JOB APPLICANTS AND RECRUITMENT INFORMATION
The purpose of this privacy statement is to provide persons who have applied or are applying for employment with Ropo Group – which comprises RopoHold Oy, Ropo Capital Oy, Ropo Finance Oy and Ropo Invest Oy (hereinafter referred to as “Ropo“) – a comprehensive picture of the personal data that Ropo collects on them, the purposes for which the data is used, and to whom the data may be disclosed. This privacy statement also provides information on the obligations and legislation that Ropo adheres to in the processing of personal data.
The privacy statement applies to all persons who have applied or are applying for employment with Ropo (hereinafter referred to as “data subject”).
1 Definition of personal data
“Personal data” means all data relating to data subjects whereby he/she may be directly or indirectly identified, as defined in the EU General Data Protection Regulation (2016/679) (“GDPR“). Data whereby the data subject may not be directly or indirectly identified is not personal data.
In processing personal data, Ropo complies with the GDPR and the Finnish Act on the Protection of Privacy in Working Life (759/2004, including amendments) (hereinafter referred to as “Privacy in Working Life Act”), as well as other applicable legislation and good data processing practices.
2 Processed categories of personal data and data content
Ropo collects and processes personal data that are necessary for recruitment purposes. This applies to both data provided by the data subjects themselves and data collected from other sources.
Ropo collects the following data for its recruitment information filing system:
2.1 Name, contact details, language proficiency, educational background, work history, references and photo of data subjects applying for a job with Ropo.
2.2 Job applications and resumes of data subjects applying for a job with Ropo (position-specific and open applications)
2.3 Other data collected in connection with recruitment processes or provided spontaneously by the data subject applying for a job with Ropo.
To assess the trustworthiness of the applicant selected for a position, Ropo performs a personal credit check with the consent of the data subject and in accordance with the provisions of the Privacy in Working Life Act.
3 Purposes of processing personal data and legal basis for processing
With regard to the recruitment process, the legal basis for processing personal data are the legitimate interests of both Ropo and the data subject. Furthermore, the data subject may give consent for their data to be retained for a period of time after the recruitment process. If the data subject is selected for a position with Ropo, the principal legal bases for processing personal data are the performance of a contract between Ropo and the data subject and the statutory obligations of Ropo.
Data retained in the filing system shall be used solely for purposes of recruitment. Furthermore, the data may be used to ensure compliance with legislation governing the relationship between Ropo and data subjects.
4 Data sources
The primary sources for data are always data subjects themselves, and unless stipulated otherwise by binding legislation, Ropo will not collect data from third parties without the consent of the data subject.
Data subjects have provided their data by filling in an electronic application form or submitting a job application to Ropo through some other channel of communication or to a recruitment service provider employed by Ropo. The credit information service by Bisnode Finland Oy is used to perform personal credit checks.
5 Storage of personal data
Ropo will store personal data for as long as is necessary for the purposes specified in this privacy statement unless the law requires the retention of personal data for a longer period of time (for example, specific legal, accounting or reporting responsibilities and obligations) or unless Ropo needs the data for drawing up or presenting a legal claim or for defending against a legal claim.
Ropo will erase applications and all personal data listed in section 2 of this privacy statement within a reasonable time after the recruitment decision. Notwithstanding the above, data subjects may request that their application and personal data listed in section 2 above be stored after the recruitment process for use in connection with other open positions. Data subjects may select one (1), three (3) or six (6) months as the period of storage.
After the storage period of personal data has expired, the data will be deleted within a reasonable time.
If the data subject is selected for a position with Ropo, the data referred to in this privacy statement may be transferred to Ropo’s filing system for employee information on the basis of the employment relationship.
6 Processors and recipients of personal data
Companies part of the Ropo Group may process the personal data in accordance with data protection legislation. All individuals involved in the processing are under an obligation of non-disclosure.
The personal data of data subjects may be disclosed to third parties, such as aptitude evaluation service providers used in the recruitment process. In addition, Ropo may transfer personal data of data subjects to service providers of information systems and other IT services.
