Service providers and other stakeholders

Neste collects and stores data about the service providers with whom it cooperates. The data we collect includes names and contact information, titles and company names, contract start dates and other business-related data.

As part of the onboarding process for new service providers and other stakeholders, Neste also processes data necessary to prevent or detect money laundering and terrorist financing, as well as the information necessary to comply with trade sanctions, always in accordance with local legislation.

In such cases, the personal data processed is the personal data of the beneficial owners and members of the board of directors: name, gender, nationality, place of residence and date of birth, and whether the person is subject to trade sanctions or is a politically exposed person (PEP). The processing of such personal data is based on Neste's legitimate interest in knowing its partners and ensuring that Neste does not engage in money laundering or other criminal or unethical activities. The data is collected from the service providers themselves and from public databases and other sources.

When a service contract involves special skills or certifications, Neste collects information about the company's references, curricula vitae, special skills and special competencies. Data on working hours is collected at a company level, but sometimes data on the working hours of individuals is also provided to Neste, in accordance with the contract.

The data is stored for the duration of the contractual relationship. After that, contact information is stored for possible future contacts. Curricula vitae and other evidence of specific skills or competence is stored for the purposes of internal auditing. Only administrators have access to this data.

In addition, we need to store some data for accounting purposes or to comply with other local legal obligations. We review our databases to ensure that they are kept up to date and do not contain outdated or inaccurate information.

The project supervisor of a joint construction site must keep a list of the employees working on the site and inform the Tax Administration monthly of the employees working on the site and any independent operators. When a contract involves specific training, experience and special expertise, the data is collected from a subcontractor’s employee or the data is handed over to the project supervisor by the subcontractor.

The subcontractor has the right to disclose the personal data of the employees because of the legal obligation to do so. The project supervisor stores the data of those who have worked on the construction site for six years after the construction site closes.

The aforementioned processing of personal data is based on legal obligations:

• Act on the Tax Administration (503//2010) 

• Act on Tax Procedure (1558/1995)

• Occupational Safety and Health Act (738/2002)

• Act on Posting Workers (447/2016)

• Aliens Act (301/2004)

The information we store about political influencers and other people important to our business includes names and contact information. We review our databases to ensure that they are kept up to date and do not contain outdated or inaccurate information.