Evästeiden avulla pyrimme tarjoamaan asiakkaillemme paremman käyttökokemuksen. Kun hyväksyt evästeet, pystymme kehittämään sivumme käyttäjäkokemusta, sekä räätälöimään sinulle tarkoitettuja palveluita.
Privacy statement for jobseekers
Privacy statement for jobseekers
In this policy, we explain how the data controller handles the data of job applicants. When you apply for a job at us, you can apply for a specific position or leave an open application. A person register is created from the application and other information submitted by the applicant.
1. Data controller
Lemonsoft Oyj
2017863-1
Vaasanpuistikko 20 A, 65100 VAASA
2.Contact person for the controller in matters concerning personal data registers
Lemonsoft Oyj (2017863-1)
Data Protection Officer Jaakko Suninen
Keskikatu 11 B, FI-45100 KOUVOLA
jaakko.suninen@lemonsoft.fi
3. Name of the register
Lemonsoft jobseeker register
4. Purpose and basis of processing personal data
The purpose of the processing and the grounds for processing personal data
The purpose of the register is to manage and maintain the applications of jobseekers. The personal data in the register is used to arrange interviews for job seekers, to communicate with job seekers and to carry out recruitment.
The basis for the processing of personal data is the legitimate interest of the controller and the implementation of the employment contract for those selected as employees. The controller has carried out a balance test of legitimate interest. Based on the test, the controller has concluded that a legitimate interest can be used as a basis for processing personal data.
5. Data content of the register
At the recruitment stage, only such personal data are collected in the register that are necessary to determine the suitability of the job applicant for the position for which they are applying. In the case of an open application, other information submitted by the applicant is also collected in the register.
The following data are stored in the person register:
- first and last name
- date of birth
- home address, postal code and city
- mobile and/or other phone number
- email address
- photo
- information on training and work experience: training, language skills, work experience, possible special expertise
- driving licence and access to a car
- possible referees
- the jobseeker’s wishes
- salary request
- other information provided by the applicant
- suitability assessment and other assessment
6. Retention period of personal data
The personal data of job seekers will be retained for a maximum of one (1) year after the end of the job application process. Any outdated and unnecessary data will be disposed of in an appropriate manner.
Data based on the legitimate interest of the controller may be deleted if the data subject requests the deletion of data concerning them after the end of the job application process, after all the rights and obligations of the job applicant and the controller have been fulfilled. The data can be marked as archived/inactive before the aforementioned date.
If the personal data is anonymised, the data cannot be linked to the person and, therefore, there is no defined obligation to delete the data.
7. Regular sources of information
The jobseeker’s register information is collected from the job application submitted by the jobseeker, from education, work and other certificates, and from the information provided by the jobseeker in the interview.
The data can be obtained through a recruitment company or sent by the Employment and Economic Development Centre, in all cases originally provided by the data subject themselves.
8. Regular disclosure of data
The data will be disclosed to the group companies of the controller for the purposes described in Section 4 of this Privacy Policy and to any other personal data registers of the controller’s group; the data will not be disclosed to a third party for marketing purposes or any other purposes, unless required by the authorities. However, any disclosures are always carried out in accordance with and within the limits set by data protection legislation.
9. Transfer of data outside the EU or the EEA
Personal data will not be transferred outside the EU or the EEA.
10. Principles of register protection
We respect the confidentiality of personal data. The data is stored and processed in accordance with the classification “confidential”.
The register is handled with care and the electronically stored data is protected appropriately. The data security of the equipment is taken care of appropriately. The processing of personal data is only possible for those employees to whose job description it belongs.
10.1 Manual materials
Stored in a locked space. Access to the storage facilities is restricted to data controller’s human resources management.
10.2 Electronically stored data
The information stored in the electronic register is protected by the personal usernames and passwords of the employees. The electronic register is protected by appropriate technical measures. The computers used by the employees and protected with passwords are located in locked rooms and premises monitored by access control devices. Lemonsoft Oyj is responsible for ensuring that the personal data of jobseekers are not made available to unrelated persons.
Comprehensive protection is based on user authorisation management, firewall, encryption, technical protection of databases and servers, physical protection of premises, access control, protection of data traffic and backing up of data. The equipment facilities and data are located in the data centre of the controller, the data centre of the server supplier or the data centre of a partner selected by the server supplier. The operations are supervised by the administrative controls of the service provider.
11. Profiling
The information is used to form a person’s competence profile.
12. The data subject’s right to object to processing of personal data and direct marketing
The data subject has the right to object, in relation to their specific situation, to the profiling and other processing of their personal data by the controller to the extent that the processing of data is based on the controller’s legitimate interest. The data subject may submit their objection in accordance with the Contact Us section of this Privacy Policy. The data subject must, in connection with the claim, specify the specific situation on the basis of which they object to the processing. The controller may refuse to comply with an objection on the grounds laid down by law.
The personal data of the data subject shall not be used for direct marketing.
13. Other rights of the data subject regarding processing of personal data
13.1 Right of access by the data subject (right of inspection)
The data subject has the right to access the data concerning them that is being stored in the controller’s jobseeker register. The request for inspection must be made in accordance with the Contact Us section of this Privacy Policy. The right to inspect may be denied on the grounds laid down by law. As a rule, exercising the right of inspection once a year is free of charge.
13.2 The data subject’s right to rectification, erasure or restriction of processing
Upon detecting incorrect information, the data subject may submit a request for the rectification, erasure or restriction of data, in accordance with the Contact Us section of this Privacy Policy.
The data subject also has the right to require the controller to restrict the processing of their personal data, for example in situations where the data subject is waiting for the controller’s response to a request for rectification or erasure of their data.
13.3 Right to transfer data to another system
Insofar as the data subject has themselves submitted to the register information that is processed on the basis of the consent given by the data subject or on the basis of an assignment, the data subject has the right to obtain such information, as a rule, in a machine-readable format for themselves or to be transferred to another controller.
13.4 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the controller has not complied with the applicable data protection regulations in its operations.
13.5 Other rights
If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw consent by notifying the controller thereof, in accordance with the Contact Us section of this Privacy Policy.
14. Contact
In all matters related to the processing of personal data and in situations related to the exercise of personal rights, the data subject must contact the person referred to in Section 2. The controller or the person referred to in Section 2 may, if necessary, request the data subject to specify their request in writing and, if necessary, the identity of the data subject may be verified before other measures are taken.
15. Changes to the statement
This policy will be updated if the ways or purposes of processing personal data change. Data subjects are encouraged to regularly review the content of the policy.
The policy was saved on 19 January 2023.