Last update: September 10, 2019
How we collect, process and protect the personal data of our job applicants, job candidates and employees
The controller regarding processing personal data as described in this policy is Beamex Oy Ab (hereinafter also “Beamex”, “we” or “us”):
Beamex Oy Ab
For what purposes do we collect and use your personal data?
We collect, store and use data about you only for predefined purposes. The main purposes for processing personal data are:
- Payroll and payment of salaries
- Human resources management
- Fulfilling other employment-related rights and obligations
- Appearing in corporate and marketing videos (agreed usually with an employee on a case by case basis)
What data do we collect about you and from which sources?
We collect personal data about you mainly from yourself when contacting us or data that is generated during your employment at Beamex. We also may at your consent get personal data from public sources, social media channels (e.g. LinkedIn) or from current or previous colleagues or supervisors. We may also receive personal data from a recruiting consultant or a consultant performing tests during a recruiting process. Our recruiting decisions are always based on information given by you or with your consent from other sources. Employee data is also received from tax authorities.
Job applicants typically provide us with the following data:
- Basic details (name, birth date, contact details)
- Education, work experience, skills
- Possible job application and resume
- Job applicants data relating to applying for a position
- Test data
Relating to job applicants or candidates, we may get the following data from public sources, such as LinkedIn:
- More specified data relating to education, work experience and skills
Relating to employees, we usually collect and process the following personal data:
- Data provided by the employee: name, address, phone, birth date, social security id, gender, bank account, education, degrees, performance reviews, emergency contact, external training
- Data created by the employer: start/end date of employment, group status, nature of employment contract, working time, nature of employment, pension system, collective agreement, insurance policy, cost center, department, supervisor, skills, language skills, position, position specific training, employment related documentation, internal trainings, employer’s property
- Other sources: tax data
- Content created and published when making corporate and marketing videos (if an employee appears in such)
What is the legal basis for processing your data?
We make sure that we always have a legal basis to use your personal data. We may process your personal data for various different legal reasons.
When recruiting, we may process your personal data based on making a contract and your consent. Legitimate interest is the legal basis for processing personal data when we promote open positions to people who have not specifically applied for the position. However, you can whenever you like prohibit direct marketing relating to open positions.
Relating to employees, the legal basis for processing personal data is fulfilling contracts and legal obligations related to employment and sometimes also consent.
Who uses the data and is it transferred to anyone else?
Primarily your personal data is used by our employees when they need to perform their work tasks. We may also subcontract some processing of personal data, such as the systems used for storing data (the majority of personal data is in electronic form). In these situations we make sure with contracts and otherwise that the confidentiality is maintained and personal data processed in compliance with laws. We may also transfer data to a third party if required by law or by an authority. We may also transfer personal data if we would be a party to a merger or an acquisition.
We often use service providers when recruiting people. These companies are in a contractual relationship with us and they use your personal data strictly for our benefit.
We do not sell or rent personal data for marketing purposes.
Is your data transferred outside the European Union (EU)?
By default, your data is not transferred outside the EU. However, in some situations the transfer of personal data outside the EU is possible. For instance, possible transfers could concern such situations, where some of the servers where your personal data is stored or other services providers are located outside of the EU. If this would happen, we make sure that your data is transferred and processed in a legal manner with adequate safeguards, including contractual clauses and other documentation.
How long is your personal data stored?
With your consent and choice, we store your data for 3, 6, 12 or 24 months. We store all applications for at least 3 months, as it usually takes at least that long to complete a recruitment process. Otherwise we delete the data when we no longer need it for the original purpose. Retention periods may also be based on legal obligations or on the period for making legal claims. We may also update the data if necessary. If consent was the only basis for processing the data, we delete the data after the consent is withdrawn.
We do not store your data for a longer period than necessary for their purpose or for longer than necessary for the performance of a contract. Retention periods may also be based on applicable laws, such as employment contracts act as well as bookkeeping and tax laws. We may also update the data if necessary.
How is your personal data stored and kept secure?
Your data is stored on servers, which are secured according to general industry standards and practices. We consider and keep your personal data confidential and do not disclose it to anyone else at Beamex than those who need it for their work or confidentially to our specific partners based on contracts we have made with them. Access to your personal data has been protected with user-specific logins, passwords and user rights.
All recruitment data is considered confidential, so we aim to limit the group of people who have access to applications and resumes. We also take into consideration your wishes relating to confidentiality.
Is it mandatory to provide personal data? What happens if you don’t give it to us?
In recruitment situations, it is not mandatory to provide us information. Everything happens on a voluntary basis. However, if you don’t provide necessary information, we may not be able to process your application.
When you are an employee, we need to process certain personal data to fulfill contracts and legal rights and obligations related to employment.
What rights do you have relating to your personal data?
- Withdraw your consent If we process personal data based on your consent, you can at any time withdraw your consent by notifying us, for instance by sending an email to firstname.lastname@example.org or by using the contact details below.
- Access to data You have the right to get a confirmation if we are processing your personal data and to know what data we have about you. In addition, you have the right to some supplemental information described in the law about the processing activities.
- Right to have errors corrected You have the right to request that we correct any inaccurate or outdated personal data we have about you.
- Right to prohibit direct marketing You have the right to request that your personal data is not processed for direct marketing relating to open positions by sending an email to email@example.com.
- Right to object processing If we process your personal data based on public interest or our legitimate interest, you have the right to object the processing of your data, to the extent that there is no such significant reason that would override your rights or if the processing is not necessary for handling legal claims. Please note that in this situation we may not be able to serve you anymore.
- Right to restrict processing In certain situations, you have the right to require that we restrict the processing of your personal data.
- Right to data portability If we process your personal data based on your consent or the fulfilling of a contract, you have the right to require the transfer of data you have provided to us to another service provider in a commonly used electronic format.
How can you use your rights?
You can execute and use your rights by contacting us, for instance by sending an email to firstname.lastname@example.org or if an employee, to email@example.com or contacting the HR department directly. In such cases, we ask you to provide us your name, contact details, phone number as well as a document to prove your identity (e.g. a signed request, copy of valid personal ID). If you provide a copy of your driver’s license or passport, make sure that we don’t see your social security or other details that are not necessary to identify you. If you consider that the processing of your personal data is not lawful, you can always also make a notification to the supervisory authority (data protection supervisor).
Who can you contact in privacy matters?
Beamex Oy Ab
+358 10 550 5000
Employees: In HR matters, you can contact Katja Oravala (firstname.lastname@example.org).