Nosto Solutions Oy Bulevardi 21, 00180 Helsinki 0207354880 firstname.lastname@example.org (”we” or ”Nosto”)
Contact person for register matters
Nosto Legal Team Bulevardi 21, 00180 Helsinki 0207354880 email@example.com
Name of the register
Job Applicant Register
What is the legal basis for and purpose of the processing of personal data?
The processing of personal data is based on:
The compliance of the responsibilities and the specified rights of the controller and the data subject in accordance with the employment law;
The explicit consent of the data subject regarding the processing of his/her personal data.
The purpose of processing personal data is operations concerning our recruitment and management of the recruitment process as well as the supporting of human resources, managing the data regarding the application process of the applicants (registered) who have applied to the company, in order to ensure the possibility to contact them, and provide support to the desicion-making in hiring.
Which data do we process?
The applicant register requires processing of the following personal data of the applicants:
data subject's basic information such as *name, date of birth, gender, native language;
data subject's contact details such as private *e-mail address, *private phone number, address;
information related to the job in question such as job description, including information on the nature and type of employment, the person in charge of the recruitment process, *desired salary and details regarding commencement of employment. Further details will be provided in the job listing;
information related to suitability for the job and other relevant details (background, etc.) that the data subject has offered during the application process, such as photographs, *CV, *resume information on education, profession, work history (such as employers, commencement and duration of employment, nature of tasks), language skills, other special skills, a description of personal characteristics, different certificates and appraisals, links to online portfolios, profiles and other sources and references;
information regarding the data subject's progress in the recruitment process such as upcoming follow-up interviews or recruitment process termination;
other possible information wilfully offered by the data subject during the application process of the controller or information otherwise published specifically for professional purposes, such as their LinkedIn profile or information collected separately by the controller with the consent of the data subject.
All personal data marked with an asterisk is required in order to carry out the recruitment process.
From where do we get the data?
The primary source for the data stored in the register is the applicant in question. Other sources may be used in accordance with the law. If necessary, we may also ask information from recruitment consultants.
By applying for a job, the applicant gives a consent to the Company to gather information from their public professional profile to the extent that is necessary for deeming the suitability for the job in question.
Who do we provide or transfer data to? Do we transfer the data outside of the EU or the EEA?
We process the data by ourselves. Additionally, any information regarding the applicants that is stored in the register can be disclosed, with the applicant's consent, to companies within the corporate group in order to connect applicants with employers.
We will only disclose personal data according to current legislation to parties who have a legal and/or contractual right to receive data from the register. We may also disclose data for other purposes in accordance with Finnish legislation.
We utilise subcontractors working on our behalf to process the personal data. Additionally, we use subcontractors to process personal data for the human resources and recruitment services.
We have ensured protection of your data by making necessary contracts with the subcontractors regarding data processing. We cannot name all our subcontractors, in part due to projects in development, so only the types of subcontractors used are disclosed.
We will only share data from the register with the aforementioned third parties unless explicit consent is sought and received from the data subject.
We transfer personal data outside of the EU/EEA, namely to USA. We have ensured all appropriate protection measures regarding the transfer. We use the standard contractual clauses accepted by the EU.
How do we safeguard the data and for how long do we store it?
Databases containing personal data are available only to employees who have the right to process applicant data for the purposes of their work. The register is protected with the necessary technical and organisational precautions. The data is stored in databases that are protected with usernames, passwords, firewalls and other technical procedures. The register is stored on protected administrator servers, and the electrical connection is protected. All persons processing the data are bound by professional secrecy. The databases and their backups are kept in locked spaces and only previously specified persons have access to the data.
We assess the need for the storage of the data regularly, in accordance with the applicable legislation. Additionally, we will take all reasonable measures to ensure that data of the data subject, which is incompatible for the purposes of the processing, and which is obsolete or incorrect, are not stored to register. We rectify or destroy such data without delay.
What are your rights as a data subject?
Data subject has the right to inspect any information in the register pertaining to him/her and to demand the correction or erasure of incorrect information.
Data subject has a right in accordance with the GDPR (from 25 May 2018) to object the processing of his/her data or to request limited processing as well as the right to lodge a complaint to the authorities regarding the processing of his/her personal data.
For specific, personal reasons you have the right also to object profiling and/or other processing measures concerning you, when the processing of data is based on the recruitment. In relation with your request, the special situation to which the objecting of processing is based, must be specified. We may deny fulfilling the request only in accordance with law.
As a data subject you have the right to object the processing at any time, and it is free of charge. That includes also profiling, so far as it is related to direct marketing.
Any requests concerning the matter should be addressed in person or in writing to the contact person listed in section 2.
Nosto was born out of one idea: that every shopping experience can, and should, be personal. With the help of powerful machine learning and a team of ecommerce experts around the world, we use shopper behavioral data to create digital commerce experiences that create customers for life.
Already working at Nosto?
Let’s recruit together and find your next colleague.