Privacy Policy Template for Customers
General
This privacy policy contains information about how the employer mentioned in this statement collects and processes job seekers' personal data in Jobilla online recruiting service. This privacy policy may be updated when necessary or in connection with changes in applicable laws.
Data controller
The data controller with regards to personal data processed in accordance with this privacy policy is:
[Data Controller’s (customer’s) business name and contact details]
If you as a job seeker have privacy-related questions, please contact the above employer directly.
For what purposes does the employer collect personal data? On which grounds?
The employer collects and processes personal data only for pre-defined purposes. The main purpose for collecting and processing personal data is:
Handling recruitment projects with Jobilla, such as accepting job applications as well as evaluating and selecting candidates. The legal basis for processing personal data is especially (1) preparations made for entering into an employment agreement as well as executing the agreement, and/or (2) the person's consent.
What personal data is collected and from which sources?
The employer gets personal data primarily from the person him-/herself and with consent also from other sources.
Relating to job seekers and candidates, the employer may process especially the following personal data:
- Candidate's name, contact details, email and phone
- Other information and responses provided by the candidate through online forms or by other means, such as resume, responses given to multiple choice questions as well as open ended test responses.
Who has access to the personal data?
Primarily a candidate's personal data is processed by the employer's employees when they need to perform their work tasks relating to recruitment. The employer may also use third-party services providers, such as Jobilla. They process the data usually in the role of a data processor and they are in a contractual relationship with the employer. The confidentiality of personal data is maintained in these situations for instance by contractual means. Otherwise personal data may be transferred to a third party if required by law or by an authority or if the employer would be a party to a merger or an acquisition.
Is personal data transferred outside the European Union?
By default, personal data is not transferred outside the EU, but as some of the employer's subcontractors and services providers may be located outside of the EU, international data transfers are possible. If this happens, the employer must ensure that personal data is transferred in a legal manner with adequate safeguards, including contractual clauses and other documentation.
For how long is personal data retained?
The employer does not store the data for a longer period than is necessary. Retention periods may also be based on legal obligations or on the period for making legal claims. Personal data may also be updated, if necessary. If consent was the only basis for processing the data, the employer must delete the data after the consent is withdrawn. Data may also be deleted at request, if the employer does not have any other legal grounds for retaining the data.
How is personal data stored and kept secure?
Personal data is stored on servers, which are secured according to general industry standards and practices. Personal data is considered confidential and it is not disclosed to outsiders without sufficient legal grounds.
Is it mandatory to provide personal data? What happens if a job candidate does not give personal data to the employer?
Providing personal data in connection with an open position is not mandatory. However, if the employer does not receive necessary information, it may not be able to process the application. When a candidate concludes an employment agreement and becomes an employee, the employer needs to process certain personal data to fulfill contracts and legal rights and obligations related to employment.
What rights does the candidate have relating to his/her personal data?
Withdrawing consent
If the employer processes personal data based on consent, the candidate can at any time withdraw his/her consent by notifying the employer.
Access to data
The candidate has the right to get a confirmation if the employer is processing his/her personal data and to know what data it has about him/her. In addition, the candidate has the right to some supplemental information described in the law about the processing activities.
Right to have errors corrected
The candidate has the right to request that the employer corrects any inaccurate or outdated personal data it has about him/her.
Right to prohibit direct marketing
The candidate has the right to request that his/her personal data is not processed for direct marketing purposes.
Right to object processing
If the employer processes the candidate's personal data based on public interest or its legitimate interest, the candidate has the right to object to the processing of his/her data, to the extent that there is no such significant reason that would override his/her rights or the processing is not necessary for handling legal claims.
Right to restrict processing
In certain situations, the candidate has the right to require that the employer restricts the processing of his/her personal data.
Right to data portability
If the employer processes the candidate's personal data based on his/her consent or for fulfilling a contract, the candidate has the right to require the transfer of data he/she has provided to the employer to another service provider in a commonly used electronic format.
How can a candidate use his/her rights?
A candidate can execute and use his/her rights by contacting the employer, for instance by using the contact details given in connection with the recruiting process. In such cases, the employer must, however, verify the candidate's identity prior to fulfilling his/her rights. If the candidate considers that the processing of his/her personal data is not lawful, he/she can always also make a notification to the supervisory authority (tietosuojavaltuutettu).