Processing of (personal) data by the entity in charge of the online application process
Data Processing by Vapaus Bikes Finland Oy
General information
This data privacy statement, which refers exclusively to data collected as part of the online application process, is to inform you about how your personal data that is collected as part of the online application process is handled at our end.
This Data Privacy Statement has been prepared so that data subjects – such as job applicants – clearly understand why and how we process their personal data in connection with the recruitment process. The statement explains, for example, what kind of data we collect, why this data is needed, what it is used for, and how we ensure secure processing.
The key objective of the statement is to highlight the controller's obligations and the data subject's rights, so that everyone can apply for open positions with confidence and be aware of how their personal data is processed. The information covers the legal bases, the duration of data storage, as well as how personal data may be utilised for future recruitment needs. In this way, we ensure transparency and responsible conduct towards all data subjects.
The Controller and contact information:
The Controller under data protection law is:
Vapaus Bikes Finland Oy
Vilhovuorenkatu 11 C, 00500 Helsinki
Business ID: 2879502-8
Data Protection Officer:
Kasper Hannula
Vilhonvuorenkatu 11 C, 00500 Helsinki
kasper@vapaus.io
Personal data collected as part of the application process
Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data. We do not request or process sensitive or special categories of personal data. However, if such data is voluntarily provided by the applicant (e.g., in a CV or cover letter), it will be processed only to the extent necessary for the recruitment process and in compliance with Article 9 GDPR.
We collect personal data from users when data subjects:
In some cases, our current employees may provide recommendations of potential job applicants. These employees may provide the personal data of such potential applicants. In such cases, the potential job applicant is considered a user within the scope of this privacy statement, and they will be informed of the processing of their data.
Fundamentals and purposes of processing personal data collected from application documents and during the application process
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process ,preparing contracts, administering onboarding and commencement of work. The processing of your personal data as an applicant for recruitment purposes is based on our legitimate interest and the preparation for the performance of a contract (GDPR Article 6(1)(b) and (f).
Personal data processed for aggregate analysis or market research are always anonymised. Such personal data cannot be used to identify a specific user. Such data are therefore not considered as personal data.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process. By submitting an application via our recruitment website, you give your consent to the processing of your personal data. The transfer to the Talent Pool is based on consent (GDPR Article 6(1)(a)).
In particular, the following data is collected during this process:
Data storage and transfers
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Personal data collected through the online application process will be stored and processed within the EU/EEA or in a third country which the European Commission has deemed to provide an adequate level of data protection, or by subcontractors who have entered into binding agreements that require full compliance with the legal basis for data transfers to third countries (for example, under the Data Privacy Framework), or by other subcontractors who have in place adequate safeguards to protect the rights of the data subjects whose data is transferred. If you would like more information about the safeguards in place, please contact us using the contact details provided in this Data Processing Statement.
Your data will be stored for a period of 90 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to store your data for 90 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool. If you do not want your personal data to be processed for this purpose (future recruitment), please contact us using the contact details provided in this Data Privacy Statement.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Transfer of Personal Data to Third Parties
We do not sell or otherwise transfer users’ personal data to third parties except for the purposes described below.
We may transfer users’ personal data:
• to our suppliers and subcontractors who act as processors and sub-processors in accordance with our instructions for the purpose of providing the service;
• to authorities or legal advisors in situations where there is suspicion of a crime or inappropriate conduct;
• to authorities, legal advisors, or other parties if required by law or an order from a competent authority.
We may transfer your personal data only to trusted third parties. We carefully select our partners to ensure that your personal data is processed in compliance with applicable data protection legislation.
We cooperate with the following types of processors: Personio as the service provider, server and web hosting companies, email service providers, video management companies, information search companies, analytics service providers, and other companies whose operations are related to the provision of the online application process.
Recruitment conducted via Personio
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
Security
Protecting privacy is important to us, and we therefore work diligently to ensure that your personal data is processed with the highest level of care. We take all measures that can reasonably be expected of us to ensure that the personal data is processed securely and in accordance with our privacy policy and the EU General Data Protection Regulation (GDPR).
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. The measures we use include, for example, data encryption, pseudonymization, firewalls, secure facilities, and systems with restricted access rights. Our security measures are designed to maintain an appropriate level of confidentiality, integrity, availability, resilience, and recoverability of data. We regularly test our service, systems, and other hardware for vulnerabilities.
