Privacy Policy / aTalent Recruiting Oy / aTalent People Oy

General

This privacy policy describes how aTalent Recruiting Oy and/or aTalent People Oy, in the case of temporary workers ("aTalent" or "data controller"), process personal data. The privacy policy applies to job applicants and potential job applicants. A separate privacy policy applies to our websites, marketing, and customer relationship management, as well as to the products and services we offer.

We comply with applicable data protection legislation in all processing of personal data. Data protection legislation refers to the applicable data protection legislation, such as the General Data Protection Regulation (2016/679) of the European Union, the Act on the Protection of Privacy in Working Life (759/2004), and the Finnish Data Protection Act (1050/2018). Terms related to data protection that are not defined in this privacy policy are interpreted in accordance with data protection legislation.

Our services and websites may contain links to external websites and services operated by other organizations. This privacy policy does not apply to their use, so we encourage you to review the privacy policies applicable to those services separately.

"Personal data" refers to all information related to natural persons ("data subjects") that can identify a person directly or indirectly, as defined in the General Data Protection Regulation.

Data Controller and Data Protection Officer

Data Controller:aTalent Recruiting Oy / aTalent People OyBusiness ID: 1937777-2 / 2946277-8Address: Salomonkatu 17 B, 00100 HelsinkiEmail address: privacy@atalent.fiContact Information for Data Protection Matters:privacy@atalent.fi

Purposes and Legal Bases for Processing Personal Data

The purposes (and legal bases) for processing personal data are:

  • Receiving and processing job applications (legitimate interest)
  • Managing the recruitment process and other related activities (legitimate interest)
  • Providing staffing services (legitimate interest)
  • Evaluating and selecting job applicants (legitimate interest)
  • Collecting applicant profiles from public sources, e.g., LinkedIn sourcing
  • Adding applicant profiles to the candidate database (legitimate interest)
  • Conducting suitability assessments (consent)
  • Performing pre-employment actions (preparation of an employment contract)
  • Transferring applicant data to employer/client companies (consent)
  • Customer service and communication, including candidate satisfaction surveys (legitimate interest)
  • Developing the data controller's products and services (legitimate interest)
  • Marketing, including market research, promotion, analysis, and statistical purposes, and measuring marketing effectiveness (legitimate interest)
  • Direct marketing, including electronic direct marketing and telemarketing, as well as planning and measuring the effectiveness of advertising and marketing, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
  • Internal and group-level reporting and other administrative measures (legal obligation)
  • Handling legal and regulatory proceedings (legal obligation)
  • Prevention and investigation of misuse, ensuring data security, and the safety of individuals and property (legitimate interest)
  • Compliance with other legal obligations (e.g., accounting and taxation) and reporting obligations

When we process personal data based on legitimate interest, we assess the benefits and potential harm to the data subject, and we have determined that the data subject's rights and interests do not override the legitimate interest. We provide more information on legitimate interest-based processing upon request.

Processed Personal Data and Data Sources

aTalent Recruiting, rekrytointiyrityksen brändikuva

* The marked data are necessary.We primarily collect personal data from the applicant themselves:

  • From the information provided to the candidate database
  • Through job applications and interviews

We may also collect personal data from external sources when the applicant has given consent:

  • From referees provided by the applicant
  • From other sources, such as a service provider conducting suitability assessments
  • Through LinkedIn profiles and similar services where the data subject has provided their information

Retention of Personal Data

We retain personal data for three (3) years after the end of the most recent recruitment process unless the data subject has consented to the retention of their data in the candidate database for a longer period. After the end of the purpose, personal data will be deleted or anonymized within a reasonable time.

We provide more information on personal data retention practices upon request.

Recipients of Personal Data

Personal data may be transferred within companies belonging to the same group as the data controller for the purposes described in this privacy policy and in compliance with data protection legislation.

Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial management service providers, may also be involved in the processing of personal data. We ensure that the parties involved in processing personal data have agreements in place that meet the requirements of data protection legislation.

Personal data may be disclosed to third parties in situations mandated by law or by authorities, or for the investigation of misuse and to ensure safety. In addition, personal data may be disclosed in connection with legal proceedings or similar legal processes.

Personal data may be disclosed to the client company that has purchased recruitment or staffing services from aTalent.

If the data controller or a company belonging to the same group is involved in a merger, business acquisition, or other corporate arrangement, personal data may be disclosed to the parties involved or to parties assisting in the arrangement.

We provide more information on recipients of personal data upon request.

Transfer of Personal Data Outside the European Economic Area

Service providers involved in the processing of personal data may be located outside the European Union or the European Economic Area, or they may transfer personal data to so-called third countries. When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data by, among other things, agreeing on the matters related to the processing of personal data in accordance with data protection legislation, such as using standard contractual clauses approved by the European Commission or based on a decision on the adequacy of data protection by the European Commission.

We provide more information on transfers of personal data and the protective mechanisms used upon request.

Automated Decision-Making and Profiling

We do not use automated decision-making or profile our customers.

Data Protection

Data security and the protection of personal data are of utmost importance to us. We use appropriate technical and organizational safeguards to protect personal data. We also ensure the fault tolerance of our systems and the ability to recover data. Access to personal data is restricted to authorized parties only. Individuals handling personal data are bound by confidentiality regarding matters related to the processing of personal data.

Rights of Data Subjects

Data subjects have rights under data protection legislation concerning their personal data. The applicability of rights in each individual situation depends on the purpose and context of the processing of personal data.

  • Right to access personal data: The data subject has the right to receive confirmation of whether their personal data is being processed and other information required by data protection legislation about the processing of personal data. The data subject has the right to receive a copy of their personal data.
  • Right to rectification: The data subject has the right to request the correction or deletion of inaccurate or incorrect information within certain limits.
  • Right to erasure: The data subject has the right to request the erasure of their personal data in accordance with data protection legislation. Upon request, we will delete personal data unless legislation or another applicable exception under data protection legislation requires us to retain the data.
  • Right to restriction of processing: The data subject has the right to request the restriction of processing of their personal data in certain situations, as provided by data protection legislation.
  • Right to data portability: The data subject has the right to request the transfer of their personal data to another data controller. The right to data portability generally applies to personal data that the data subject has provided to the data controller in a structured and machine-readable format, and where the processing is based on the data subject's consent or a contract, and/or where the processing is carried out automatically.
  • Right to object to processing: The data subject has the right to object to the processing of their personal data based on legitimate interest, including profiling, as provided by data protection legislation. We may refuse a request if the processing is necessary to fulfill the compelling and legitimate interests of the data controller or a third party. However, the data subject always has the right to object to the processing of personal data for direct marketing purposes, including profiling related to direct marketing.
  • Right to withdraw consent: If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw their consent to the processing of their personal data. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Exercising Rights

We encourage you to contact us if you have any questions regarding the processing of your personal data.

You can send a request regarding the rights of the data subject by mail or email using the contact information provided in this privacy policy.

The identity of the person making the request may be verified before processing the request. The request will be answered within a reasonable time, generally within one month of the submission of the request and the verification of the identity of the person making the request. If the request cannot be fulfilled, the refusal will be communicated separately.

Right to File a Complaint with the Supervisory Authority

The data subject has the right to file a complaint with the competent data protection authority if the data subject believes that their personal data has been processed in violation of data protection legislation.You can find the contact details of the Finnish Data Protection Authority here.

Changes to the Privacy Policy

This privacy policy may need to be changed from time to time. Changes may also be based on amendments to data protection legislation. We encourage you to regularly check the privacy policy for changes. The latest version is available on our website.


This privacy policy was published on August 22, 2024.