Privacy Statement for the Recruitment Data Register of Academic Engineers and Architects in Finland

Joint controller and contact person

Name: Academic Engineers and Architects in Finland Ratavartijankatu 2

Address: FI-00520 Helsinki, Finland

Phone:+358 9 229 121

Business ID code: 0117014-0

Contact person: Kati Johansson

E-mail address:  kati.johansson(ät)

2 Data Protection Officer

E-mail address: tietosuojavastaava(ät)

3 Data subjects

This register contains the personal data of the job applicants who participate in the recruitment process of the Academic Engineers and Architects in Finland (hereinafter the “Organisation”).

4 The purpose and legal grounds for processing personal data

The purpose of personal data processing is to implement the Organisation’s recruitment processes and to store the data of potential job applicants for subsequent recruitment purposes. Among other things, this includes the evaluation of job applicants for recruitment purposes, contacting the applicants, and other additional procedures relating to the job application process. Concerning the personal data of referees, we request that the applicants ensure their referees’ consent. Personal data processing is based on the Organisation’s justified advantage to process job seekers’ applications for the successful implementation of the recruitment process.

In cases where a potential suitability assessment is concerned, personal data processing is based on the job applicant’s consent.

5 Processing personal data

Among other personal data, the Organisation processes the following data items:

-  the job applicant’s name

-  the job applicant’s contact information (e-mail address, phone number, social media contact information)

-  the job applicant’s address and date of birth, provided that the applicant has announced these to the


-  the referees’ names and contact information

-  the applicant's previous work experience and education

-  the applicant’s photo, provided that the applicant has submitted this to the Organisation

-  the assessments, memoranda and any other corresponding information provided by the persons

participating in the Organisation’s recruitment process

-  any other additional information announced by the applicant to the Organisation.

6 Regular sources of information

Personal data is primarily collected directly from the job applicants, from the referees they have named, from recruitment companies, and from the external recruitment consultants participating in the Organisation’s recruitment process.

7 Regular hand-over and transfer of personal data

During the recruitment process, job applications and personal data may be stored in a recruitment system operating on external servers. Personal data may be handed over to recruitment consultants and recruitment companies who have made a cooperation agreement with the Organisation and have undersigned a secrecy and non-disclosure agreement, to the extent in which they participate in the job applicant’s recruitment process. Personal data will not be handed over to such consultants or companies for any other purposes than the Organisation’s recruitment process.

Personal data will not be handed over, for example, to external direct marketing companies, or for any other corresponding external purposes.

8 Transfer of data out of the EU or the EEA

Personal data will not be disclosed outside the EU or the EEA.

9 Personal data storage period

In cases where a job applicant submits to the Organisation an application for a specific task, the application with the related personal data will be stored in the Organisation’s system, in view of potential legal requirements, for a period of two years, counting from the application submission date, following which it will all be deleted. Open applications will be stored for a period of 12 months.

10 Data subjects’ rights

In accordance with the relevant data protection legislation, the data subjects have, at any time, the right to:

-  be informed on the processing of their personal data;

-  have access to their personal information and verify the correctness of the data concerning them and

processed by the Organisation;

-  demand rectification of any inaccurate or incorrect information and to have incomplete data completed;

-  demand the erasure of their personal data;

-  withdraw their consent and object to the processing of their personal data to the extent that the processing

is legally based on the data subject’s consent;

-  oppose the processing of their personal data because of a specific personal situation, to the extent in which

personal data processing is based on the Organisation’s legally justified advantage;

-  receive their information in a machine-readable format and have the right to transmit those data items to

another controller, providing that the data subject has provided the information to the Organisation themselves. The Organisation processes the information based on the data subject’s consent and the processing is conducted automatically; and

-  demand the restriction of the processing of their personal data.
Opposing the data processing, or the erasure of personal data, may lead to a situation where the job applicant in

question cannot be taken into account during the recruitment process.

The data subject must request the implementation of the above-mentioned right via the means provided in this description’s Contacts section. The Organisation has the right to request the data subject to specify their request

in writing and to verify the identity of the data subject prior to processing the request. The Organisation may reject the requests on the grounds provided in the relevant legislation.

11 Right to lodge a complaint to the supervisory authority

All data subjects have the right to lodge a complaint to the relevant supervisory authority, or to the supervisory authority of the EU member state where their place of residence or work is located, should the data subject deem that the Organisation has not processed their data in accordance with the relevant legislation.

12 Data protection

Manual materials are stored in a locked space that can be accessed by authorised persons only. The processed personal data is digitally secured and saved to the Organisation’s information system that can only be accessed by the personnel who need the information in question for their work. These persons use personal user IDs and passwords.

Personal data is encrypted when transferred to parties operating outside of the Organisation. All workstations and data storage media used by the Organisation are encrypted.

13 Contacts

Requests concerning the usage of data subjects’ rights, questions on this description and other contacts must be made via e-mail to the Data Protection Officer. A data subject may also contact the Organisation in person or in writing at the following address:

Academic Engineers and Architects in Finland Kati Johansson
Ratavartijankatu 2, 00520 Helsinki, Finland

14 Amendments to this Privacy Statement

This Privacy Statement can be updated from time to time, for example, in cases where the relevant legislation is amended. This description was most recently updated on 10/01/2019.