DATA PROTECTION NOTICE FOR RECRUITMENT REGISTER
The purpose of this notice is to provide privacy information required by the EU General Data Protection Regulation (“GDPR”) to both the data subject and to the supervisory authority.
1. DATA CONTROLLER AND CONTACT DETAILS
August Associates Oy
Tel: +358 9 681 2560
Contact person: Andreas Lindholm
2. NAME OF THE REGISTER
The name of the register is August Associates’ recruitment register.
The register covers August Associates’ job applicants and potential candidates for employment. The processing of personal data of employees after entering into an employment or service contract is described in August Associates’ personnel data protection notice.
3. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The purpose of use (and legal basis) is:
- Identifying and evaluating candidates for potential employment, as well as for future roles that may become available (legal basis: legitimate interest of the data controller, consent of the data subject)
- Recordkeeping in relation to recruiting and hiring (legal basis: compliance with legal obligation, fulfillment of contract)
4. CATEGORIES OF PERSONAL DATA
The following categories of personal data are processed:
- Name, contact details (e-mail address, address, telephone number), age, gender, title, current employment, employment history, academic history, certificate of secondary degree education, certificate of university degree education or transcript of records, test results, language skills, other skills and achievements, positions of trust, interests and hobbies, preferences/requests related to timing of employment and salary and other information that job applicant provides on own initiative to the data controller.
- Based on consent by the job applicant, information about aptitude evaluation, references and recommendations and other similar information may also be obtained and processed.
5. SOURCES OF PERSONAL DATA AND UPDATING
Personal data is collected from the data subject itself and with the consent of the data subject from other sources.
6. RECIPIENTS AND GROUPS OF RECIPIENTS OF PERSONAL DATA
Personal data may be disclosed to authorities in statutory situations.
7. TRANSFERRING PERSONAL DATA
The data controller uses subcontractors in the processing of personal data. Personal data may be transferred to subcontractors for the purposes of e.g. providing services related to IT systems.
Personal data is primarily processed on servers within the EU/EEA. In case personal data is transferred outside the EU/EEA, appropriate measures under the GDPR are taken to ensure that personal information remains protected and secure. International transfers of personal data is done within the scope of EU-US Privacy Shield or by using EU Commission’s standard contractual clauses.
8. DATA RETENTION
Recruitment data is maintained during the recruitment process and for up to 12 months from a negative recruitment decision.
9. RIGHTS OF THE DATA SUBJECT
The data subject has the right to receive confirmation from the data controller as to whether or not personal data concerning the data subject are being processed, or whether personal data has been processed.
The data subject is entitled to receive a copy of the processed personal data and the personal data undergoing processing. The data controller may charge a reasonable administrative fee for additional copies requested by the data subject.
Furthermore, the data subject may require the transmission of the personal data, which he or she has provided to the controller in a machine-readable format based on the GDPR.
The data subject also has the right to obtain from the controller the rectification or erasure of personal data concerning him or her and the data subject has the right to prohibit the processing of personal data for direct marketing purposes. In certain cases, the data subject has also the right to request from the controller restriction of processing of personal data or otherwise object to processing.
All requests mentioned here shall be provided in writing and signed to the above-mentioned representative of the controller.
If the data subject finds the processing of his or her personal data unlawful, he or she has the right to lodge a complaint with a supervisory authority.
10. RIGHT TO WITHDRAW CONSENT
Where processing of personal data of the data subject is based on consent, the data subject shall have the right to withdraw his or her consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
11. THE PROTECTION OF THE REGISTER
The location and protection of the equipment for storing documents has been carefully maintained and the documents are stored in a secured space. The access control at the premises has been appropriately arranged.
The right to access to the documentation is within the personnel of August Associates, who have the obligation of confidentiality and whose duties include recruiting and human resource management.