aTalent Recruiting Oy Privacy Policy

1. General

This privacy policy describes how aTalent Recruiting Oy ("aTalent" or "data controller") processes personal data. The privacy policy applies to our websites, marketing, customer relationship management, and the processing of personal data related to the products and services we offer. A separate privacy policy applies to job applicants.

We comply with applicable data protection legislation in all processing of personal data. Data protection legislation refers to the applicable data protection legislation, such as the General Data ProtectionRegulation (2016/679) of the European Union and the Finnish Data Protection Act (5.12.2018/1050). Terms related to data protection that are not defined in this privacy policy are interpreted in accordance with dataprotection legislation.

Our services and websites may contain links to external websites and services operated by other organizations. This privacy policy does not apply to their use, so we encourage you to review the privacy policies applicable to those services separately.

"Personal data" refers to all information related to natural persons ("data subjects") that can identify a person directly or indirectly, as defined in the General Data Protection Regulation.

2. Data Controller and Data Protection Officer

Data Controller: aTalent Recruiting Oy

Business ID: 1937777-2

Address: Salomonkatu 17 B, 00100 Helsinki

Email address: privacy@atalent.fi

Contact Information for Data Protection Matters: privacy@atalent.fi

3. Purposes and Legal Bases for Processing Personal Data

The purposes (and legal bases) for processing personal data are:

  • Provision of HR recruitment and staffing services, execution of customer agreements, and handling
    orders (contractual relationship or its preparation)
  • Customer service and communication, including customer satisfaction surveys (legitimate interest)
  • Development of the data controller's products and services (legitimate interest)
  • Billing and debt collection (legitimate interest)
  • Marketing, including market research, promotion, analysis, and statistical purposes, and measuring
    marketing effectiveness (legitimate interest)
  • Direct marketing, including electronic direct marketing and telemarketing, as well as planning and
    measuring the effectiveness of advertising and marketing, and combining and updating personal
    data for direct marketing purposes (legitimate interest, consent)
  • Management of stakeholder relationships, subcontracting, and cooperation with service providers
    (legitimate interest, contractual relationship or its preparation)
  • Improvement of user experience and monitoring of user traffic on our websites and other services
    (consent)
  • Internal and group-level reporting and other administrative measures (legal obligation)
  • Handling warranty and defect liability issues, complaints, and legal and regulatory proceedings
    (legal obligation)
  • Prevention and investigation of misuse, ensuring data security, and the safety of individuals and
    property (legitimate interest)
  • Compliance with other legal obligations (e.g., accounting and taxation) and reporting obligations

When we process personal data based on legitimate interest, we assess the benefits and potential harm to the data subject, and we have determined that the data subject's rights and interests do not override the legitimate interest.

We provide more information on legitimate interest-based processingupon request.

4. Processed Personal Data and Data SourcesData Group Examples of Data Content


aTalent Recruiting, rekrytointiyrityksen brändikuva

*The marked data are necessary.

We collect personal data directly from the data subject, for example, during transactions or when the data subject purchases or orders our products or services, either personally or on behalf of the organization they represent, or when the data subject visits our websites or other electronic services, subscribes to our newsletter, responds to a customer satisfaction survey, or contacts us otherwise.

We also receive personal data from other external sources, such as private registry services and registers maintained by authorities.

5. Retention of Personal Data

We retain personal data as long as necessary to fulfill the purposes defined in this privacy policy and always for the duration required by law (e.g., accounting or reporting obligations) or for the resolution of legal or similar disputes. As a general rule, we retain customer data for the current year following the last billing and for six years thereafter. After the end of the purpose, personal data will be deleted or anonymized within a reasonable time.

We provide more information on personal data retention practices upon request.

6. Recipients of Personal Data

Personal data may be transferred within companies belonging to the same group as the data controller for the purposes described in this privacy policy and in compliance with data protection legislation.

