Privacy statement for Fastroi Oy’s job applicants

The purpose of this data protection statement is to explain how Fastroi Oy handles the personal data of registered job seekers during the recruitment process. The statement provides the information required by the EU General Data Protection Regulation (679/2016) to the data subject and to the supervisory authority. Please read the privacy statement carefully in advance.

1.        Controller and contact details

Fastroi Oy, FI18515600
Länsikatu 15
80110 Joensuu
Tel. 010 327 8000

The controller is responsible for ensuring that personal data is processed in accordance with this privacy statement and data protection legislation. If you have any questions regarding this Privacy Policy or this Privacy Statement, you may contact the email address above.

2.       Collection of personal information

Personal data is collected from registered job applicants who have applied for Fastroi Oy’s vacancies or sent an open application. The registrar processes your personal data for the recruitment process, such as reviewing job applications, informing about the recruitment process and arranging job interviews. In addition, personal information is used during the employee selection process. We collect personal information from the job applicant himself, such as the job application, training and work certificates, information provided during the interview and during the employment relationship.

Personal data is also collected in connection with suitability assessments, referrer information and background checks. Data will only be collected if the job applicant has given his or her consent in accordance with the Act on the Protection of Privacy in Employment (759/2004).

In certain situations, the controller may also collect information on the job applicant from sources other than the job applicant himself / herself, in accordance with the applicable legislation, mainly with the consent of the job applicant.

For example, we collect the following information from job applicant regarding job application and the recruitment process:

Data subjectsData content
BasicName, home address, date of birth, email address, phone number, photo
Job applicationInformation relevant to the job sought, such as the applicant’s education, previous work experience, qualifications and competences, language skills and recommendations.
Suitability Assessment
The suitability assessment assesses the compatibility of the applicant with the position applied for and the organization. The assessment is submitted to the job applicant himself or herself and to Fastroi Oy.
Background AmendmentThe applicant will be subject to a background check as part of the recruitment process, such as a review of recommendations and a certificate or work certificate and, if required by the job, a review of a criminal record or credit information. The background check always takes place with the consent of the job applicant.

3.       Purpose of the processing of personal data and legal basis for the processing

The processing of personal data is based on the consent of the job applicant and the legitimate interest of the controller, which consists in the need to process personal data in the context of the recruitment process. Where processing is based on a legitimate interest, personal data shall not be collected beyond what is necessary to achieve the legitimate interest.

Data subjectsPurpose of processingBasis of processing
Basic information about the job applicant and other information that complements the recruitment process.We process the information to complete the recruitment process.Consent of the data subject or legitimate interest in making a recruitment decision.
Suitability assessment and background checkWe process the information to assess the job applicant’s suitability for the organization and the position being applied for.Consent of the data subject to determine the conditions for the performance of work tasks.
Informing about vacanciesWe retain information to inform you about vacancies.Consent of the data subject to indicate any future vacancies.

The registrar does not perform profiling, nor does automatic decision-making in recruitment.

4.       Retention period of personal data

Personal data shall be processed for as long as is necessary for the purposes defined in paragraph 3.

Task – specific applicationsPersonal data will be processed for as long as is necessary to carry out the recruitment. With the consent of the employee, the application will be kept for a longer period of time and used for other open positions, in which case the application will be kept for 24 months, after which the data will be deleted.
Open applicationsWith the consent of the data subject, personal data may be retained for a period of 6 months from the receipt of the application, after which the data will be deleted. The application can also be transferred to the assigned position if the applicant is a suitable candidate for the position in question.
Suitability assessment and background checkSuitability assessments are retained for 24 months, after which the data is deleted.
Reports for background check will be deleted immediately after the end of the recruitment process or no later than 24 months after the information is received.

5.        Recipients of personal data

Personal data is processed by Fastroi Oy’s human resources employees. The name and contact details of the jobseeker may be disclosed to the partners responsible for the suitability assessment. In these transfers of personal data, the lawfulness of the processing of personal data is ensured by an agreement between the controller and the service provider. These third parties process personal information only on our behalf.

Personal data may also be disclosed for background checks. In this case, we will only disclose personal data with the consent of the data subject.

6.       Transfer of data outside the EU

As a general rule, personal data will not be disclosed or transferred outside the European Union or the European Economic Area.

If personal data is transferred outside the European Union or the European Economic Area, we will ensure an adequate level of protection of personal data by using standard contract clauses approved by the European Commission. or the EU-US Privacy Shield Agreement to protect data transfers.

7.      Rights of the data subject

Verification of information

The data subject has the right to check what personal data about the data subject is processed. The data subject has the right to receive a copy of the personal data processed.

Correction and deletion of data

The data subject has the right to request the controller to correct, supplement or delete personal data that is incomplete, incorrect or out of date for processing.

Data transfer

The data subject has the right to request the personal data he has provided for the transfer. The data subject receives personal data about him in a commonly used format.

Withdrawal of consent

The data subject has the right to withdraw his or her consent to the processing of personal data at any stage of the processing if the personal data are processed on the basis of the data subject’s consent, without prejudice to the lawfulness of the previous processing.

Consent can be revoked by contacting

Right of opposition and restriction

The data subject has the right in certain situations to object to or restrict the processing of personal data if the processing is based on a ground relating to a legitimate interest.

Right of appeal

The data subject has the right to lodge a complaint with the supervisory authority (Data Protection Officer) if the data subject considers that the processing of his or her personal data violates the applicable data protection legislation.

The data subject may exercise his rights by contacting the data controller. Requests should be sent to the email address listed in the registrar’s contact information.

8.       Protection of personal data

The controller shall have in place appropriate technical and organizational security measures to protect personal data against loss, destruction, misuse and unauthorized access. The manually maintained material is located in lockable spaces that are not accessible to outsiders. Secure processing of electronic materials is ensured by appropriate protection, such as firewalls and other technical protections. Access to personal data is restricted to those who need it to carry out their duties, and those who process personal data are bound by professional secrecy.

9.       Changes to the Privacy Statement

We reserve the right to change and update this privacy statement as necessary. Changes and updates to the privacy statement will be announced in connection with the privacy update on the company’s recruitment website, where the latest version is always available.

We recommend that you read the contents of this privacy statement regularly.

Date of Data Protection Report: 15.6.2020