Loihde Oyj (0747682-9), Silmukkatie 6, 65100 Vaasa

Loihde Trust Oy (0863729-2), Atomitie 5, 00370 Helsinki

Loihde Cloudon Oy (2487158-0), Atomitie 5, 00370 Helsinki

Loihde Advance Oy (1645592-3), Aleksanterinkatu 15 B, 00100 Helsinki

Loihde Factor Oy (2586213-3), Kirkkokatu 21, 90100 Oulu

Data Protection Officer Antti Hemmilä
Aleksanterinkatu 15 B, 00100 Helsinki 

+358 40 515 3993

privacy@loihde.com

Centralized Recruitment Register of the Loihde Group

The data subjects of the register are internal and external job applicants of the Loihde Group who apply for positions announced by the data controller or submit an open application.

An applicant may also save their basic information in Loihde’s own or a third-party recruitment system, in which case this constitutes an open application. If the person later applies for a specific open position, this creates a position-specific application. As a rule, the applicant themselves targets their application to a specific position, but with the applicant’s consent, this can also be done by a recruitment specialist.

In accordance with predefined retention periods, the register also includes information about applicants who participated in recruitment processes that have already ended and who were not selected for the open positions.

The primary purpose of processing personal data is to collect the necessary information about the data subjects for the selection of an employee. Data is collected only to the extent required to carry out the recruitment process.

The purposes of personal data processing include:

• Processing of personal data required for filling open positions, from the submission of an application to the selection of an employee or employees (i.e., carrying out the recruitment process), including the assessment of applicants and informing them of selection decisions

• Measuring the candidate experience of applicants

• Entering into an employment contract with the selected employee(s)

• Collecting statistical data on recruitment processes

• Using the data for communication purposes, such as informing applicants about open positions and events or activities organized by the Loihde Group

• Conducting or commissioning security clearances and other assessments or background checks as permitted by law

• Fulfilling employment-related rights and obligations

• Complying with legal obligations and requirements set by authorities and official guidelines

The processing of personal data within the scope of the register also includes profiling. Profiling refers to the automated processing of personal data, where such data is used to evaluate certain personal characteristics. In the recruitment context, profiling is used in suitability assessments. These assessments are conducted to evaluate applicants' qualities as employees and are part of a comprehensive evaluation carried out during the hiring process. They are used to support recruitment decisions. The aim is to identify the applicant who is best suited for the position.

Consent

The processing of personal data is primarily based on the data subject’s consent after they have participated in the recruitment process. Consent also serves as the legal basis for processing in situations where the data controller requests the data subject to participate in specific assessments related to recruitment or to authorize necessary background checks.

With the data subject’s consent, an open application they have submitted may be used to identify suitable candidates for open positions based on applications stored in the recruitment system.

Legitimate Interest

The data controller has a legitimate interest in processing job applicants' personal data in order to carry out the recruitment process. There is a relevant relationship between the data controller and the data subject, based on the applicant’s submission of an application.

On this basis, the data controller may also process personal data to demonstrate compliance with legal obligations related to employee selection, or for the establishment, exercise, or defense of legal claims.

Contract Preparation and Execution

Personal data is processed within the register for the purpose of entering into an employment contract with the selected job applicant.

Legal Obligation

Where processing is necessary for the data controller to comply with a legal obligation, the legal obligation serves as the lawful basis for processing.

• Name and contact information of the individual

• Background information assessed during the recruitment process, such as education and degrees, previous work experience, skills, language proficiency, CV and cover letter, as well as any other attachments or LinkedIn profile

• Additional details required for drafting an employment contract, such as personal identity code or date of birth, all given names, nationality and work permit details, and gender (optional)

• Consents related to personality assessments, background checks, or the use of an application in other recruitment processes

• Data obtained from suitability assessment tests (profiling data)

• Job roles and locations the applicant is interested in

• Communication between the data controller and the data subject. During the recruitment process, recordings or data may be collected or produced from activities such as assessment questionnaires and video interviews

• For individuals who submit an application through Loihde’s own website, certain identifiers or behavioral data may be stored, such as the referring website that directed them to Loihde’s recruitment site, the IP address in use at the time, and the web browser used

The data controller retains position-specific application data for a maximum of 24 months from the end of the recruitment process or the date of the selection decision.

Once the retention period has expired, the data controller will delete or anonymize the data in such a way that individual persons can no longer be identified.

If the application has been submitted via a third-party recruitment system used by Loihde, the applicant may delete their applicant profile in that system at any time or request the deletion of their data directly from the administrator of the recruitment system.

Personal data is primarily collected directly from the data subject when they complete a job application.

For individuals under consideration for a position, personal data may also be collected and updated from third-party registers (e.g., background checks), such as from the Finnish Security and Intelligence Service (Supo) for potential security clearance (subject to the data subject’s consent) or from credit information agencies, as permitted by applicable law.

Personal data may be transferred or disclosed between companies within the Loihde Group (joint controllers).

Loihde uses subcontractors who process personal data on its behalf. Loihde enters into appropriate data processing agreements with such subcontractors. These subcontractors provide, among other things, IT and other support services as well as tools for communication and marketing management.

Data may be transferred outside the EU or EEA. When data is transferred outside the EU or EEA, the transfer is carried out using the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism permitted under applicable legislation.

If we process personal data based on the data subject’s consent, the data subject has the right to withdraw their consent at any time, in whole or in part. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

The data subject has the right to obtain confirmation from Loihde as to whether their personal data is being processed, and to access information about the processing, including the purposes of processing and the categories of personal data concerned. The data subject also has the right to receive a copy of the personal data we process. If multiple copies are requested, we may charge a reasonable fee based on administrative costs.

The data subject has the right to have inaccurate personal data corrected without undue delay, and the right to have incomplete personal data completed by providing additional information.

Loihde will delete the data subject’s personal data upon request, provided that no legal or contractual obligation requires Loihde to retain the data. In certain circumstances as defined by data protection legislation, the data subject also has the right to request restriction of processing, to object to the processing of their personal data, and to have their data transferred from one system to another (data portability).

If the data subject believes that the processing of their personal data is unlawful, they have the right to lodge a complaint with a supervisory authority.

Personal data is encrypted in the systems and communications we use, utilizing encryption technologies we have determined to be effective, whenever possible.

Personal data is physically secured through access-controlled and secure facilities. Only those employees who need access to personal data to perform their work duties are granted access. All individuals who process personal data are bound by a duty of confidentiality.