Privacy policy for personal data collected during Ponsse’s recruitment process
Ponsse Plc and/or Group companies
Business ID: 0934209-0
Ponssentie 22
FI-74200 Vieremä, Finland
Phone: +358 20 768 800,
www.ponsse.com
Ponsse Plc and/or Group companies can act as joint controllers in processing operations within Ponsse Group. Therefore, they are considered joint controllers of personal data in accordance with Article 26 of the EU General Data Protection Regulation (GDPR). Ponsse Group has prepared the documents required for joint operations between Group companies.
Ponsse's recruitment register
| Personal data | Purpose of processing | Legal grounds |
|---|---|---|
|
Basic data, including name, date of birth, service language, username and/or other unique identifier, password Contact details, including email address, telephone number, home address |
Processing job applications and maintaining contact related to the recruitment process | Our legitimate interest to process personal data to carry out the recruitment process and select a suitable employee, as well as to respond to inquiries and requests related to the recruitment process |
| Data related to the vacancy applied for, including data on the type and quality of the employment relationship, data on the person responsible for the job application process, salary request, data related to the start of employment | Processing job applications | Our legitimate interest to process personal data to carry out the recruitment process and select a suitable employee, as well as to respond to inquiries and requests related to the recruitment process |
| Data important concerning suitability and other data provided by the data subject on themselves and their background, including a photograph, data on studies and education, profession, work history (including employers, start date and duration of employment relationships, and type of tasks), linguistic skills, other special expertise, description of personal characteristics, certificates and assessments, references to portfolios and profiles available on the Internet or to other sources, as well as references and referees | Processing job applications and assessing the suitability of job applicants |
Our legitimate interest to process personal data to select a suitable employee Consent |
| Results of personal and suitability assessments and related data | Assessing the suitability of job applicants | Consent |
| Data on the progress of the recruitment process, including data on a further interview or the interruption of the recruitment process | Recruitment process management | Our legitimate interest to process personal data to carry out the recruitment process and to respond to inquiries and requests related to the recruitment process |
| Any other voluntarily provided data or other data specifically published for professional purposes, including LinkedIn profiles, or data separately collected by us with your consent | Assessing the suitability of job applicants |
Our legitimate interest to process personal data to carry out the recruitment process and select a suitable employee Consent |
Job applicants are primary sources for the data stored in the register. The data also consist of data saved during the recruitment process, where all parties participating in the recruitment process, including recruitment consultants, may be data sources. Other data sources are used within the limits set by law. If required, we also use recruitment consultants or designated referees as data sources.
By filing a job application, job applicants give a permission to collect data from profiles they have published for professional purposes to the extent that collecting data is necessary for the recruitment process and is related to assessing the applicant’s work performance considering the vacancy in question.
Personal data are used within Ponsse Group. With your consent, we may disclose data to parties that conduct aptitude tests.
We disclose personal data as permitted and/or obligated by applicable law only to parties that have the legal and/or contractual right to obtain data from the register, including TE Services and providers of legal services.
In addition, we use subcontractors in the processing of personal data in the following services:
- Recruitment services
- IT system suppliers
We have entered into the processing agreements required with our subcontractors to ensure data protection.
Personal data can be transferred outside the EU/EEA if an applicant has applied for a vacancy outside the EU/EEA or when it is necessary for the technical implementation of data processing. We take care of the appropriate protection measures related to data transfer, and we use standard contractual clauses adopted by the EU.
Only our employees who have the right to process job applicants’ data as part of their work are entitled to use databases containing personal data. The register is protected by necessary technical and organisational means. Data are collected into databases protected with usernames, passwords, firewalls and other technical means. The register is stored on the technical service provider’s secure servers, and the electronic connection is secure. The persons who process data are obliged to keep the data they can access confidential. Databases and their backup copies are located in locked facilities, and only persons designated in advance have access to the data.
We retain personal data for as long as is necessary for the purpose for which personal data are used. You can erase your personal data or request them to be erased from the recruitment system at any time. If you have not erased your data or given your permission to extend the retention period for your data, your personal data will be erased twenty-four (24) months after their creation.
If we recruit an applicant, we will retain the application data they have provided during the application process in their personnel profile in accordance with our privacy policy for employee data.
We regularly assess the need for the retention of data, considering the applicable legislation. In addition, we take reasonable measures to ensure that no data on data subjects are retained in the register that are incompatible, outdated or inaccurate with respect to the purposes of processing.
| Right | Situations |
|---|---|
| Right to access personal data saved about the data subject | Always |
| Right to request incorrect or outdated data to be rectified | Always |
| Right to request data to be erased | When a job applicant has withdrawn their consent or any of the other conditions laid down in Article 17 of the GDPR is met |
| Right to withdraw consent | When processing is based on consent |
| Right to object to the processing of data | When the processing of data is based on a legitimate interest and there is a particular personal situation, or if data is processed for the purposes of direct marketing |
| Right to request the processing of data to be restricted (e.g. for the period required to investigate and fulfil data requests) | If the accuracy of the data has been contested or any of the other conditions laid down in Article 18 of the GDPR is met |
| Right to file a complaint about the processing of personal data with the Data Protection Ombudsman | Always |
With regard to all questions and requests concerning personal data, data subjects should contact the person responsible for Ponsse’s personnel register defined in Section 2. To ensure data protection, job applicants must prove their identity when requested to do so. We will respond to requests and inquiries presented by job applicants regarding the exercise of their rights within one month.