On the Road Again Oy - Job applicants' privacy statement
Note: this privacy statement is a direct translation from its Finnish equivalent. If there is a conflict between the English and Finnish version of the privacy statement, the terms determined in the Finnish privacy statement are applied.
On the Road Again Oy's group and its affiliated companies engage in the collection and processing of personal data. In this privacy statement in accordance with the General Data Protection Regulation (679/2016/EU) Articles 13 and 14 and the Data Protection Act (1050/2018), we outline what information about our job applicants we collect and process, why we do so, and how we store the data.
1. Controller and affiliated companies
The controller is On the Road Again Oy group (business ID 3131993-8).
Business address & mailing address: Lastaajankatu 5, 33560 Tampere
The following companies are part of the group:
Back In Business Oy (3089642-6)
Going Smooth Oy (3279435-1)
RestaUra Oy (3265170-5)
This is Business Oy (3244907-2)
2. Person responsible for the register
Contact:
Mirko Lännenpää (CEO / On the Road Again Oy)
mirko.lannenpaa@panchovilla.fi
050 531 9586
3. Register name
On the Road Again Ltd's job applicants' privacy statement. Job applicants refer to individuals who have applied for a job offered by a company within the group, or by a client company, either through an electronic system, application form, or other means.
4. Purpose and legal basis for the processing of personal data
The controller and its affiliated companies collect personal data from job applicants. The processing of job applicant's personal data is carried out for the purpose of managing the recruitment process and related matters. The legal basis for the processing of personal data is the legitimate interest formed by the management of the job application process and the fulfilment of the related contract.
In addition, personal data is processed for realising the controller’s job applicant communications. Communications may be targeted at job applicants, for instance, electronically, such as with an e-mail newsletter or a survey measuring applicant experience. The processing of personal data is based on the controller’s legitimate interest to notify the job applicants of the controller’s topical issues and offer benefits and information about job searches, working life and various work tasks. The job applicant has the right to forbid job applicant communications by contacting the person responsible for the recruitment process or the person responsible for the register.
5. Content of the register
The following categories of personal data are collected and processed from the registered individuals:
-
Basic personal information, such as first and last names, contact details, and nationality.
-
Education information, including degrees, special skills, competencies, language proficiency, etc.
-
Work experience, including details such as work permits, work history, and references.
-
Information related to job search and employment, such as job search status, preferences related to the job, possible personal and suitability assessment information, photograph and usability information, as well as information required for security clearance and possible interests related to job search.
-
Other information related to managing the job application, such as driver's licence information, information related to public administration service production, responses to anonymous applicant experience surveys related to operational development, information about communication permissions, and information related to additional service offerings.
-
Changes to the data of the registered individual’s above-mentioned individualised personal data categories.
6. Regular sources of personal data
Personal data concerning job applicants is primarily collected and updated from the applicants themselves, through different services used by the registered individual, such as electronic or paper job application forms utilised by the companies within the group. With the applicant's consent, personal data may also be collected and updated from other sources, such as the controller’s partners, companies offering services supporting the job search or public authorities.
Job applicant's personal data may also be collected and updated without the registered individual's consent in situations allowed by legislation.
7. Disclosures, transfers, and recipients of personal data
With the consent of the job applicant, personal data necessary for job search may be disclosed to an employer-client for whom the job applicant is a candidate. In addition, job applicant information may be disclosed to companies within the group for purposes that could promote employment.
In addition, personal data may be disclosed to such partners of the registered individual that process personal data on behalf of the controller and instructed by the data controller. In these cases, the data controller’s partner does not have the right to process the personal data on behalf of itself.
In connection with the processing of personal data, information may be transferred by the controller to entities outside the EU or EEA (e.g., cloud services; Google Drive and Microsoft OneDrive) that have committed to complying with the requirements of the General Data Protection Regulation in ways that ensure adequate data protection for the processing of personal data.
8. Data protection principles of the register
The controller has implemented appropriate technical and administrative security measures to ensure the protection of personal data. Personal data is stored both in electronic databases and manually maintained materials. Electronically processed databases are protected by firewalls, passwords, and other generally accepted technical means in the field of information security. Manually maintained and processed materials are located in premises where unauthorised access is prevented.
Only those specifically defined and identified individuals whose tasks require the processing of personal data stored in the register have access to personal data. These individuals access the system with personal user accounts within the controller's internal network.
9. Retention period of personal data
The job applicant’s personal data is stored only for as long as is required for the implementation of the purposes specified in this privacy statement, but not exceeding one year after the end of the job application or recruitment process. The one-year retention period is based on applicable statutory periods (discrimination complaint period under the Employment Contracts Act and the Non-Discrimination Act) in relevant employment situations.
10. Rights of the registered individual
In accordance with legislation, the registered individual has the right to inspect what information concerning them is stored in the personal register. Additionally, the registered individual has the right to request the correction of inaccurate information in the register or the deletion of personal data within the limits and in accordance with applicable data protection legislation. A request from the registered individual to delete personal data from the controller's system during the job application process also means the interruption of the job application process for that specific job applicant.
The request for correction of information must specify the error that needs to be corrected and indicate the correct information. Requests (including requests for data deletion) must be made in writing and sent signed to the address mentioned in section 1. The registered individual has the right to lodge a complaint with the national data protection authority (in Finland, the Data Protection Commissioner) or another data protection authority of the European Union or European Economic Area if the registered individual believes that their rights under data protection legislation have been violated.
11. Changes to the privacy statement
The controller continuously develops its business and therefore reserves the right to change this privacy statement by notifying about it through its services and websites (RestaUra privacy statements = www.restaura.fi/tietosuojaselosteet). Changes may also be based on changes in legislation. The controller recommends registered individuals to regularly review the content of the privacy statement.
This privacy statement has been updated last on 15th of February, 2024.