Should a data breach occur despite our security measures, and if it is likely to have adverse effects on your privacy, we will notify you and any other affected parties as required by applicable legislation, as well as the competent supervisory authorities, as soon as possible. In accordance with applicable data protection laws, we will notify the Data Protection Ombudsman within no later than 72 hours of becoming aware of the data breach, if the breach is likely to pose a risk to the rights or freedoms of natural persons.
Consent of the data subject
You give your consent for the Controller to collect information about them from the referrer specified by the user. The information collected is necessary for the processing of the application and the recruitment process. The user may be asked separately for consent to carry out a separate suitability assessment.
Users have the right to withdraw their consent at any time by contacting the Controller by using the contact details provided in this Data Privacy Statement. However, exercising this right may mean that users cannot apply for a specific job or otherwise use the service.
Rights of data subjects
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), data portability (article 20 of the GDPR), and right to object (article 21 of the GDPR), and right not to be subject to automated decision-making (article 22 of the GDPR). We do not make decisions based solely on automated processing that would significantly affect your rights or obligations. Any potential personal data processing procedures are developed in such a way that no decisions of legal or contractual significance are made without human involvement. If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer.
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data if you believe that the processing is in violation of data protection legislation. The Data Protection Ombudsman supervises compliance with the regulations concerning personal data.
Contact details for Data Protection Ombudsman:
Office of the Data Protection Ombudsman
Tel. +358 29 566 6777
tietosuoja@om.fi
Cookies
When users use the service, information about the use may be stored as cookies. Cookies are passive text files that are saved in the internet browser of a device, such as a computer, mobile phone or tablet, in connection with the use of the service. We use cookies to improve users' experience of using the service and to collect information, for example, on service usage statistics. This is done to ensure, maintain and improve the operation of the service. Information collected through cookies may in some cases constitute personal data. Users can at any time prevent the use of cookies by changing the settings of their device. Blocking cookies may affect the user experience of the service, for example by preventing the use of certain features of the service.
Concluding provisions
We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
In addition to this data privacy statement, please view our general data privacy statement at https://careers.vapaus.io/en-GB/privacy-policy
General information
This data privacy statement, which refers exclusively to data collected as part of the online application process, is to inform you about how your personal data that is collected as part of the online application process is handled at our end.
This Data Privacy Statement has been prepared so that data subjects – such as job applicants – clearly understand why and how we process their personal data in connection with the recruitment process. The statement explains, for example, what kind of data we collect, why this data is needed, what it is used for, and how we ensure secure processing.
The key objective of the statement is to highlight the controller's obligations and the data subject's rights, so that everyone can apply for open positions with confidence and be aware of how their personal data is processed. The information covers the legal bases, the duration of data storage, as well as how personal data may be utilised for future recruitment needs. In this way, we ensure transparency and responsible conduct towards all data subjects.
The Controller and contact information:
The Controller under data protection law is:
Vapaus Bikes Finland Oy
Vilhovuorenkatu 11 C, 00500 Helsinki
Business ID: 2879502-8
Data Protection Officer:
Kasper Hannula
Vilhonvuorenkatu 11 C, 00500 Helsinki
kasper@vapaus.io
Personal data collected as part of the application process
Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data. We do not request or process sensitive or special categories of personal data. However, if such data is voluntarily provided by the applicant (e.g., in a CV or cover letter), it will be processed only to the extent necessary for the recruitment process and in compliance with Article 9 GDPR.
We collect personal data from users when data subjects:
- submit their job application and add their personal data either themselves or by using a third party, such as Facebook or LinkedIn
- use the online application portal to communicate with our personnel and add their personal data either themselves or by using a third party, such as Facebook or LinkedIn
- provide identifiable information about themselves in the chat service (on the website that uses the service), and this information is essential for the application process.
- - Professional experience and qualifications
- - Skills and competencies relevant to the position
- - Professional recommendations and endorsements
- - Publicly shared professional content
In some cases, our current employees may provide recommendations of potential job applicants. These employees may provide the personal data of such potential applicants. In such cases, the potential job applicant is considered a user within the scope of this privacy statement, and they will be informed of the processing of their data.
Fundamentals and purposes of processing personal data collected from application documents and during the application process
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process ,preparing contracts, administering onboarding and commencement of work. The processing of your personal data as an applicant for recruitment purposes is based on our legitimate interest and the preparation for the performance of a contract (GDPR Article 6(1)(b) and (f).
Personal data processed for aggregate analysis or market research are always anonymised. Such personal data cannot be used to identify a specific user. Such data are therefore not considered as personal data.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process. By submitting an application via our recruitment website, you give your consent to the processing of your personal data. The transfer to the Talent Pool is based on consent (GDPR Article 6(1)(a)).
