1. Data controller
Punainen Risti Ensiapu Oy, business ID: 2843118-7
Sturenkatu 16, 4 th floor, 00510 Helsinki
2. Data Protection Officer contact details
tietosuoja@punainenristiensiapu.fi
3. Name of the register
Punainen Risti Ensiapu job applicant register
4. Purpose and basis for processing personal data
The purpose of processing personal data is to process job applicants’ data for recruitment purposes. The data are needed to find a suitable person for a vacancy at Punainen Risti Ensiapu or to find a suitable person for some other recruitment need. Applications can be open applications or intended for a specific vacancy.
The processing of personal data is primarily based on the job applicant’s consent. The job applicant may withdraw their consent at any time.
5. Data content of the register
- Applicant’s name and contact details, such as address, e-mail address, phone number (for identification and communication)
- Applicant’s date of birth (for statistical purposes aimed at developing recruitment)
- Information used to assess aptitude and suitability (e.g. work experience and educational background, language skills and other competence)
- Salary request
- Attachment files (e.g. CV, application, work sample, photo)
- Data generated during the recruitment process, such as e-mails, text messages, messages in instant messaging platforms, and stored files
- Assessment of the applicant’s suitability for the vacancy as well as information on personal qualities relevant to the position
- Information received from references named by the applicant on the applicant’s previous performance and suitability
- Information on the applicant’s qualifications for the vacancy
- Classifications and notes made by Punainen Risti Ensiapu
6. Personal data storage time
Applications are stored in electronic format for two years after the recruitment process has been completed. The applicant’s data are automatically deleted from the system at the end of the storage period. Any paper printouts will be destroyed immediately after the recruitment process has been completed.
7. Data sources
During the recruitment process, personal data are mainly collected from the applicants themselves. Data about job applicants may also be collected from references with the applicant’s consent. In addition, data related to the applicants may be obtained from partners carrying out personal assessments or executive searches.
Consent is not required for the controller to obtain information related to a person’s credit score or criminal record to determine the reliability of said person. The controller informs the person in advance of the acquisition of such data concerning them for the purpose of establishing reliability.
8. Recipients and processors of personal data
Designated persons participating in the recruitment process, such as supervisors and HR personnel.
The external service provider responsible for the technical maintenance of the recruitment system acts as a processor of personal data. Data may be disclosed to a partner participating in the recruitment process as the recruitment progresses.
9. Transfer of data outside the EU or EEA
The data processor may transfer personal data outside the EU/EEA in order to provide recruitment services. In this case, the data processor is obligated to use a legally valid transfer mechanism to ensure a sufficient level of data protection.
10. Register’s principles of protection
As the data controller, Punainen Risti Ensiapu is responsible for ensuring that data are processed in accordance with good data security practices. The data in the register can only be accessed by the controller and the service providers and administrators specifically authorised by it. The personal data in the register are processed only by people who participate in the different stages of the recruitment process. Data are only processed by people responsible for recruitment.
People designated by the system provider process data only to the extent necessary to maintain the service. With regard to technical maintenance, the processing of data is the responsibility of an external service provider on whose servers the data are stored. People designated by the system provider process data only within the system.
The data are processed in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked premises, and the data can only be accessed by pre-designated processors.
Only those employees who have the right to process personal data as part of their work are entitled to use systems containing personal data. Each processor has signed a non-disclosure agreement and has their own usernames and passwords for the systems.
11. Rights of the data subject
The data subject has the following rights:
- Right to access data: right to request a copy of your personal data
- Right to rectification and erasure: right to request that the data concerning them be corrected or deleted, unless the retention of data is required by applicable data protection or other regulations
- Right to restrict processing: right to request the restriction of processing their data
- Right to object to data processing right to object to the processing of your data if there are grounds for this
- Right to data portability: right to request the transfer of their data from one system to another in a machine-readable format
- Right to withdraw consent to data processing: if the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time
- Right to file a complaint with a supervisory authority: the data subject has the right to file a complaint about shortcomings in the processing of personal data with the controller, the processor or a supervisory authority.
Contacts concerning the right of access, rectification and restriction should primarily be made in writing to the e-mail address provided in section 2. The sender of the request will be asked to confirm their identity. Replies will be sent to the e-mail address registered in the job applicant register.
12. Automated decision-making
Punainen Risti Ensiapu does not make decisions based on automated processing.
The recruitment system (TalentAdore) provides an AI-based recommendation on the suitability of the applicant for the vacancy only to support the recruiter. The recommendation is based on the applicant’s application form and the information provided in the CV. The purpose of the recommendation is to facilitate the processing phase of applications as well as to highlight applicants who might otherwise be overlooked by the recruiter. The recruiter makes all decisions and choices made during the recruitment process regardless of artificial intelligence being used as a support during the processing of applications.
Approved 10 May 2023
In case of differences, the original Finnish text prevails.