Job applications – privacy policy

EU General Data Protection Regulation (679/2016) and Personal data act (523/1999)

Date: 22 May, 2018

1. Controller
Finnish Meteorological Institute
P.O.Box 503
FI-00101 Helsinki
tel. +358 29 539 2141
kirjaamo@fmi.fi

2. Contact person
Suvi Piiroinen
tel. +358 29 539 4013
suvi.piiroinen@fmi.fi

3. Data protection officer
Maija-Liisa Honkola
tel. +358 29 539 6485
maija-liisa.honkola@fmi.fi

4. Register
The Valtiolle.fi recruitment system's personal data register

5. The purpose of processing personal data
The processing of applications relating to recruitment at the Finnish Meteorological Institute and the administration of the recruiter's access rights.

6. The legal basis of data processing
The processing of personal data is contingent on the data subject's consent.
The recruiter's right of access to personal data is based on legislation (State Civil Servants' Act, Section 14).

7. Filing system data content
Information relating to the applications: applicant's personal identification information (name, address, telephone number, gender, other possible contact details), personal data submitted by the applicant such as information relating to education and employment, other information supporting the application such as curriculum vitae, school reports, employment certificates, references listed by the applicant, other necessary information relating to the job application and the terms of filling the position.

Information relating to the applicant's access rights: first name, surname, gender, date of birth, address, postcode, town, country, province, municipality, telephone number, mobile phone number, email address. Information relating to the recruiter's rights of access is as above, but with the Kieku identification number added.

8. Information sources other than the data subject
Following the applicant's specific consent, information relevant to the application process can also be acquired from other information sources and stored in the Valtiolle.fi system. Information relating to the recruiter's access rights will be collected following a request for access by the human resources officer.

9. Recipients to whom personal data has been or shall be released
Data can only be released following the restrictions of current legislation or the controller's consent. Application documents are public according to the Act on the Openness of Government Activities (621/1999), and they shall be presented upon request. Access to public documents shall be granted in accordance with the conditions set in Sections 13 and 16 of the Act on the Openness of Government Activities. Access to view secret documents will only be granted 1) following the consent of the person involved, 2) to the person involved or 3) based on a legal right of access.

10. Transfer of personal data outside the EU or EEA or to international organisations
Personal data shall not be transferred outside the EU or EEA or to international organisations.

11. The principles of filing system protection

A. Manual data
Manual data will be handled by educated personnel in a space secured to the level required by data protection.

B. Digital data
The information in the filing system is protected from inappropriate viewing, altering and disposal. The protection consists of access rights management, technical protection of databases and servers, physical protection of the premises, access control, protection of telecommunications and data backup.

Access to data and its processing is granted in accordance with professional duties. Access to the service requires a personal user identification. Administrative control shall be used to ensure that the activities are appropriate.

12. Time limit of storing personal data and the relevant criteria
Applications shall be removed from the system six months after the closure of the recruitment process. Open applications shall be removed six months after they have last been saved in the system. The applicant's personal data shall be removed after it has been idle for a year. Before the removal of the data, the applicant shall be informed accordingly. The applicant has a right to request the removal of his or her personal data. The recruiter's data shall be removed following a request made by the human resources officer at the latest when the recruiter's employment contract ends.

13. Rights of the data subjects
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, if processing takes place, the data subject's access to his or her personal data shall be granted.

The data subject shall have access to the application data through the Valtiolle.fi information system. Regarding information which cannot be accessed through Valtiolle.fi, the data subject can submit a request for inspection via: kirjaamo@fmi.fi

Information contained in the filing system shall not be used for profiling or automated decision making.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The request for rectification shall be submitted to:  kirjaamo@fmi.fi

14. Right to complain to the Data Protection Officer
The data subject shall have a right to make a complaint to the Data Protection Officer regarding the processing of his/her personal data.