Privacy protection policy for job applicants
We are careful with our applicants’ data. In this privacy protection policy, we explain how we ensure the confidentiality of your data when you apply for a job with us.
Below, you will find a brief summary, after which you can find further information (sections 1–10).
Questions? Don’t hesitate to send us an email at yksityisyys@rakettitiede.com.
Summary
If you have
applied for a job with us on the basis of a job advertisement,
sent us an open job application or
met us at recruitment events and authorised the event organiser to disclose your application information to us,
we store your personal data and use it for recruitment purposes. We do not use it for any other purposes (see section 4 for what data we may store on you).
We need your data for the purposes of
finding the best available experts for our team,
assessing your suitability for the job and
offering you the opportunity to fill a vacant post at a later date (with your consent).
The processing of your data is based on our legitimate interest or your consent (see section 2 for further information about the purposes of and grounds for processing).
We utilise service providers for
Receiving applications, contacting you and storing your data:
the applicant tracking system (Teamtailor),
personal communication (Google Gmail, Hubspot) and
other infrastructure (Agileday, Google Drive, Slack, Leadoo).
Your data may be transferred outside the EU (Google, see section 8 for further information about data recipients and data transfer outside the EU).
Know your rights!
You are the owner of your data. You have the right to
check your data and have incorrect data corrected,
object to the processing of your data,
request that we restrict the processing of your data,
withdraw your consent,
request that we erase your data and
lodge a complaint with a data protection authority.
(See section 5 for more detailed instructions on using your rights.)
How long we store your data
If you respond to our job advertisement, we will generally only store your application information for the period that you are involved in the recruitment process. With your consent, we will store your contact information for a longer period so that we can inform you about upcoming job opportunities (see section 2 for more on consent).
If you submit an open job application to us, we will generally store the application and your contact information for one (1) year in case a suitable position becomes available. If you decide you no longer want to apply, you can request that we erase your data at any time (see section 5 for further information).
Privacy protection policy in more detail:
1. Our role in securing your privacy
This privacy protection policy applies to you if you intend to apply or have already applied for a job with us or if we have been in contact with you after receiving your information via, for example, a recruitment event.
In this privacy protection policy, we want to offer you a clear picture of how and for what we use your data – providing you all the information we would like to be given in a similar situation.
Our responsibilities
We are the controller of your data. This means that, because we collect and store your data, we are also responsible for protecting your privacy and storing your data securely, among other things. We also ensure, to the best of our ability, that the data we store on you is correct and up to date.
Your responsibilities
It is your responsibility to familiarise yourself with this privacy protection policy. We may also update this privacy protection policy, at which point we will inform you of any changes (see section 10). Please check our most recent policy regularly.
If you have questions about anything relating to your privacy or the processing of your data, please contact us at yksityisyys@rakettitiede.com (further contact information here).
2. Purpose and basis for the processing of personal data
We use the data of job applicants for the purposes of contacting them and assessing their suitability for any positions they are applying for. The basis for this processing is our legitimate interest.
With your consent, we also collect data from your referees and store your data for future recruiting purposes. In such cases, the basis for processing is your consent.
Legitimate interest
We may only collect and store your personal data if the data we process and the ways we use said data are proportionate to its purposes. Below is a summary of our assessment of the proportionality of processing data:
You are looking for a great workplace, and we are looking for the best possible employee. Our interests therefore coincide. You are free to choose what data you give us, and we will not collect data on you from any other source without your consent. We will only continue to store your contact information after the recruitment process with your consent.
We consider the processing of data in the way described above proportionate. If you do not feel that the processing of your data is proportionate, please contact us (see also section 5 on your right to object to the processing of your data).
Consent
You can choose to give us consent to store your contact information to allow us to inform you about upcoming job opportunities. We usually request consent when you are submitting your job application or at the end of the recruiting process.
If you have appointed referees, we may ask for your consent to contact them. We will always request this consent separately.
Please also keep in mind that you can retract your consent at any time and request that we erase your data (see section 5).
3. Duration of processing
Depending on whether you have responded to our job advertisement or sent us an open application, we will store your data for a slightly different amount of time.
If you respond to our job advertisement, we will generally only store your information for the duration of your involvement in the recruitment process. After this, we will automatically erase the data required for assessing your suitability for the role and ask for your consent to continue storing your contact information for the purposes of future job opportunities (1 year). If we do not receive your consent, we will also erase your contact information. We will store email correspondence and other equivalent communications for two (2) years so that we can return to issues we have previously discussed or agreed upon if necessary.