In particular, the following data is collected during this process:
- - name (first and last names)
- - e-mail address
- - phone number
- - LinkedIn profile (optional)
- - channel through which you found us
Data storage and transfers
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Personal data collected through the online application process will be stored and processed within the EU/EEA or in a third country which the European Commission has deemed to provide an adequate level of data protection, or by subcontractors who have entered into binding agreements that require full compliance with the legal basis for data transfers to third countries (for example, under the Data Privacy Framework), or by other subcontractors who have in place adequate safeguards to protect the rights of the data subjects whose data is transferred. If you would like more information about the safeguards in place, please contact us using the contact details provided in this Data Processing Statement.
Your data will be stored for a period of 90 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to store your data for 90 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool. If you do not want your personal data to be processed for this purpose (future recruitment), please contact us using the contact details provided in this Data Privacy Statement.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Transfer of Personal Data to Third Parties
We do not sell or otherwise transfer users’ personal data to third parties except for the purposes described below.
We may transfer users’ personal data:
• to our suppliers and subcontractors who act as processors and sub-processors in accordance with our instructions for the purpose of providing the service;
• to authorities or legal advisors in situations where there is suspicion of a crime or inappropriate conduct;
• to authorities, legal advisors, or other parties if required by law or an order from a competent authority.
We may transfer your personal data only to trusted third parties. We carefully select our partners to ensure that your personal data is processed in compliance with applicable data protection legislation.
We cooperate with the following types of processors: Personio as the service provider, server and web hosting companies, email service providers, video management companies, information search companies, analytics service providers, and other companies whose operations are related to the provision of the online application process.
Recruitment conducted via Personio
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
Security
Protecting privacy is important to us, and we therefore work diligently to ensure that your personal data is processed with the highest level of care. We take all measures that can reasonably be expected of us to ensure that the personal data is processed securely and in accordance with our privacy policy and the EU General Data Protection Regulation (GDPR).
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. The measures we use include, for example, data encryption, pseudonymization, firewalls, secure facilities, and systems with restricted access rights. Our security measures are designed to maintain an appropriate level of confidentiality, integrity, availability, resilience, and recoverability of data. We regularly test our service, systems, and other hardware for vulnerabilities.
Should a data breach occur despite our security measures, and if it is likely to have adverse effects on your privacy, we will notify you and any other affected parties as required by applicable legislation, as well as the competent supervisory authorities, as soon as possible. In accordance with applicable data protection laws, we will notify the Data Protection Ombudsman within no later than 72 hours of becoming aware of the data breach, if the breach is likely to pose a risk to the rights or freedoms of natural persons.
Consent of the data subject
You give your consent for the Controller to collect information about them from the referrer specified by the user. The information collected is necessary for the processing of the application and the recruitment process. The user may be asked separately for consent to carry out a separate suitability assessment.
Users have the right to withdraw their consent at any time by contacting the Controller by using the contact details provided in this Data Privacy Statement. However, exercising this right may mean that users cannot apply for a specific job or otherwise use the service.
Rights of data subjects
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), data portability (article 20 of the GDPR), and right to object (article 21 of the GDPR), and right not to be subject to automated decision-making (article 22 of the GDPR). We do not make decisions based solely on automated processing that would significantly affect your rights or obligations. Any potential personal data processing procedures are developed in such a way that no decisions of legal or contractual significance are made without human involvement. If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer.
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data if you believe that the processing is in violation of data protection legislation. The Data Protection Ombudsman supervises compliance with the regulations concerning personal data.
Contact details for Data Protection Ombudsman:
Office of the Data Protection Ombudsman
Tel. +358 29 566 6777
tietosuoja@om.fi
Cookies
When users use the service, information about the use may be stored as cookies. Cookies are passive text files that are saved in the internet browser of a device, such as a computer, mobile phone or tablet, in connection with the use of the service. We use cookies to improve users' experience of using the service and to collect information, for example, on service usage statistics. This is done to ensure, maintain and improve the operation of the service. Information collected through cookies may in some cases constitute personal data. Users can at any time prevent the use of cookies by changing the settings of their device. Blocking cookies may affect the user experience of the service, for example by preventing the use of certain features of the service.
Concluding provisions
We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
In addition to this data privacy statement, please view our general data privacy statement at https://careers.vapaus.io/en-GB/privacy-policy