored in facilities protected by access control, and their use is monitored with access right management.

5. Release of Personal Data

The data collector shall only release personal data to their group companies and service providers in order to provide the agreed service to the required extent. The data collector may release the contact information of their corporate customers to their group companies for direct marketing purposes.

Personal data may be only be transferred outside the European Union or European Economic Area for customer service purposes and in accordance with the personal data legislation. In each individual case, the applicable condition for the personal data transfer is indicated in connection with the service. Unless otherwise indicated, personal data transfers to the United States shall be performed under the Privacy Shield arrangement between the EU and the United States (https://www.privacyshield.gov/US-Businesses).

6. Personal Data Retention

Time The personal data acquired in connection with service registration is only stored for the duration of the customer relationship, and, for the part of contact information, the period of time deemed necessary for direct marketing.

The data collector shall destroy the personal data acquired in connection with service provision and/or included in the material saved in the service without delay after the customer relationship has ended or at the request of the data subject.

7. Exercise of Data Subject’s Rights

The data subject has the right to ask the data collector for access to the personal data concerning them, as well as for the correction, removal, or processing restriction of said data, or to object to the processing of the data. Material saved in the service cannot be requested to be directly transferred from the data collector into the system of another service provider due to technical reasons. The data subject has the right to file a complaint with the supervisory authority concerning the use of personal data in the service.