Description of recruitment data register

PERSONAL DATA ACT (523/1999) §10

CONTROLLER

Citec Group Oy Ab
P.O. Box 109
FI – 65101 Vaasa
Phone +358 6 3240 700

NAME OF THE DATA REGISTER

Recruitment data register of Citec Group Oy Ab

THE PURPOSE OF THE DATA REGISTER

The purpose of processing personal data is to gather information on persons who have applied for employment within Citec Group Oy Ab and/or any of its subsidiary companies.

The personal data is processed on the basis of connection requirement. The relationship between the controller of the register and the data subject (job applicant) is comparable to employment relationship. The connection between the data controller and the data subject is established when the data subject submits his/her job application.

THE CONTENTS OF THE DATA REGISTER

The type of personal data saved and processed are

  • Name
  • Phone number
  • Email address
  • Home address
  • Work experience and professional skills
  • Educational information
  • Possible other personal data that the job applicant has given via downloading and saving his/her CV and application letter in free form to the database
  • Assessment of the suitability of the job applicant to the applied vacancy
  • Information about the recruitment process.

REGULAR SOURCES OF INFORMATION

The regular source of personal data relating to applicants is the job applicants themselves. The information about the recruitment process is formed via the operations of Citec Group Oy Ab and its subsidiary companies.

DISCLOSURE AND TRANSFER OF DATA

The only regular destination of the disclosure is Citec Group Oy Ab and its subsidiary companies.

The data is transferred within Citec Group to countries outside the European Union or the European Economic Area only if and to the extent the data subject applies for an open position located outside the European Union or the European Economic Area. The data subjects give their consent to transfer the information by applying for the open position.

PRINCIPLES FOR PROTECTION OF THE DATA REGISTER

Data is collected into the data register located on server that is protected by firewalls, passwords and other technical measures in accordance with the controller’s principles for data protection. The server is located in Finland in locked and guarded premises and is accessed only by authorized personnel. A manual register does not exist.

The access is controlled by access rights granted and defined by the controller, username and password. Access to the data register is only granted to those employees of Citec Group Oy Ab or its subsidiary companies who are involved in the recruitment processes. The data register can be accessed only in protected Citec Group’s network.

The information in the recruitment database is treated confidentially. The information is not transferred outside Citec Group Oy Ab and its subsidiary companies, neither to those Citec Group Oy Ab or its subsidiary companies’ employees who are not involved in the recruitment processes.

The application data is removed automatically after two years from entry in the data register.

RIGHT TO RECEIVE AND INSPECT INFORMATION FROM THE DATA REGISTER

As a rule, each person shall, after having supplied sufficient identification criteria, have the right to receive and inspect such information in the data register, which relates to him/her, or to receive a notice that the data register contains no such information. Anyone who wishes to receive and inspect information relating to himself/herself, shall submit a written request to this effect to the controller as a personally signed or otherwise comparably verified document or appear personally in the premises of the controller. The contact details of the controller are included above.

RECTIFICATION OF DATA

Anyone whose personal information has been stored in the data register has the right to request rectification and/or removal of such data. A written request in this regard shall be directed to the controller by a personally signed or otherwise comparably verified document or by appearing personally in the premises of the controller. The request shall be sufficiently individualized and justified in order for the controller to process the request appropriately. The contact details of the controller are included above.