Privacy Statement for Employee and Applicant Data
Updated 13 April 2022.
Privacy Statement for Employee and Applicant Data
In this privacy statement, we explain how we collect, process, disclose and protect the personal data of employees and job applicants. By personal data, we mean all the data that concerns you as an identified or identifiable natural person. This includes data such as your name, address, phone number and photo. We also explain your rights as the data subject.
Any questionnaires and feedback sent to employees may include links to other companies’ sites or services that have their own privacy policies. We recommend that you familiarize yourself with the privacy policies of such third parties.
At Raksystems, we comply with the General Data Protection Regulation of the European Union (‘EU’) and other applicable data protection legislation in our processing of personal data.
Below, you can find further information about how we process your personal data. If some matter remains unclear, please contact us for more information.
The controller of your personal data is either Raksystems Insinööritoimisto Oy or another company of the Raksystems Group (hereinafter referred to as ‘we’ or ‘the controller’) in which you are either an employee or are seeking employment.
Recipients of personal data
Your personal data is processed only by those members of the Raksystems Group who require the data for carrying out their work duties. Such persons may include payroll or HR representatives, employees (oneself and others) and, where necessary, supervisors.
Your personal data may also be transferred to contracted external service providers for processing on our behalf. For example, the HR system is maintained by an external service provider that acts as a personal data processor. In addition, data about any questionnaires and feedback forms sent to employees and the answers you provide is also processed where needed by our contract partners. Such subcontractors include, for example, IT service providers who handle technical system maintenance or processing of feedback. The service providers process your personal data in the manner specified by us; they do not have the right to use your data for their own purposes.
Purpose of personal data processing
Maintenance, administration and statistics for employment relationship-related data; business development; and maintenance, administration and statistics for information on data subjects’ areas of interest. We process the personal data of our employees in order to fulfil the rights and obligations of parties to an employment relationship, including obligations under employment law and mergers and acquisitions relating to the employer company. Furthermore, we develop and maintain our operations and the sales and marketing of our services. In addition, we collect and process your personal data to comply with statutory requirements, and your data is also processed in connection with the collection, use, processing and publication of surveys and feedback as well as for registration and participation in events. We may publish and use your feedback on our website and in newsletters, marketing, social media, internal training and operational development. We will inform you as part of a feedback survey when your response is processed anonymously or if your feedback is not published. In addition, we process personal data within our recruitment operations.
Bases for personal data processing
We process your personal data according to one of the following bases:
- a joint agreement (e.g. an employment contract).
- your consent (e.g. electronic direct marketing). In this case, you can withdraw your consent at any time.
- our legitimate interest (e.g. the transfer of your personal data within our group).
- a statutory obligation that we as a company must fulfil (e.g. our statutory obligation to retain your payroll data for accounting purposes or our obligation to comply with legal requests from public authorities).
Categories of persons in the register
Employees, regardless of the duration or form of the employment relationship. Employees also include apprentices, paid and unpaid trainees, etc. In addition, the data of former employees are retained in the system for the required retention period. Job applicants, which also includes people applying for apprenticeships and traineeships.
We only process your personal data to the extent necessary. The following data may be collected from data subjects:
- name, personal identification number and date of birth, language, photo, address, email address, and telephone number,
- name and phone number of next of kin,
- company, department, office, supervisor,
- job title, education, language skills,
- job description, including qualifications,
- performance appraisals and objectives,
- details of employment relationship and work history,
- personal identification number, accounting code,
- salary information and bank account data,
- tax information, including tax number,
- data on any debt recovery procedures,
- trade union membership (if the employee has given information about this) for the purpose of paying the membership fee,
- absence from work and reasons for absences (reason codes for sickness absences),
- accident reports,
- work tools,
- other data added to the system by the person themselves as well as data provided in the recruitment process (including attachments),
- data from third party registers stored with your consent,
- data on participation in events and training and data collected as part of registration for events or provided by the data subject themselves, such as information on special dietary requirements or allergies,
- data provided by you on interests, areas of interest, and other matters,
- other data you have provided and added, as well as attachments together with accompanying images,
- we also collect data needed for our events and trainings, such as dietary preferences and requirements. The event enrolment data you provide may include some of your health data, such as information about allergies.
- marketing materials made with your consent, such as videos,
- data you have provided in your CV and job application, including employment history, training data, qualifications, language skills and references; data stored in third-party registers with your express consent; your comments and level of satisfaction with the application process; and other data you have provided, such as your gender.
Regular sources of data
As a rule, we receive the data either from you yourself or from third party registers based on either your consent or your endorsement given in some other way.
Our main sources of data are employment contracts, concept entrepreneur agreements (konseptiyrittäjäsopimukset) and the employee database. In addition, employees can add their own data into the systems (such as Lemonsoft and Sympa) and into questionnaires and feedback forms. Other sources of data may include our website and data provided / filled in by you yourself.
For your job application, our data sources are the job application itself, related data from companies providing personnel services, your communications with us, and any other data you have provided. Your data may also be collected through our website.
Regular data disclosures and transfer of data outside the EU and European Economic Area
Data may be disclosed and transferred within the Group to perform tasks necessary for maintaining the employment relationship as well as to parties that have a statutory right to receive the data (such as the tax administration). In addition, we may disclose your personal data to a third party if necessary, such as when different reminders or prizes are sent to personnel.
As a rule, we process data within the EU and the European Economic Area. Therefore, data is not normally transferred or disclosed outside the EU and the European Economic Area unless this is necessary for processing the above-mentioned personal data, in which case we ensure an adequate level of data protection as required by legislation in general and particularly by Articles 45 to 46 of the EU General Data Protection Regulation. Please note that some of our partners may process your personal data outside the EU (e.g. Google and Facebook).
Retention period for personal data
Personal data is only retained for as long as it is needed the fulfil of the obligations arising from the employment relationship. For example, the employer is obliged to issue a work certificate upon the employee’s request for up to ten years from the termination of the employment relationship.
Principles of personal data protection
Personal data is primarily stored in an electronic format and protected by the necessary technical measures. Appropriate technical and organisational security measures are in place to protect personal data against loss, misuse, disclosure, alteration and destruction. Physical materials containing personal data are stored in locked rooms / filing cabinets which are accessible only to designated persons who are authorised to access them for work purposes. Access to databases and systems and the use of personal data is restricted to those employees, professionals and other persons employed by the controller who require access to the database in order to perform their work duties and who have the right to process such personal data for work purposes. In addition, each person can add/edit and delete their own data in the HR system. The basic data of each data subject in the HR system (such as email address and job title) is visible to anyone who has access to that system.
Rights of the data subject
The data subject has:
- the right to request from the controller access to, rectification of and erasure of personal data or restriction of processing of data concerning the data subject as well as the right to object to processing of their data and the right to data portability;
- to the extent that the processing of personal data is based on the consent of the data subject, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right not be subject to automated decision-making without a legitimate basis;
- the right to lodge a complaint with the supervisory authority concerning the processing of personal data.
Right to lodge a complaint with a supervisory authority
If you believe that we are not processing your personal data in accordance with the data protection regulations, you can lodge a complaint with the supervisory authority in the EU Member State where you have your permanent address or place of work or where you believe an infringement has occurred.
In Finland, the authority in question is the Data Protection Ombudsman
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4
Postal address: PO Box 800
Tel. (switchboard): +358 29 566 6700