Job applications – privacy notice

EU General Data Protection Regulation (2016/679)

Date: 22 May, 2018

1. Controller

Finnish Meteorological Institute P.O. Box 503 FI-00101 Helsinki tel. +358 29 539 2141 kirjaamo(at)

2. Contact person

Suvi Piiroinen tel. +358 29 539 4013 suvi.piiroinen(at)

3. Data protection officer

Jaana Palmunoksa Tel +358 29 539 2310 jaana.palmunoksa(at)

4. Register

The recruitment system's personal data register

5. The purpose of processing personal data

The processing of applications relating to recruitment at the Finnish Meteorological Institute and the administration of the recruiter's access rights.

6. The legal basis of data processing

The processing of personal data is contingent on the data subject's consent.The recruiter's right of access to personal data is based on legislation (State Civil Servants' Act, Section 14).

7. Filing system data content

Information relating to the applications: applicant's personal identification information (name, address, telephone number, gender, other possible contact details), personal data submitted by the applicant such as information relating to education and employment, other information supporting the application such as curriculum vitae, school reports, employment certificates, references listed by the applicant, other necessary information relating to the job application and the terms of filling the position.

Information relating to the applicant's access rights: first name, surname, gender, date of birth, address, postcode, town, country, province, municipality, telephone number, mobile phone number, email address. Information relating to the recruiter's rights of access is as above, but with the Kieku identification number added.

8. Information sources other than the data subject

Following the applicant's specific consent, information relevant to the application process can also be acquired from other information sources and stored in the system. Information relating to the recruiter's access rights will be collected following a request for access by the human resources officer.

9. Recipients to whom personal data has been or shall be released

Data can only be released following the restrictions of current legislation or the controller's consent. Application documents are public according to the Act on the Openness of Government Activities (621/1999), and they shall be presented upon request. Access to public documents shall be granted in accordance with the conditions set in Sections 13 and 16 of the Act on the Openness of Government Activities. Access to view secret documents will only be granted 1) following the consent of the person involved, 2) to the person involved or 3) based on a legal right of access.

10. Transfer of personal data outside the EU or EEA or to international organisations

Personal data shall not be transferred outside the EU or EEA or to international organisations.

11. The principles of filing system protection

A. Manual data

Manual data will be handled by educated personnel in a space secured to the level required by data protection.

B. Digital data

The information in the filing system is protected from inappropriate viewing, altering and disposal. The protection consists of access rights management, technical protection of databases and servers, physical protection of the premises, access control, protection of telecommunications and data backup.

Access to data and its processing is granted in accordance with professional duties. Access to the service requires a personal user identification. Administrative control shall be used to ensure that the activities are appropriate.

12. Time limit of storing personal data and the relevant criteria

Applications shall be removed from the system six months after the closure of the recruitment process. Open applications shall be removed six months after they have last been saved in the system. The applicant's personal data shall be removed after it has been idle for a year. Before the removal of the data, the applicant shall be informed accordingly. The applicant has a right to request the removal of his or her personal data. The recruiter's data shall be removed following a request made by the human resources officer at the latest when the recruiter's employment contract ends.

13. Rights of the data subjects

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, if processing takes place, the data subject's access to his or her personal data shall be granted.

The data subject shall have access to the application data through the information system. Regarding information which cannot be accessed through, the data subject can submit a request for inspection via:

Information contained in the filing system shall not be used for profiling or automated decision making.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The request for rectification shall be submitted to:

14. Right to complain to the Data Protection Officer

The data subject shall have a right to make a complaint to the Data Protection Officer regarding the processing of his/her personal data.