Last updated: October 17, 2016
In this Section 2 we describe the personal data we collect.
When you use the Website or otherwise communicate with us, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you apply for a position with us, when you send us business inquiries or comments; and when you otherwise communicate with us.
The information you provide to us directly may include, without limitation, the following information that may, in certain circumstances, constitute personal data:
The Website may automatically collect the following information from you that in certain circumstances, alone or in connection with other data, may constitute personal data:
We use the personal data collected directly from you for the following purposes:
We use the data collected automatically for the following purposes:
We do not sell, lease, rent or otherwise disclose the personal data collected from the Website to third parties unless otherwise stated below.
The personal data collected may be disclosed in the following manner:
We may disclose personal data you provide to us on the Website with the following categories of third parties:
The data collected automatically on the Website may be disclosed to the following categories of third parties:
You have the following rights with respect to the personal data we hold about you:
The security of personal data is important to us. We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse or alteration by third parties. Despite these efforts to store personal data collected on and through the Website and otherwise by us in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.
Some elements of the Website and/or our products and services may be hosted on servers located in countries outside your own country. The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. In particular, if you are located within the European Union, please note that personal data collected by us may in some instances be transferred outside the European Union/European Economic Area. You consent to personal data about you being transferred outside your own country and, where applicable, outside the European Union.
The Website is not directed to children younger than thirteen (13) years of age. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Website and do not send any information about yourself to us.
1. DATA CONTROLLER
Suominen Oyj, (”Suominen”)
Suomisentie 11, PL 25
Suominen processes personal data pursuant to data controller’s legitimate interest as determined in article 6(1)f of the General Data Protection Regulation (EU 2016/679 “GDPR”). The legitimate interest of Suominen is the necessity of processing personal data of potential employees as well as to maintain a register of data subjects who have applied to Suominen. The application may be open or intended to a specific position.
Personal data is collected from application forms and open applications in addition to personal data acquired from interviews. The register includes:
Suominen will store all personal data collected in connection with the recruiting for up to 6 months from receiving the application. Suominen regularly review its registers in order to remove personal data where processing is no longer needed for the abovementioned purposes.
Personal data is collected directly from the applicants, their school, employment or other certificates in addition to their references, job interview, human resources department of Suominen and the supervisor making the recruiting decision.
Personal data may also be disclosed to affiliates of Suominen in other countries.
Suominen may outsource any services (or parts thereof) regarding the register to a third party. Further, Suominen may disclose personal data to relevant authorities pursuant to applicable laws.
Otherwise personal data is not disclosed to third parties.
Suominen has affiliates outside the EU/EEA region and the personal data in this register may be disclosed to such affiliates of Suominen. Other transfers outside the EU/EEA will be undertaken only within the limits permitted under the applicable data protection laws.
With respect to electronic data:
All electronically stored data is stored on servers provided by third parties. Suominen has appropriate data security measures in place in order to protect all electronic personal data. Suominen will ensure that the registers will not be subject to access by unauthorized persons or unlawful processing or other damage.
With respect to personal data on paper:
Suominen ensures that all papers containing personal data are protected in an appropriate manner and Suominen has sufficient measures in place to monitor any unauthorized access.
In case Suominen is subject to damage, destruction or other similar event that Suominen could not possibly have prevented, Suominen will notify the data subject immediately in accordance with the obligations of the applicable laws. Suominen is not, however, liable for such unpredictable events.
According to the General Data Protection Regulation, data subjects have the following rights regarding their personal data:
According to GDPR article 77, the data subject is entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by Suominen. Such complaint may be lodged in particular, in the member state of his or her habitual residence or place of work or the alleged infringement took place.
If the data subject wishes to exercise his or her rights, he or she should contact the Controller via email to firstname.lastname@example.org. Suominen will use all reasonably available resources to respond to any such request without undue delay.