Privacy statement for jobseekers
The following section describes how we process the personal data of Laurea jobseekers.
Laurea University of Applied Sciences Ltd, Ratatie 22, 01300 Vantaa, Finland
- Controller’s contact person: President, CEO Jouni Koski, email@example.com
- Person in charge of the personal data file: HR Director Tiina Päivärinne, firstname.lastname@example.org
- Data Protection Officer: Marjo Valjakka, email@example.com
Why do we process personal data?
We process personal data to carry out recruitment measures and promote the employment of a person. The purpose of the recruitment is to have an employment contract between the applicant and employer.
The processing of personal data is based on the jobseeker's consent. In certain respects, it is also necessary to process personal data in order to enable the preparation of an employment contract.
The service does not use automated decision-making.
What personal data do we process?
We process the following information needed for recruitment:
- Name and contact details
- Data used for the evaluation of eligibility and suitability (e.g. work experience and educational background, reference data, work samples, language skills and other competence)
- Attached files (e.g. CV, application, image)
- Information generated during the recruitment process, such as messages and files to be saved
Who processes personal data?
Personal data is processed by the appointed personnel management staff and other personnel involved in the recruitment of Laurea. On a case-by-case basis, third parties, such as recruitment consultants and expert evaluators, may be used for recruitment.
The technical platform for the register is the TalentAdore VRA recruitment system, which is provided by Talentadore Oy (service provider). The service provider processes personal data in order to produce a technical platform for Laurea to implement recruitment measures.
Other potential processors of personal data may include various recruitment assistance systems.
For the selected personnel, the data is transmitted to Laurea's HR management systems and to be part of Laurea's personnel register.
As a rule, personal data is processed only in the EU/EEA. In certain cases, personal data may also be technically processed outside the EU/EEA. In such a case, the service provider ensures that personal data is processed in accordance with the requirements of the General Data Protection Regulation and that processing in accordance with the Regulation has been agreed on in the data processing agreements required by the Regulation.
How long do we store personal data?
As a rule, personal data is stored for 12 months from the time the application is saved. In certain cases, personal data may be stored longer. In these cases, consent for long-term storage is requested from the person in question. The data can also be processed in the service in situations where the data subject has been selected as an employee or substitute in the organisation.
For the selected persons, the information needed to perform the tasks and obligations of the employment relationship, such as payment of wages, is collected. Such information includes, for example, a personal identity code, information on valid permits and qualifications, and the bank account number for payment of wages.
Where do we get personal data?
The source of information is the individual's personal data when applying for a job and when providing additional information when requested.
How do we protect personal data?
The data security and protection instructions of Laurea University of Applied Sciences apply to the management of the register. The use of the recruitment system is restricted at Laurea by means of data communications and user rights.
Personal data is stored on the service provider's servers, which are protected in accordance with general industry practices. Personal data collected and processed shall be kept confidential and shall not be disclosed to anyone other than those who need it in their work or, in a confidential and limited manner, to the data controller's customers on the basis of service agreements. Access to personal data is protected by user-specific IDs, passwords and user rights.
If a person has entered personal data in the recruitment system, the only purpose of data processing is to fulfil the measures required for recruitment. The service provider is responsible for technical and data secure protection. For example, the service provider may have to process personal data in technical reports. The service provider's personnel have signed a non-disclosure agreement and undertake to process personal data in a secure, confidential manner and only to produce the service.
The rights of data subjects
Access to data
The data subject has the right to obtain information from the controller on whether their data is being processed. If the data are processed, the data subject has the right to check their data stored in the register. The inspection is carried out by logging in to the service management interface. If it is not possible to check the data through the management interface, the data subject may address a written request for inspection to the person in charge of the personal data file.
Right to rectification
The data subject has the right to request the correction of incorrect or incomplete personal data concerning the data subject. Rectification takes place in the service management interface. If it is not possible to correct the data through the management interface, the data subject may submit a written re-assessment request to the person in charge of the personal data file.
Right to erasure
The data subject has the right to demand the erasure of their data stored in the register, unless there are grounds for storing the data (e.g. legal appeal period for the selection decision). The data is deleted in the service management interface. If it is not possible to delete the data through the management interface, the data subject can submit a written request to the person in charge of the personal data file to delete the data.
Right to restrict processing
The data subject has the right to require that the controller restrict the processing of the data subject's personal data if there are grounds for doing so. A request to restrict the processing of personal data must be addressed in writing to the person in charge of the personal data file.
Right to object to the processing of data
The data subject has the right to object to the processing of personal data concerning the data subject, if there are grounds for doing so. A request to object to the processing of personal data must be addressed in writing to the person in charge of the personal data file.
Right to transfer data
The data subject has the right to transfer their personal data in a machine-readable format. This is done through the service management interface or by contacting the person in charge of the personal data file in writing.
Right to withdraw consent to the processing of data
If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent is made by a written request to the person in charge of the personal data file.
Right to lodge a complaint with the supervisory authority
The data subject has the right to complain about any shortcomings in the processing of personal data to the controller, processor or supervisory authority.
The data protection officer is the contact person in matters related to the data subject’s rights.
Data subjects have the right to file a complaint with the data protection authority.