Fluent Progress RT Oy’s description of the personal data file and data protection in accordance with the Personal Data Act (523/1999, sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Controller
Fluent Progress RT Oy
Torikatu 29, 80100 Joensuu
+358 29 1700 860
info@fluentprogress.fi
www.fluentprogress.fi
Contact person responsible for the register
CEO
Risto Jalovaara
Fluent Progress RT Oy
Torikatu 29, 80100 Joensuu
+358 50 603 57
risto.jalovaara@fluentprogress.fi
Name of the register
Fluent Progress RT Oy’s recruiting register
Legal basis
The legal basis for personal data processing in accordance with the EU General Data Protection Regulation (GDPR) is:
- Consent given by the data subject
- A legitimate interest of the controller (e.g. customer relationship, employment, membership)
Purpose of personal data processing
The purpose of personal data processing is to recruit new employees. Personal data is processed for evaluating the qualifications and suitability of candidates, making recruiting decisions and communication with the candidates. Data can also be, in some cases, shared with third parties, for example recruiting consultants and experts. Data is not used for automated decision-making or profiling.
Information contained in the register
Information saved in the register include:
- Name and contact information like address, email address and phone number
- Sex and date of birth
- Information used in evaluating suitability and qualifications, for example work experience, education, references, language skills and other skills
- Attachments, for example CV, application, photos
- Data formed during recruiting process, for example email correspondence, SMS and files
Data is stored for maximum of six months, unless the candidate gives their explicit permission to store their information longer to be used in future recruiting decisions.
Regular sources of information
Data saved in the register are provided by the candidates via email or phone calls.
Regular transfers of data and transfer of data outside the EU or the EEA
No regular transfers of data are made to third parties or outside EU or the EEA
Data security principles
Care will be exercised in handling the register, and data processed in information systems will be appropriately protected. When data contained in the register are stored on internet servers, the physical and digital security of the equipment is ensured in an appropriate manner. The controller ensures that the stored data and data that is critical for the security of the personal data, such as server access rights, are processed confidentially and that such data is only processed by persons whose work tasks include such processing.
Right to inspect, prohibit, modify, and delete information
All data subjects have the right to inspect the data concerning themselves that has saved in the register and to demand that any incorrect data be corrected or any incomplete information complemented. If a person wants to use their inspection right or to demand that data concerning themselves be corrected, the request must be submitted in writing to the controller. Where required, the controller has the right to ask the data subject to prove his or her identity. The controller must react to any such requests that are made by the customer within the time period specified in the GDPR (in most cases, within one month).
Other rights relating to the processing of the personal data
Data subjects have the right to request that any information concerning themselves be removed from the register (the right to be forgotten). The data subjects also have all other rights specified in the GDPR, such as restricting the processing of personal data in certain situations. Requests must be submitted in writing to the controller. Where required, the controller has the right to ask the data subject to prove his or her identity. The controller must react to any such requests made by the customer within the time period specified in the GDPR (in most cases, within one month).