Various service providers and other third parties, such as providers of technical solutions or server space, or accounting and financial management service providers, may also be involved in the processing of personal data. We ensure that the parties involved in processing personal data have agreements in place that meet the requirements of data protection legislation.

Personal data may be disclosed to third parties in situations mandated by law or by authorities, or for the investigation of misuse and to ensure safety. In addition, personal data may be disclosed in connection withlegal proceedings or similar legal processes.

If the data controller or a company belonging to the same group is involved in a merger, business acquisition, or other corporate arrangement, personal data may be disclosed to the parties involved or to parties assisting in the arrangement.

We provide more information on recipients of personal data upon request.

7. Transfer of Personal Data Outside the European Economic Area

Service providers involved in the processing of personal data may be located outside the European Union or the European Economic Area, or they may transfer personal data to so-called third countries. When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data by, among other things, agreeing on the matters related to the processing of personal data in accordance with data protection legislation, such as using standard contractual clauses approved by the European Commission or based on a decision on the adequacy of data protection by the European Commission.

We provide more information on transfers of personal data and the protective mechanisms used uponrequest.

8. Automated Decision-Making and Profiling

We do not use automated decision-making or profile our customers.

9. Data Protection

Data security and the protection of personal data are of utmost importance to us. We use appropriatetechnical and organizational safeguards to protect personal data. We also ensure the fault tolerance of oursystems and the ability to recover data. Access to personal data is restricted to authorized parties only.Individuals handling personal data are bound by confidentiality regarding matters related to the processingof personal data.

10. Rights of Data Subjects

Data subjects have rights under data protection legislation concerning their personal data. The applicability of rights in each individual situation depends on the purpose and context of the processing of personal data.

  • Right to access personal data: The data subject has the right to receive confirmation of whether their personal data is being processed and other information required by data protection legislation about the processing of personal data. The data subject has the right to receive a copy of their personal data.
  • Right to rectification: The data subject has the right to request the correction or deletion of inaccurate or incorrect information within certain limits.
  • Right to erasure: The data subject has the right to request the erasure of their personal data in accordance with data protection legislation. Upon request, we will delete personal data unless legislation or another applicable exception under data protection legislation requires us to retain the data.
  • Right to restriction of processing: The data subject has the right to request the restriction of processing of their personal data in certain situations, as provided by data protection legislation.
  • Right to data portability: The data subject has the right to request the transfer of their personal data to another data controller. The right to data portability generally applies to personal data that the data subject has provided to the data controller in a structured and machine-readable format,
    and where the processing is based on the data subject's consent or a contract, and/or where the processing is carried out automatically.
  • Right to object to processing: The data subject has the right to object to the processing of their personal data based on legitimate interest, including profiling, as provided by data protection legislation. We may refuse a request if the processing is necessary to fulfill the compelling and legitimate interests of the data controller or a third party. However, the data subject always has the
    right to object to the processing of personal data for direct marketing purposes, including profiling related to direct marketing.
  • Right to withdraw consent: If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw their consent to the processing of their personal data. Withdrawal of consent does not affect the lawfulness of processing carried out before the
    withdrawal.

Exercising Rights

We encourage you to contact us if you have any questions regarding the processing of your personal data.

You can send a request regarding the rights of the data subject by mail or email using the contact information provided in this privacy policy.

The identity of the person making the request may be verified before processing the request. The request will be answered within a reasonable time, generally within one month of the submission of the requestand the verification of the identity of the person making the request. If the request cannot be fulfilled, the refusal will be communicated separately.

11. Right to File a Complaint with the Supervisory Authority

The data subject has the right to file a complaint with the competent data protection authority if the data subject believes that their personal data has been processed in violation of data protection legislation. You can find the contact details of the Finnish Data Protection Authority here.

12. Changes to the Privacy Policy

This privacy policy may need to be changed from time to time. Changes may also be based on amendments to data protection legislation. We encourage you to regularly check the privacy policy for changes. The latest version is available on our website.

This privacy policy was published on August 22, 2024.