Controller
Edita Group Oyj and subsidiaries.
Contact person for register matters
Pilvi Karhu
HR Business and Development Partner
E-mail: hr.fi@editagroup.com
Name of register
JOB APPLICANT REGISTER
What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is:
- Carrying out the legal obligations and exercising specific rights of the controller or of the applicant in the field of employment law.
- The applicant has given explicit consent to the processing of his or her personal data.
The purpose of the processing of personal data is e.g. to support actions related to the recruitment process and management of the recruitment process and enable contacts regarding applications and selection processes from persons (applicants) who have applied for the positions.
What data do we process?
We process the following personal data of the job applicants in connection with the job applicant register:
- basic information of the applicant such as name, date of birth, personal identity number and/or other identifier, gender, mother tongue;
- contact information of the applicant such as private email address*, private phone number, private home address;
- information regarding the position applied for such as information of the position in question including information of the nature and type of the employment relationship and information of the contact persons designated for the application process, salary proposal/wish, information related to when the applicant could start working;
- other information that the applicant has provided of himself, his background etc. in connection with the application process, such as a photograph, study and other educational information, degrees, profession, work history (such as employers, start dates and durations of previous jobs, nature of the previous jobs), language skills, other special skills, description of personal features, different certificates and ratings, links to profiles and portfolios found on internet, referrals;
- information regarding the recruitment process of the applicant such as information of upcoming further interviews or of the interruption of the recruitment process;
- other possible information that the applicant himself or herself has provided voluntarily in connection with the recruitment process or otherwise explicitly published in for professional purposes (e.g. on LinkedIn).
Providing the information marked with an asterisk is a requirement for us to be able to move forward in the application process.
From where do we receive information?
We receive data primarily from the applicant him-/herself. We use other sources of data within the limits of the applicable laws and regulations. We also use recruiting consultants as necessary.
By submitting a job application, the job applicant consents to the collection of data from his/her professional profiles to the extent such collection is necessary taking into consideration the nature of the vacancy.
To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose personal data in accordance with the applicable laws to a party, who based on law, has a right to receive information from the register. We may also disclose information for other purposes in accordance with the legislation, including disclosing information to other group companies.
We engage subcontractors processing data on behalf of and for us. We use subcontractors in the processing of employees’ personal data for the following services:
- HR and Recruitment Services
- Legal Services
- IT Systems
We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all of our subcontractors due to e.g. HR projects and management currently in development and have thus listed the types of subcontractors.
We do not disclose the personal data in the register to third parties beside the ones specified above without the explicit separate consent of the applicant.
We do not disclose personal data outside of EU/EEA.
How do we protect the data and how long do we store them?
Only those of our employees, who due to their working duties are entitled to process employee data, have the right to use systems containing personal data. Each user has a personal username and password to the systems. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons. We also store paper copies of personal data in locked premises and the data may only be accessed by persons who are entitled to them due to their working duties.
We store the personal data for as long as is necessary for the purpose of the processing. By default the data can be used for filling vacancies during the six (6) months following their collection. The data is destroyed in three (3) years from its collection. In case the job applicant becomes an employee of the company, his/her personal data given for the application are stored as part of the employee register according to its privacy policy.
We assess the necessity of storing the data on a regular basis taking into account the applicable laws and regulations. In addition, we take all reasonable actions to ensure that no incompatible, outdated or inaccurate personal data are stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
What are your rights as an applicant?
As an applicant you have a right to inspect the personal data conserning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent. All requests concerning the matter shall be submitted in writing or in person to hr.fi@editagroup.com.
As an applicant, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to processing or request restricting the processing as well as lodge a complaint with a supervisory authority responsible for processing personal data.
