Effective as of 25 March 2020
Last updated 25 March 2020
This policy describes how Pointer Potential Oy Ab (hereinafter, ”PP” or ”we”, “us”, “our”), as the Data Controller processes personal data about our customers (current and potential), suppliers, and candidates.
Pointer Potential has the following business identity code and contact information:
Business identity code
Bulevardi 5 A 7d 00120 Helsinki Finland
+358 40 024 0946
If you have any questions or comments about this policy or regarding how PP processes personal data, please contact us either via our general contact information stated above or directly to our GDPR responsible:
Phone: +358 40 024 0946
PP strives, in all our contacts, to protect the integrity of each individual when we manage, store, and handle the individual’s Personal Data. We work according to the established laws (Data Protection Act), according to GDPR (the General Data Protection Regulation) as well as complementary Finnish laws.
In this policy, PP explains how and why we collect and process Personal Data about current and potential customers, suppliers and candidates (from here on, we will refer to these categories of persons as “you”, “your”). We also outline your legal rights vis à vis PP’s processing of your Personal Data and how you should proceed to exercise these rights should you wish to do so.
WHAT IS INCLUDED IN THE TERM PERSONAL DATA? Personal Data includes all types of information which can directly or indirectly identify a person as a still living being e.g., name, contact information, personal identity number, photograph, cell phone number or e-mail address. In addition to the above examples, information which can identify a person as a professional is also Personal Data. Therefore, professional experience including titles, current and previous employers, board assignments, memberships in professional organizations, educational background, academic qualifications, employment certificates, languages, or other competences, in short, data in a CV, is also considered to be Personal Data.
2 Processing of Personal Data
2.1 In general
This policy covers all Personal Data which PP processes and which relates to PP’s current and potential customers, suppliers (or contact persons at these) or candidates. PP collects, registers, stores, organises, processes, summarises, utilises, presents, erases, or in other ways processes both personal and professional data about our professional contacts.
To you who are reading this policy, please go directly to the part in this section 2 which covers information about your specific relationship to PP, be it as a customer, as a supplier or as a candidate.
PP collects or obtains (from public sources or from recommendations from persons in our network) and stores Personal Data on appropriate contact persons or key persons at companies or organisations for our services. The Personal Data we collect and store about you is your name, your title and company or organisation which you represent, your contact details, and we register this data in our database. We collect this information with the purpose to inform you about PP, and PP’s services. The legal basis for the processing your Personal Data is legitimate interest, which we have concluded to be justifiable for this purpose.
If you or your employer chose(s) to engage PP for one of our services, we will limit the collection and registration of Personal Data to encompass such data necessary to fulfil our agreement e.g. name, title and company or organisation which you represent, contact details and possibly some additional data. We collect this data in conjunction with your approval of our letter of proposal. The processing of your Personal Data is based on legitimate interest, which enables us to fulfil our obligations to your employer as our customer, as well as safeguard our rights according to the approved proposal.
In common for individuals at current and potential customers
Personal Data will be processed by PP. Our IT-providers/sub-processors, managing our databases, will also be processing your Personal Data. We will enter into Data Processing Agreements with each one of our sub-processors thus securing that their processing of your Personal Data will follow GDPR requirements.
We will stop our processing of your Personal Data if you object to our processing and we cannot identify any legal justification for our processing, or when the purpose of our processing ceases.
PP collects and stores your Personal Data as the main contact at one of our suppliers. PP collects and stores your Personal Data for us to properly execute our agreement with the company or organisation you represent. The processing of Personal Data is based on legitimate interest enabling us to fulfil our obligations to your employer as well as safeguard our rights according to the approved agreement.
Our processing of your Personal Data will end when the purpose of our processing ceases.
Who do we consider to be candidates?
Candidates are individuals whose Personal Data is processed by PP because the individuals can be of interest for a recruiting assignment we are managing on behalf of our customer.
Our Processing of Personal Data during the recruitment phase
Your Personal Data may come to us either directly from you (by you registering your CV on our website), or by you responding to one of our recruitment ads. We collect, register and process your Personal Data for you to be a candidate and be assessed by us for one of our recruitment assignments that we manage on behalf of our customers.
Our processing of your data during the recruitment phase of the assignment is based on your active consent.
Your Personal data will be subject to our processing and we will start by assessing your background in relation to the qualifications of a recruitment assignment. If we assess your candidacy as relevant for the assignment, then we will share your Personal Data with our customer. The Personal Data that we share about you with our customer, will initially be very limited and brief (a short presentation containing your professional titles, name of employers and education).
