Privacy Policy for kood/Talent Register

Privacy Policy for kood/Talent Register 

1. Data Controller

Koodi / Sisu ry 

Business ID: 3333372-5 

laura.nykanen@koodisisu.fi 

Viestikatu 7 

70600 Kuopio 

  

Contact Person for Data Privacy Matters 

Laura Nykänen 

Viestikatu 7 

70600 Kuopio 

0408222685 

laura.nykanen@koodisisu.fi 

  

2. Register Name

kood/Talent Register 

  

3. Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes: 

  

– Evaluation and comparison of job applicants and other recruitment-related activities. 

– Fulfilment of the data controller’s and data subject’s statutory rights and obligations related to the recruitment process. 

  

Personal data is not processed for automated decision-making. 

  

4. Collected Personal Data

The kood/Talent Register contains the following personal data of students: 

  

– Basic information of the data subject (e.g., first, and last names, date of birth or personal identification number, mother tongue). 

– Contact details of the data subject (address details, phone number, email address). 

– Information related to the applied job, including details about the form and nature of the employment, the designated contact person in the recruitment process, salary expectations, information related to the commencement of employment, and other types of data as stated in the job application. 

– Information provided by the data subject to the data controller for the purpose of suitability assessment (e.g., educational information, profession, work history, language skills, special expertise, various certificates and assessments, references to information available from other sources, references, photographs, videos). 

– Information related to the progress of the recruitment process (e.g., information about follow-up interviews or the interruption of the recruitment process). 

– Other data that the data subject has voluntarily provided during the job application process or has explicitly published for professional purposes. 

  

Information about the data subject is typically obtained and collected directly from the job applicant. Data relevant to the application process may be provided to the data controller by employees or subcontractors involved in recruitment. 

  

Personal data may also be collected and updated from authorities and other third parties within the limits allowed by applicable legislation, and with the data subject’s consent when necessary for the purposes described in this policy. 

  

5. Regular Disclosures of Data

Data is not routinely disclosed to external parties. The data controller may use external subcontractors to perform tasks as described in this policy, in which case service providers act on behalf of the data controller. Subcontractors may be used, for example, for personnel, recruitment, and suitability assessment services, legal services, and services provided by an ICT system supplier, among others. 

  

6. Transfer of Data Outside the EU or the EEA

Data from the kood/Talent Register may be transferred outside the European Union or the European Economic Area when it is necessary for providing the service. When transferring personal data outside the EU or EEA, the data protection legislation requirements and the impact on the data subject’s rights and freedoms are considered, and necessary protective measures are taken. 

  

7. Principles of Personal Data Protection

Access to personal data is granted only to specific personnel employed by the data controller who need access for their tasks. Access to data is allowed only for employees of the data controller who require the data for their duties. The data controller restricts access rights to systems containing personal data and monitors their use. All personnel handling personal data are bound by confidentiality obligations. 

  

Stored personal data is kept in systems protected with firewalls, passwords, and other technical measures. Personal data is protected by the data controller against unauthorized access and against accidental or unlawful processing through adequate technical and organizational measures. 

  

8. Retention Period of Personal Data

Data of selected job applicants is retained as part of employment records. Other personal data of job applicants, including job applications, is retained as long as it is necessary for the various purposes of personal data, up to a maximum of one (1) year from the end of the application period. Open job applications are retained for a maximum of one (1) year from the beginning of the month following the receipt of the application. 

  

9. Data Subject’s Rights

The data subject has the right to access their personal data and request the transfer of data to another system. Additionally, the data subject has the right to request the correction of incorrect personal data concerning them. If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time, leading to the removal of the given consent. The data subject also has the right to request the deletion of personal data if it is no longer needed for the purposes for which it was collected. 

  

Furthermore, the data subject has the right to limit processing if the data is believed to be incorrect, processed unlawfully, or if the data subject has objected to the processing based on their specific situation. 

  

The data subject can exercise the rights by sending a written request to laura.nykanen@koodisisu.fi. 

  

The data subject has the right to file a complaint with the Data Protection Ombudsman if they suspect that Koodi / Sisu ry does not comply with the requirements and obligations of data protection regulations.