Controller: GEMIC Oy (2177819-6, “we” and ”us”), Mikonkatu 17, 00100 Helsinki
Tel: 050 361 4650, E-mail: firstname.lastname@example.org
Controller’s contact person: Eelis Nguyen, Mikonkatu 17, 00100 Helsinki
Tel: 040 507 9070, E-mail: email@example.com
Name of register: Job applicant register.
WHAT PERSONAL DATA WE COLLECT
Personal data is in most cases collected directly from you when you apply for a job at our company. We collect and store personal data such as:
- Contact information: phone number, post address, email address
- Work history
- Educational history
- Personal interests
- Portrait photo
- Emails and communications
We may also collect personal data about you from third parties, such as professional recruiting firms, your references, prior employers, and Gemic employees with whom you have interviewed. We may collect sensitive personal data via photographs such as ethnicity etc., if you have given explicit consent to the processing of photograph by sending a photograph to us in your application.
HOW WE MAY USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO
Evaluating your fit for potential employment and improving our recruitment process (data subject consent)
We use your personal data to evaluate your fit for potential employment, as well as for future roles that may become available. We may also use your personal data to improve our recruitment process and our ability to attract appropriate candidates.
You are not required to provide any requested information to us, but not doing so may result in not being able to continue your candidacy for the job for which you have applied.
Defending against possible claims (legitimate interest)
We store your personal data and the details of the recruitment process in order to defend against possible claims.
WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO and do we transfer data TO third countries
We store and share your personal data with others such as third party IT service providers. We have entered into agreements with selected service providers, which include processing of personal data on behalf of us.
We may also transfer personal data to organisations in countries outside of the European Economic Area. These countries consist of the United States of America (USA), Chile, Singapore and Taiwan. These transfers are protected by virtue of the following:
- the EU Commission has decided that the data processor has an adequate level of protection; and
- other appropriate safeguards have been taken, for example the use of the standard, written contractual clauses (EU model-clauses) approved by the EU Commission.
HOW LONG WE PROCESS YOUR DATA
We will keep your data for as long as they are needed for the purposes for which your data was collected and processed.
This means that we keep your data for as long as necessary for the successful performance of the recruitment process. We hold it appropriate to store and process your data after the recruitment process has ended in order to evaluate your fit for future roles that may become available and in order to defend ourselves against possible claims. Hence we may keep your data up to two (2) years from the time we received them. At any given moment throughout the lifecycle of your data, you have the right to exercise your rights as mentioned in section 9.
HOW WE PROTECT YOUR PERSONAL DATA
All authorized users, Gemic employees and possible third party service providers are required to treat personal data as confidential. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction. The personal data is primarily stored in electronic systems that can only be accessed by authorized users. Authorized users are those Gemic employees who have a legitimate reason for processing personal data. Authorized users must enter their individual, unique login credentials and passwords to access the systems. The personal data is stored in databases that are protected by firewalls, passwords and other methods. The databases and their backup copies are located in restricted areas where only authorized personnel can enter.
Data in printed format is also processed only by authorized users. Authorized users are required to treat personal data as confidential. Data in printed format is handled with caution and care, and stored in spaces that can be only be accessed by authorized users. Data in printed format is disposed after the recruitment process in question in a confidential manner.
YOUR PRIVACY RIGHTS
You as a data subject have rights in respect of personal data we hold on you. You have the following rights;
- request access to your personal data. You have a right to access the personal data we are keeping about you.
- request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.
- request erasure. You have the right request erasure of your data in case:
- you object to the processing and there is no justified reason for continuing the processing;; or
- processing is unlawful.
- limitation of the processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.
- If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.
- object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.
- data portability. You have a right to receive the personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis of consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
CONTACTING US AND THE DATA PROTECTION AUTHORITY
You can also lodge a complaint or contact the Data Protection Ombudsman.