As we progress in a recruiting assignment and you remain a candidate in the recruiting process, we will continue to expand and update our knowledge of you and to ensure that your qualifications meet the requirements of the role. We do this by (i) interviews (with you, and possible references), which are later summarised by us; and by (ii) mapping out your educational qualifications, your professional skills and personal qualities in relation to (by our customer) approved profile. We will then take references to confirm your merits and professional achievements, as well as get a good understanding of how you work. The references will be summarised by us.
Your assignment specific Personal Data will be processed by PP professionals, a prerequisite for us to deliver our recruitment service to our customer. Your assignment specific Personal Data will also be disclosed to our customer in accordance with the process description above. Your Personal Data will also be processed by our systems providers/sub-processors that manage our databases. We will enter into Data Processing Agreements with our systems providers/sub-processors thus securing that their processing of your Personal Data will follow GDPR requirements.
If you have provided us with your active consent, we will keep your Personal Data in our internal database. By being a member of our database, you can be assessed as a candidate by us and be contacted in future recruiting assignments that we see match your profile.
If you have been a candidate in one of our recruitment processes, we will erase such information about you, which we consider not to be relevant in a future recruitment assignment. Your Personal Data will be kept in our internal system until you revoke your active consent or until our purpose for storing your Personal Data ceases. We will continually erase such Personal Data about you that we consider irrelevant for future recruiting assignments.
Processing of your Personal Data if you are offered an assignment
If you are offered an assignment by one of our customers, then you will enter into an employment agreement with us. We will collect and store additional data about you which will enable us as an employer to fulfill our obligations to you as an employee.
We will inform you about our processing of your Personal Data (as an employee) when you start your employment with us and we will also, at this point, collect any necessary and additional information from you.
3 Processing which is based on active consent
You can, whenever you wish, withdraw your active consent to our processing of your Personal Data, partly or in full, by e-mailing us on: email@example.com. Once we have received your withdrawal of your active consent, we will erase your Personal Data in accordance to your specification.
4 Information security
PP takes relevant technical and organisational measures to safeguard Personal Data against unintentional or illegal acts of destruction or unintended loss, change, unauthorised spreading or accessing, especially if the processing includes the transferring of data in a network, and against any other form of illegal processing of your data. The security measures taken by us to safeguard Personal Data are in proportion to the risk of damage and in consideration of the type of protected data. We have high level of security on our computers, encrypted laptops and password protected mobile phones.
5 Your rights
5.1 The right of access to your Personal Data.
You can always ask for a copy of your Personal Data and ensure that the data is correct.
5.2 The right to rectification
You have the right to rectify faulty data about you, or update your Personal Data, as well as add data to your registered record.
5.3 The right to erasure
You have the right to ask that your Personal Data be erased if the data is no longer necessary for the purpose of our processing or if we do not have any legal requirements imposed on us to keep the data to some extent.
5.4 The right to restrict processing
You have the right to ask that the processing of your data be restricted if: (i) you consider that one or more entries of Personal Data we have about you is faulty and we need a certain amount of time to confirm this (the restriction of our processing remains while we check the data); (ii) the processing lacks legal basis or is no longer necessary for our purpose but you do not wish that your data be erased; or (iii) you object to our processing of your data and we need a certain time to verify your objection as referred to in the next paragraph 5.5 (the restriction of our processing remains for the time we need to verify the grounds for your objection).
5.5 The right to object
You have the right to object against the processing of your Personal Data when the legal basis legitimate interest (only) is being applied. When you call for your right to object, you shall specify the reason for objecting, and we will thereafter consider if your reasons behind your objection are of greater merit than the legitimate interest which we base our processing on. In those cases where you have objected to the processing of your Personal Data and if our purpose is marketing, then you have the right to, at any time, object against such processing and we will cease with the processing of your Personal Data for this purpose.
5.6 The right to data portability
You have the right to retract or transfer to another Data Controller, any Personal Data which you have registered with us and given your active consent for our processing, or Personal Data that we process about you to fulfill our contractual agreement with you. Alternatively, if technically possible, you have the right to ask us to transfer your Personal Data to another Data Controller.
5.7 The right to submit complaint to a supervisory authority (Tietosuojavaltuutetun toimisto/Office of the Data Protection Ombudsman)
If you have any questions about our policy or about your Personal Data, please email us on: firstname.lastname@example.org.