Privacy Policy for Job Applicants

In this data protection policy we explain why and how we process our job applicants’ personal data, and what their rights are.

Updated 5.4.2022.

This is a translation of the Data Protection Policy originally written in Finnish. In case of any contentual differences, the Finnish document prevails.

Register controller

H&A Team Ltd. (1780124-2)
Vernissakatu 8 A, 01300 Vantaa

Contact person in register-related matters

In charge of data protection matters

1. Register name

Job applicants of H&A Team Oy

2. What data do we collect and why?

With your consent, we process the information that you have provided on your job application submitted on our website or through other means, and that we deem necessary in the recruitment process. Such data are e.g. your contact details, date of birth, language skills, information regarding your availability, and other information you may have provided voluntarily. The information marked on the form with an asterisk is essential in assessing whether we have suitable work to offer you, and in contacting you. The form cannot be sent without providing this information. We may also collect information from your referees if you have provided their contact details.

If you are invited to a job interview, we may write down information you provide us during the interview, if we find these details necessary in the recruitment process.

3. How do we store personal data?

We store data regarding job applicants mainly in electronic form. Only those participating in recruitment have access to this information. The company server is protected with antivirus programs and a firewall. Information may also be stored as a paper document, e.g. for your job interview. These documents are kept in locked cabinets, and the keys to these cabinets have only been given to those with the permission to process personal data.

Transferring data outside of the EU/EEA

  • Data may be transferred to processors located outside of the EEA, such as a cloud service provider. In such cases we make sure that the processor is committed to guaranteeing an adequate level of data protection through, e.g., Standard Contractual Clauses (SCCs).

We store the information concerning our job applicants until the end of the next full calendar year, and then delete it.

4. What kind of rights do you have as a data subject?

The GDPR provides you with the following rights:

Access to your data you have provided us

  • You may request a copy of the data concerning you. We will deliver the information according to your wishes, either in electronic form or on paper.

Update and rectify your data

  • You can ask us to complete incomplete data or update data that is out of date.

Erase your data and be forgotten

  • You can always cancel the permission you have given and ask us to erase the data concerning you.

Transmit your data to another controller

  • You can ask us to transmit the data you have provided us to another controller of your choosing in a structured, commonly used and machine-readable format.

Restrict processing

  • In certain cases, you may request restriction of processing your data, after which we will not process your personal data, except by storing it. Please notice that in such case we will not be able to take your application into account in recruitment.

Not be subject to automated decision-making

  • We do not employ automated decision-making in our recruitment process.

If you would like to exercise your rights or would like to obtain more information about how we process personal data, you can contact the contact person in register-related matters. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the supervisory authority if you feel we do not comply with the data protection legislation. Further information is provided by the Office of the Data Protection Ombudsman.

5. What happens in case of a data breach?

A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to personal data.

In case of a data breach, we will inform you personally, if it is likely that the breach will pose a high risk to your rights and freedom.

We will inform the supervisory authority within 72 hours of noticing the data breach, if it is likely that the breach will pose a risk to the rights and freedom of a natural person.