General
The purpose of this privacy policy is to provide the information required by the EU General Data Protection Regulation 2016/679 on how Aiforia Technologies Oyj ("Aiforia Technologies", "we") processes personal data of its job applicants in relation to recruitment. The personal data processing of employees are described in a separate privacy policy solely directed at employees.
Data controller and contact details
Aiforia Technologies Oyj
Business ID: 2534910-2
Address: Pursimiehenkatu 29-31 D, FI-00150 Helsinki, Finland
Contact point: Service Desk
Data subjects
The data subjects are the persons who submit job applications to Aiforia Technologies and are part of the recruitment process.
Purposes and legal bases for processing personal data
| Purpose for processing | Legal basis | Categories of personal data |
| Processing personal data in order to conclude an employment contract with the selected job applicant | Processing operations performed prior to entering a contract |
|
| Processing job applicants' personal data to complete the recruitment process | Legitimate interests of the controller |
|
| Processing personal data in order to demonstrate compliance with legal obligations relating to the selection of employees and to formulate, present or defend a legal claim | Legitimate interests of the controller |
|
| Requesting job applicants to take part in evaluations or for permission to carry out the necessary background checks when applicable |
Consent of the data subject Controller's legal obligation |
|
| Contacting job applicants' referees |
Consent of the data subject (when the data subject is a job applicant) Legitimate interests of the controller (when the data subject is a referee) |
|
Categories and sources of personal data
The table below defines the categories and sources of personal data mentioned above.
| Categories of personal data | Specific description of the personal data |
| Personal information of the job applicant |
Personal data is collected from the job applicant directly and may include the following:
|
| Contact information of the job applicant |
Personal data is collected from the job applicant directly and may include the following:
|
| Information related to the competences and skills of the job applicant |
Personal data is collected from the job applicant directly or received from the interviewers, referees or aptitude assessment service providers. These may include the following:
|
| Other information |
Other information needed for recruitment purposes
|
Personal data retention periods
Personal data will be stored for a maximum of two (2) years after the submission of each job application unless the applicant has given their consent for retaining the personal data for a longer period, for example, for future recruitment purposes.
We also may store personal data for a longer period in order to demonstrate compliance with legal obligations relating to the selection of employees and to formulate, present or defend a legal claim.
Recipients of personal data
Personal data will be disclosed to our authorized users that participate in the recruitment process. Access to the personal data of job applicants is restricted and only authorized users have access to such personal data. The authorized users may be also external HR service providers.
In addition, personal data may be stored on external data storage services, such as provided by Google.
We enter into a data processing agreement with every service provider who processes personal data on our behalf. In accordance with the data protection agreement, each service provider processes personal data only to the extent necessary for the provision of that service.
In addition, we may disclose your personal data to the extent permitted and obligated by existing legislation, including in connection with business transactions, unless you deny the disclosure of your personal data. We may also transfer or disclose personal data to authorities, where required to do so by applicable laws.
Personal data transfers outside the EU/EEA
We and/or our processors may transfer personal data outside the European Union or the European Economic Area. We ensure that such transfers are subject to appropriate safeguards as required by data protection laws, such as the applicable standard contractual clauses approved by the European Commission and the applicable supplementary measures.
Security of processing
We have taken and will maintain the necessary and appropriate technical and organizational measures to ensure the security of processing and to monitor the use of personal data, such as access control and rights, event logging, protection of hardware and files, physical access restrictions, multi-factor authentication methods, encryption of sensitive data, encryption in transit, user guidelines and supervision. We also regularly perform audits of our security of processing by internal and external auditors. In addition, we have internal procedure for controlling non-conforming products and services, such as IT equipment or software components, at Aiforia.
All personnel and processors of personal data are obliged to keep personal data strictly confidential. Only authorized personnel and processors may access personal data.
Your rights as a data subject
As a data subject, you have the following data protection rights:
- Right of access: You have the right to receive information from us whether or not we are processing your personal data. If your personal data is being processed, you may request a copy of your personal data that is being processed.
- Right to rectification: You have the right to request that inaccurate or incomplete personal data relating to you be rectified or completed. This is provided, as a rule, free of charge.
- Right to erasure ("right to be forgotten"): You have the right to request the erasure of your personal data in some cases without undue delay.
- Right to restriction of processing: You can request us to restrict the processing of personal data concerning you, when it is processed with your consent.
- You may in some cases have the right to restrict the processing of your personal data.
- Right to object: You may have the right to object to the processing of your personal data in some cases. If your personal data is processed for direct marketing, such as for newsletters, you always have the right to object to the processing of your personal data.
- Right to data portability: To the extent that we process your personal data on the basis your consent and the processing is carried out automatically, you have the right obtain the personal data relating to yourself that you have provided to us in a structured, commonly used and machine-readable form, and the right to transmit this data to another controller.
- Right to withdraw consent: You have the right at any time to withdraw your consent to the processing of personal data. Withdrawal of consent has no effect on the lawfulness of processing carried out prior to withdrawal.
- Right not to be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the competent supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement, if you consider that your personal data has been processed in violation of applicable data protection laws. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact information is accessible through the following link: https://tietosuoja.fi/en/contact-information
In order to have more information of our Privacy policy, or if you wish to exercise any of the above-mentioned rights, you may contact our Service Desk