If you send us an open application, we will generally store your contact information and said application for one (1) year in case a suitable position opens up. If you change your mind, you can request that we erase your data at any time (see section 5).
4. Data we collect
We generally receive your data from you. This data includes your
name (for identification, communication);
telephone number (for communication);
email address (for communication);
email correspondence (for communication, evidence);
photograph, if you so desire – your appearance is of no importance to us, only your skills;
letter of application (for assessing suitability);
CV (for assessing suitability);
occupation (for assessing suitability);
work history and work experience (for assessing suitability);
education, training and competences (for assessing suitability);
language skills (for assessing suitability);
other information you have chosen to include, such as hobbies, organisational activities, interests, etc. (for assessing suitability);
your LinkedIn profile or other equivalent public sources and the information therein, with your consent (for assessing suitability);
information provided by your referees, with your consent (for assessing suitability);
demonstration of skill (for assessing suitability); and
interview notes (for assessing suitability).
5. Your rights
You have the following rights concerning your data. If you wish to exercise your rights, please contact us on the matter at yksityisyys@rakettitiede.com.
Right to access and rectification
You have the right to access your data. You have the right to request clarification on whether we are processing your data if you do not know whether we are doing so. If you notice that your data contains errors or is incomplete, you can request that we correct it.
Right to object
You have the right to object to our processing of your personal data, which is based on our legitimate interest, at any time because of a specific reason related to your personal situation. In such cases, we can also restrict the processing of your data upon your request (see below) until the issue has been resolved. We may only resume the processing of your data if you provide consent for such processing or if we have a justified reason to do so.
Right to restriction of processing
You have the right to request that we restrict the processing of your data if
the data is, in your opinion, erroneous;
we are, in your opinion, processing your data illegally, but you do not want the data to be erased entirely;
we no longer require your data for its original purpose, but you require it for the purposes of preparing, presenting or defending a legal claim; or
you have objected to the processing of your data (requested that we do not process it in any way), but we are still considering our final decision.
Withdrawal of consent and erasure of data
If you have given us consent to store your contact information or to collect data from your referees, you may withdraw this consent at any time and request that we erase your data.
Right to lodge a complaint
You have the right to lodge a complaint with the Data Protection Ombudsman if you feel that we are in breach of valid data protection legislation when processing your personal data (instructions for lodging a complaint).
6. Regular data sources
We generally receive your data from you.
We may also receive data about you from your referees or from public sources (such as LinkedIn), but only if you have given us consent to use such sources. We may also receive your information from various recruitment events, either directly from you or from the event organiser if you have given the event organiser consent to disclose your information to us.
7. Disclosures
We use tools and services to store data, including personal data, in our day-to-day operations. The most important of these are the recruitment programs Teamtailor and TalentAdore, but your data will also be stored in other places. We have agreed upon the rules of processing personal data with all the parties that have access to it and ensured that they abide by data protection legislation.
Our service providers:
Applicant tracking system (Teamtailor)
Recruitment communications (Google Gmail, Hubspot)
Other infrastructure (Agileday, Google Drive, Slack, Leadfeeder, Leadoo)
We have the right to use the services of third parties in our customer communications and marketing. We may transfer your personal data (please refer to section 4) to third parties for these purposes. The third parties that we use are required to comply at least with the requirements of the EU General Data Protection Regulation (GDPR) when processing your personal data.
Our customers
We create a “Raketti CV” for the most promising consultant applicants to allow us to offer to employ the consultant in customer projects during the recruitment process. This will not happen without your knowledge, as we will always request separate consent to send such a CV to our customers.
You may otherwise also request that we erase your data if it is no longer necessary for us to store it.
8. Transfer of data outside the EU
Our service providers (Google) may transfer data outside the EU/EEA to the United States.
United States – Privacy Shield
All our service providers that transfer personal data to the United States are part of the Privacy Shield Framework between the EU and the United States. The purpose of the framework is to ensure that the data of Europeans is processed securely in the United States. Service providers certified to the framework ensure that data is processed in accordance with high European data security and privacy standards. You can view a list of certified service providers here: www.privacyshield.gov/list.
9. Principles of register security
The safe processing of your data is important to us. We protect your data by, for example, the following means:
Your data cannot be viewed by anyone who does not need to view it for the purposes of their work.
Access to your data requires a personal user ID and password.
Your data is stored on secure servers. The servers are secured effectively against both remote and physical access.
Our information system is secured by firewalls and other technical solutions.
The data is backed up regularly.
10. Changes
Changes to this privacy protection policy will be listed here.
Updated 16 February 2024