top of page
On the Road Again Oy - Employee privacy statement

Note: this privacy statement is a direct translation from its Finnish equivalent. If there is a conflict between the English and Finnish version of the privacy statement, the terms determined in the Finnish privacy statement are applied. 


On the Road Again Oy's group and its affiliated companies engage in the collection and processing of personal data. In this privacy statement, in accordance with the General Data Protection Regulation (679/2016/EU) Articles 13 and 14, and the Data Protection Act (1050/2018), we outline what information about our employees we collect and process, why we do so, and how we store the data.


1. Controller and affiliated companies


The controller is On the Road Again Oy group (business ID 3131993-8).

Business address & mailing address: Lastaajankatu 5, 33560 Tampere


The following companies are part of the group:


Back In Business Oy (3089642-6)

Going Smooth Oy (3279435-1)

RestaUra Oy (3265170-5)

This is Business Oy (3244907-2)


2. Person responsible for the register



Mirko Lännenpää (CEO / On the Road Again Oy)

050 531 9586


3. Register name 


On the Road Again Oy's employee privacy statement. Employees refer to individuals who are or have been employed by any company operating on behalf of the group.


4. Purpose and legal basis for the processing of personal data


The data controller and its affiliated companies collect personal data from employees for the purpose of managing tasks and obligations related to the employment relationship. This includes tasks such as monitoring working hours and absences, payroll management, access control, and actions related to the commencement, management, development, and termination of employment. Personal data may also be processed for statistical and planning purposes within companies belonging to the same group as the data controller.


The legal basis for processing personal data is the legitimate interest arising from the employment relationship between the data controller and the employee, as well as the legal obligations of the data controller in relation to employment, such as tax, enforcement, and statistical legislation. The processing of special categories of personal data is based on the consent of the registered individual.

5. Content of the register


The following categories of personal data are collected and processed from the registered individuals:


  • Identification and contact information of the registered individual, such as name, personal identification number, address, phone number, Email, nationality, gender, bank details, emergency contact details for close relatives, other necessary information for the identification of the registered individual (e.g., copy of identification card)

  • Employment-Related Information, such as

    • Job application and other information related to the job application process (education and qualification details, work and professional experience, competency assessments and suitability evaluation information)

    • employment contract and other potential commitments and agreements related to employment

    • Information concerning the duties of the registered individual, e.g. job title

    • information regarding the development in job responsibilities (e.g., training-related information)

    • performance-related information in job duties (e.g., competency details and language proficiency)

    • photograph

    • information related to compensation based on employment (e.g., salary, benefits, tax information, and employer-related contributions)

    • information related to employer responsibilities in the employment relationship (e.g., information related to the registered individual’s insurance)

    • information related to occupational health services, including health information of the employee if collected directly from the employee or with their written consent. This is necessary for determining sickness-related benefits or similar health-related benefits, investigating justified reasons for work absences, or if the employee expressly wants to assess their ability to work based on health-related information.

    • information related to union membership, if collected with the employee's consent and necessary for tasks such as paying union membership fees.

    • information related to monitoring working hours and absences (e.g., data from access control systems, sick leaves, annual leaves, and other agreed-upon absences)

    • information related to work clothes, (e.g. sizes),work tools (e.g., details about assigned computers and other mobile devices, usage-related information, email addresses, phone numbers, and details about access cards and keys)

    • information about access rights related to job responsibilities, including user IDs and passwords

    • information related to the termination of employment (e.g., agreement on the termination of employment, work certificate, and information related to retirement)

    • Changes to the data of the registered individual’s above-mentioned individualised personal data categories.


6. Regular sources of personal data


Employees’ personal data is primarily collected and updated from the employees. Personal data is also collected from information systems used to fulfil the obligations of the employee’s employment and employer, such as the data produced by HR software.


With the registered individual’s consent, the data controller may also collect personal data from other sources. Consent is not required when obtaining credit information or criminal record information to assess an individual's reliability. The controller notifies the individual in advance about acquiring this kind of information for investigating the reliability of the individual.


7. Disclosures, transfers, and recipients of personal data


Personal data stored in the register may be disclosed as allowed and obligated by the valid legislation or with the registered individual’s consent to the public authorities who have a legal right to receive data from the register, such as the Tax Administration or the Social Insurance Institution of Finland (KELA) and other parties who are related to managing matters related to employment, such as pension and accident insurance companies, unions and parties providing occupational health care services.


With the registered individual’s consent, necessary personal data for employment may be disclosed to the data controller's business partners, such as client companies for whom the employee carries out different assignments on behalf of the data controller.


In the context of data processing, information may be transferred by the data controller to entities outside the European Union (EU) or the European Economic Area (EEA), such as cloud services (e.g., Google Drive and Microsoft OneDrive). These entities are committed to complying with the requirements of the General Data Protection Regulation to ensure adequate data protection.


8. Data protection principles of the register


The controller has implemented appropriate technical and administrative security measures to ensure the protection of personal data. Personal data is stored both in electronic databases and manually maintained materials. Electronically processed databases are protected by firewalls, passwords, and other generally accepted technical means in the field of information security. Manually maintained and processed materials are located in premises where unauthorised access is prevented.


Only those specifically defined and identified individuals whose tasks require the processing of personal data stored in the register have access to personal data. These individuals access the system with personal user accounts within the controller's internal network.


9. Retention period of personal data


The employee’s personal data is stored only for as long as is required for the implementation of the purposes specified in this privacy statement, and for a maximum period of ten years after employment has ended. The retention period of ten years is based on the periods for filing a suit applied at the time of employing, such as the obligation to provide a referral as specified in the Employment Contracts Act.


10. Rights of the registered individual


In accordance with legislation, the registered individual has the right to inspect what information concerning them is stored in the personal register. Additionally, the registered individual has the right to request the correction of inaccurate information in the register or the deletion of personal data within the limits and in accordance with applicable data protection legislation. 


The request for correction of information must specify the error that needs to be corrected and indicate the correct information. Requests (including requests for data deletion) must be made in writing and sent signed to the address mentioned in section 1. The registered individual has the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Commissioner) or another data protection authority of the European Union or European Economic Area if the registered individual believes that their rights under data protection legislation have been violated.


11. Changes to the privacy statement


The controller continuously develops its business and therefore reserves the right to change this privacy statement by notifying about it through its services and websites (RestaUra privacy statements = Changes may also be based on changes in legislation. The controller recommends registered individuals to regularly review the content of the privacy statement.


This privacy statement has been updated last on 15th of February, 2024. 

bottom of page