Privacy policy concerning personal data of job applicants

1. Controller

Premico Group Oy and the companies belonging to the same group of companies from time to time
Aleksanterinkatu 11, 00100 Helsinki
+358 29 007 5060
info@premico.fi
(herein ”we”, ”us”, ”our” or ”Premico”)

2. Contact person

Premico Group Oy / Data protection matters
Aleksanterinkatu 11, 00100 Helsinki
info@premico.fi

3. General

In this privacy policy we tell how personal data of job applicants is processed at Premico.

4. What are the grounds for processing and what purposes do we process personal data for?

We process personal data to process job applications and manage recruitment and the related needs of Premico. The processing of personal data is based on Premico’s legitimate interest or the consent given by the data subject in this context.

5. What data do we process?

We process personal data of job applicants which is necessary to process job applications and manage recruitment activities such as:

  • Basic information of the data subject: name, personal ID, birth date (if no Finnish personal ID), identification number;
  • Contact information: address; ZIP code; post office; phone number; email;
  • Other data given by the data subject based on their consent: CV; work experience, application videos, photo, reference (name; phone number; email); consent for checking credit report;
  • Information collected during the application processinterview videos, assessments.

6. Where do we collect the information from

Primarily we obtain the personal data directly from the data subjects themselves in context with the job application or recruitment process, e.g. via email or job application with its appendices. Upon the job applicant’s consent, we can supplement the personal data from other sources than the applicant such as the applicant’s previous employers or public sources such as LinkedIn and credit report register provided by Suomen Asiakastieto Oy. The collection and updating of the personal data will be done manually or by automatic means.

7. Where do we disclose and transfer personal data and do we transfer data outside of the EU or EEA?

Personal data of job applicants is processed only in the operations of the respective Premico group company. Such data cannot be disclosed to other companies belonging to Premico group unless it is necessary for the purpose of processing the job application and recruitment.

We also use subcontractors to process personal data. For example, we have outsourced our IT management to a third-party service provider, and personal data is stored in the servers managed and secured by such service provider.

Personal data of job applicants may be transferred outside of the EU and EEA if it is necessary for the purposes of processing or technical implementation of the processing of personal data. Transfers of personal data will be subject data processing agreements in accordance with the applicable law such as EU’s General Data Protection Regulation. Transfers of personal data outside of the EU and EEA require compliance with the applicable data protection law and appropriate safeguards such as standard contractual clauses based on the European Commission’s applicable decision. Premico does not disclose personal data to other than the above-described recipients unless otherwise required by mandatory legislation.

8. How do we protect the data and how long do we store the data?

Systems used for processing of personal data can be used by only such employees of Premico who have the right to process such data for their work-related obligations. Each user has their own user ID and password for the systems. Data will be collected in databases which are protected by firewalls, passwords and other technical measures. Databases and their backups are located in locked facilities. Data can be accessed by only certain pre-approved persons.

Personal data of job applicants will be processed in such extent that is necessary for the recruitment process. We store the data of applicants as long as is necessary for Premico’s rights and obligations and responding to possible requests and inquiries. The data of applicants will be erased after two years from the end of the recruitment process at the latest.

We assess the necessity of storing personal data on a regular basis considering the applicable law. In addition, we take reasonable measures to ensure that no incompatible, obsolete or incorrect personal data is stored considering the purposes of processing. We correct or erase such data without delay. Upon your consent we may store your personal data for a longer period and, for example, for future recruitment processes.

9. What rights do you have as a data subject?

As a data subject you have the right to

  • know whether we process data concerning you and, if so, access it and information on the processing of personal data as required by law;
  • require us to correct any inaccurate or incorrect data concerning you and to have incomplete personal data completed;
  • obtain the erasure of personal data concerning you in accordance with law (for example, when data is no longer needed and there is no lawful ground to store such data):
  • withdraw or amend the consent you have possibly given for the processing of personal data;
  • request restriction of processing of your personal data in accordance with law and, for example, when you wait for a response to your request regarding correction of your data;
  • object profiling targeted at you and, in accordance with law, other processing of personal data where processing is based on the controller’s legitimate interest;
  • have your data transmitted to another system in situations regulated by the applicable law.

A data subject may also file a complaint with the competent supervisory authority if the data controller has not complied with the data protection legislation applicable to its operations. In Finland, compliance with data protection legislation is supervised by the Data Protection Ombudsman. If you want to file a complaint with the Data Protection Ombudsman regarding processing of personal data in Premico’s operations you can contact the Data Protection Ombudsman’s office as instructed in www.tietosuoja.fi

10. Contact information
Contacts and requests related to processing of personal data in Premico’s operations or this privacy policy shall be sent to Premico’s data protection officer described in Section 2.

11. Changes to the privacy policy

If we make changes to this privacy policy we will describe and date such changes below in this policy. If the changes are significant, we may also inform about them in other ways such as via email or by publishing the change on our website. We recommend that you visit our website regularly and pay attention to possible changes in the policy.

Changes:

2.3.2023: The privacy policy has been updated to improve readability. Contact information of the data protection officer has been added. The recruitment service which is no longer used has been erased from the privacy policy.