The information we collect
We mainly collect and store information obtained directly from you. We do not collect data from any external sources (e.g. potential referees) without your prior consent, unless otherwise provided by law.
We mainly process the following information about you:
- name, contact information, education, work experience and any other information you provide to us in your application and CV;
- date of application and applied position; and
- other information necessary for recruitment that you provide to us during the recruitment process.
Why we collect your data and legal basis for our processing
We collect personal information about you in the recruitment process to assess whether you could be a suitable candidate for an open position.
We process your personal data only for legitimate human resources and business management purposes based on your consent or request prior entering into an employment agreement, our legitimate interest (e.g. to comply with our employer obligations and to protect our legal position in the event of legal proceedings) or a legal obligation.
How we protect your personal data
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
Disclosures of personal data
We do not disclose your personal data to third-parties, unless disclosure is required by the law, formalities of public authorities (e.g. employment authorities), or for some other justified purpose. However, we may share your information with our employees and external service providers who are obliged to process the data on our behalf and for the abovementioned purpose, mainly to assist us in the recruitment process (e.g. Azets Insight Oy) or maintain our IT systems (e.g. cloud hosting and storage services).
Transfers of personal data outside of the EU/EEA
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
How long we store your personal data
We store your application and any other information you have provided to us until the recruitment process has been completed and for a one (1) year period thereafter. On your consent, your information can be stored for as long as we consider your application relevant to us, a maximum period of two (2) years, in order to consider your application to a further job opportunity. Thereafter, we may retain a minimum amount of your personal data to record your recruiting activity with us.
In addition, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
We regularly review the need for data storage and delete data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
What are your rights and how to exercise them
You have the right, with the restrictions that follow from legislation, to:
- access the personal data we process about you and request a copy of the data;
- request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
- request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
- object to the processing of your personal data when the processing is based on our legitimate interest;
- receive, under certain preconditions, your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit the data to another controller; and
- withdraw your consent, if we are processing your data based on your consent.
In addition, you have the right to refuse the use of your personal data for direct marketing and profiling in connection to such marketing any time. We do not make any recruiting or hiring decisions based solely on automated decision-making.
To exercise your rights, please send your request in writing to the email or the postal address indicated above.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.