Privacy notice - Recruitment register - Mint of Finland

Privacy notice - Recruitment register

Last updated 22 May 2018.

1.     Data controller Mint of Finland Ltd,

Suokallionkuja 4,

01741, Vantaa, Finland

2.     Contact person in matters involving the register Minna Toiviainen

Mint of Finland Ltd,

Tel. (09) 898 274

E-mail: privacy@mint.fi

3.     Name of register Recruitment register
4.     Purpose and basis of processing personal data We process and maintain jobseekers’ personal data to fill vacant positions.

We will process your personal data based on your consent. Your data will be processed in accordance with the provisions on the protection of privacy in working life.
In this task, we maintain and process personal data about jobseekers. Your information will be processed in the following matters and activities:

  • job application process
  • possible personal assessments
  • for the selected person, checking of credit rating, personal security clearance and drug testing.

We will not process your personal data for any purposes other than those mentioned above.

5.     Data contents of the register The recruitment register includes the following information:

  • Name, contact details (such as address, e-mail and phone number)
  • information provided on the application form and its appendices (eg CV, education, work experience)
  • job application process details (incl. the processing of applications, interview information, e-mail correspondence and other communication).
  • personal assessment information
  •  for the selected person, information about whether there is an obstacle to recruit the candidate based on credit rating, personal security clearance and drug testing.
6.     Regular sources of data The information is collected from you or at your consent.
7.     Regular disclosure of data Some of the personal data may be accessible and processed by Mint of Finland’s subsidiaries, subcontractors and other service providers, including recruitment agencies to the extent needed in connection with the above said purposes. Mint of Finland ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance.
8.     Transfer of data to countries outside the EU or EEA In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.
9.     Retention period Your data will be stored for 2 years after you have been informed of the decision on selection. In case you have been selected for the position and you have accepted the position, then your data will be transferred to the employee register of Mint of Finland.
10.  Your rights The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Mint of Finland to the extent Mint of Finland acts as the controller to the personal data of the data subject in question.

–       Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.

–       Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.

–       Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.

–       Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.

–       Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.

–       Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.

The requests, including requests concerning the erasure, portability or the objection to processing shall be directed to privacy@mint.fi / contact person indicated above under section 2.

Mint of Finland will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.

In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.

11.  Data security Manual material:

Manually processed documents including information on data subjects are stored in locked up spaces so that unauthorized access is prevented.

Electronically processed data:

Databases, in which the register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.

The controller will make sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on be-half of him who have the need to access the data for the execution of the tasks assigned to them

12.  Amendments to the privacy statement This privacy statement may be amended from time to time. You can tell when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.

If we materially change the ways in which we use and disclose personal data, we will inform of it separately.