Ropo may also be required to disclose personal data of data subjects in the event of an emergency or other unforeseen circumstances to protect human life, health and property. In addition, Ropo may be required to disclose personal data of data subjects if Ropo is involved in legal or other proceedings in dispute resolution bodies.
If Ropo is involved in a merger, business transaction or other corporate restructuring, it may be required to disclose personal data of data subjects to third parties.
The disclosure of data to a third party will mainly be done via electronic communication, but data may also be disclosed by other means, such as by telephone or by letter.
7 Transfer of personal data outside the European Union or the European Economic Area
Data will not be transferred outside the European Union or the European Economic Area.
8 Principles of personal data protection and processing security
Ropo processes personal data in a way that aims to ensure the proper security of personal data, including protection against unauthorised processing and accidental loss, destruction or damage.
Ropo uses appropriate technical and organisational protective measures to ensure this, including the following protective measures:
Ropo’s network and servers are protected by firewall and other technical measures. Data readout, transmission and deletion rights are limited by access rights and passwords. The staff have received instructions on the safe use of passwords.
Ropo will primarily store personal data in an electronic format. Data is printed only when needed, and printouts are securely destroyed immediately after processing. The staff have been instructed that the personal identity codes of data subjects shall not be unnecessarily entered in documents.
Personal data of data subjects is processed only by persons responsible for Ropo’s filing system for recruitment information, members of personnel participating in recruitment activities, and the persons responsible for entities listed in section 6 of this privacy statement.
All persons processing personal data have a confidentiality obligation, based on the Employment Contracts Act and contractual confidentiality terms, on matters pertaining to the personal data processing of data subjects.
In accordance with this privacy statement, Ropo may outsource processing of personal data to service providers or subcontractors, but Ropo, through adequate contractual obligations, shall ensure that personal data is processed properly and lawfully.
9 Rights of data subjects and realisation of rights
The data subjects have the rights guaranteed by current data protection legislation.
Right of access to data
The data subject has right of access to the data on him/herself and, at his/her request, the right to receive a copy of the data.
Requests for access must be made in writing. Signed requests for access must be addressed to the controller’s contact person referred to in section 12 of this privacy statement. The request must be accompanied by a copy of an identity document containing a signature, which verifies identity before providing the data.
Right to rectification, erasure and transfer of data
The data subject may notify the controller’s contact person mentioned in section 12 of this privacy statement of any error he/she has detected in his/her data. The controller must verify the data subject’s identity before taking action. Inaccurate data will be rectified. If the data rectification is denied, the data subject will be notified in writing.
Ropo will erase, on its own initiative or at the request of the data subject, and complete any inaccurate, unnecessary, incomplete or outdated personal data for the purpose of processing in the filing system. The data subject must contact the controller’s contact person referred to in section 12 of this privacy statement. The controller must verify the data subject’s identity before taking action.
Right to data portability, restriction of processing and object to processing
Under the current data protection legislation, the data subject has the right to request the transfer of his/her data to another controller.
In a situation where personal data suspected inaccurate cannot be rectified or erased, or there is confusion about the request to erase, the company will restrict access to the data.
The data subject has the right to object to the use of data for a particular type of processing, such as direct marketing.
10 Right to file a complaint with a supervisory authority
The data subject has the right to file a complaint with a data protection authority if the data subject considers that his/her personal data has been processed in violation of current legislation. Contact details for the supervisory authority:
Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, FI-00521 Helsinki
Switchboard: +358 29 56 66700
Fax: +358 29 56 66735
11 Contact details of the Data Protection Officer
Ropo Group’s Data Protection Officer: Arttu Rautiainen
12 Contact details of the controller
Controller: Ropo Capital Oy
Controller’s representative: Jenna Kokkonen, Ropo Group HR Administration
Contact details: firstname.lastname@example.org
Ropo Capital, P.O. Box 25, FI-70101 Kuopio
13 Changes to the privacy statement
Ropo may, if necessary, amend and update this privacy statement. The changes may also be based on amendments to data protection legislation. Data subjects will be informed of essential changes by email.
This privacy statement was published on 26.2.2019 and updated on 27th of September 2021.