Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland

Janne Rantala
privacy@trainero.com

Legitimate interest

The purpose of the register is the recruitment of the company’s personnel. The recruitment register has been established for the recruitment of employees for the controller.

The controller has the right to use subcontractors to manage the recruitment process. In such cases, personal data may be transferred to subcontractors to the extent necessary for the provision of services (e.g., for storing data on a third-party server on behalf of the controller).

For personal testing, psychological assessments, and similar purposes, the legal basis for processing is the consent of the data subject.

Job applicants (and employees) can reasonably expect that their personal data will be processed for the purposes described in the policy, and the processing is legitimate based on the balance of interests between the controller and the data subject, as the effect of the processing on the data subject is favorable (processing of personal data related to recruitment) and measures have been taken to protect the data subject’s interests (balancing test).

The controller has the right to process personal data based on legitimate interest, except when the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data override such interests.

Name, contact information, visual data, educational and professional information.

The controller’s personnel who need the personal data to perform their duties. Additionally, data may be disclosed to service providers who process personal data on behalf of the controller in accordance with confidentiality obligations and data protection obligations under the contract.

Personal data may also be disclosed within the limits allowed and required by the applicable legislation, for example, to authorities entitled to access the data.

Right to withdraw consent when the legal basis for processing is consent: By notifying the controller at the contact point specified in the contact information.

• Name
• Address
• Phone number
• Email address
• Photograph (or video)
• Basic education and degrees with completion dates
• Other completed training
• Skills in applications and programs, other special skills
• Language skills
• Current position (employer, job title, and job description)
• Main previous positions (employer, job title, and job description)
• References
• Possible picture of the applicant
• CV
• Other information provided by the data subject

The primary source of information stored in the register is the data subject, i.e., the job applicant. Additionally, the information consists of data recorded during the recruitment process. Other possible sources of information are used within the limits set by law.

Providing personal data is a statutory requirement necessary for the conclusion of an employment contract for the job applicant.

Personal data of registered individuals is retained in the register for 2 years from the submission of the job application, after which they are anonymized.

The information in the register is not disclosed to third parties unless it is necessary for recruitment purposes.

The data in the register is not transferred outside the EU or EEA.

All data related to the register is only in electronic form, and data is processed only electronically. Access to the register’s data is limited to those who need it for supervision, payroll, or other employment-related matters. The register is stored on a secure server located in EU.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

Access to the register’s data is limited to those who need it for recruitment-related matters. The register is stored on a secure server located in EU.

Data processed in information systems is protected from external access by network access authentication and user-specific access rights.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

The processing of personal data in recruitment does not include automated decision-making. If personal characteristics of the applicant are assessed in any part of the recruitment process that includes profiling, the specific purpose consent will be requested.

The data subject has the right to check what information is stored about them in the register. The inspection request must be made in writing by contacting the company’s customer service or from a verifiable email address.

The data subject does not have the right to transfer their data from one system to another.

Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.

A correction request must be made in writing, signed by hand, or from a verifiable email address to the company’s customer service.

The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.

The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.

The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.

The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.

If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.

You can also file a complaint in the member state where you have your permanent residence or workplace.

The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

The data subject has the right to prohibit the disclosure and processing of their data and/or to be completely forgotten after the end of the employment relationship.