Employee Candidate Data Protection Description
European Union general data protection regulation ((EU) 2016/679) compliant version
Effective date: 25 May 2018
Data Controller: |
Siili Solutions Oyj, Finnish Business ID 1979903-5 (below also "Siili") Address: Porkkalankatu 24, 00180 Helsinki, Finland |
|
||
Contact Person in Data File Related Matters: |
Mailing address as above. |
|
||
Data File: |
Siili Solutions Oyj Employee Candidate Data File |
|
||
Data Subjects: |
Siili employee candidates and possibly referred third parties (e.g. in form of earlier employers or references or as part of recommendations) |
|
||
Legal Basis for the Processing and Purpose of Use of the Personal Data: |
Processing of personal data ("Employee Candidate Data") is based on:
The data subject may at any time withdraw the consent to which the processing of Employee Candidate Data is based on. The general purpose for processing and use of the Employee Candidate Data is fulfilling Siili open job positions by recruiting employee candidates. In detail, the purposes for processing and use of the Employee Candidate Data include the following items:
|
|
||
|
Data Content (Data Attributes): |
Identification and general recruitment related data attributes such as:
|
||
|
Sources of Personal Data: |
Employee candidates themselves and, after having informed Employee candidates and obtained their consent in advance, their former employer(s), Siili employees and external resources supporting Siili business processes (e.g. recruitment consultants), public sources (such as online profiles). |
||
|
Disclosures and Transfers of Employee Candidate Data and Transfer of Employee Candidate Data to countries outside European Union or the European Economic Area: |
Employee Candidate Data are not disclosed (to another controller for independent use unless required by the law such as to authorities) except within Siili and even then, always in accordance with applicable laws. If Employee Candidate Data is transferred to external data processors (subcontractors or vendors) to be processed on behalf of Siili, appropriate contractual arrangements (such as data processing agreements), as required by the applicable laws, are executed to secure lawful and appropriate processing of Employee Candidate Data. Personal data belonging to special categories (i.e. health data) may occasionally be included in these transfers. Employee Candidate Data may due to necessary technical and practical processing requirements be transferred outside EU and/or EEA (incl. Switzerland). Should such transfer occur, it would only be executed as allowed by and in accordance with applicable laws. Due to rarity of EU Commission adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision 2010/87/EU) would be used as appropriate and suitable safeguards for these data transfers. Copies of the standard contractual clauses would be available through the contact details mentioned above. Employee Candidate Data can be transferred from Finland to the following countries for processing: o All European Union member states; o United States of America; |
||
|
Security Principles of the Data File: |
Employee Candidate Data is protected by organisational and technical measures against accidental and/or unlawful access, alteration, and destruction or other processing including unauthorized disclosure and transfer of Employee Candidate Data. Such measures include (without limitation) proper firewall arrangements, malware detection, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained. Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing Employee Candidate Data as part of their tasks is trained and properly instructed in data protection and data security matters. |
||
|
Rights of Data Subject: |
In accordance with the law the data subject has at any time the right to:
Furthermore, the data subject may at any time withdraw the consent to which the processing of Employee Candidate Data is based on. In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined or restricted where allowed or required under the law. |
||
|
Retention period of Employee Candidate Data: |
Generally, Siili retains the Employee Candidate Data no longer than twenty-four (24) months from the earlier of:
Notwithstanding the above, if the data subject withdraws the consent for Employee Candidate Data processing, corresponding Employee Candidate Data shall be archived and used only for ensuring the rights of the data subjects and Siili as well as Siili's compliance with any other legislation applicable to the recruitment process. In this case the retention (in archive but not in any operational IT systems) shall not exceed twenty-four (24) months from the withdrawal of the consent. Notwithstanding the above, the retention may be extended due to existing or imminent need of Siili to establish, exercise or defend itself against legal claims. |
||
|
Provision of Employee Candidate Data: |
Provision of Employee Candidate Data is voluntary for employee candidate but necessary to proceed with the Siili recruitment process and to enable possible entering into an employment contract with Siili. Failing to provide Employee Candidate Data prevents or may prevent participation to Siili recruitment and entering into an employment contract as the case may be. |
||