Privacy Statement

Table of contents

Introduction
Why do we collect and process personal data?
What personal data do we collect?
Who provides us with personal data?
Who has the right to process your data and do we disclose data to third parties?
How do we process sensitive personal data?
Does the processing of personal data involve automated decision-making?
How do we protect your data?
What are your rights as a data subject and how can you enforce them?
How long will we store your data?
How do we use cookies?
How is data used for direct marketing?
Changes to the privacy statement
Controller and contact details

Updated 13.6.2018. Click here to see the changes.

Introduction

Your privacy is important to us. Saranen Consulting Llc (hereinafter referred to as “Saranen”) is committed to protecting your privacy in the best possible way and to processing your personal data in a confidential and transparent manner in accordance with the applicable law and good data protection practices.

This privacy statement describes, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council, how we collect, process and protect your personal data in the production and provision of recruitment training programmes, outplacement services and job seeking services, in the pairing of jobseekers and customer companies, and in the services currently related to these functions, in customer communications and relationships as well as in the implementation of marketing and advertising.

Back to Top

Why do we collect and process personal data?

We collect and process personal data only to the extent necessary for the production, provision and development of our services.

We collect and process personal data 1) to produce and provide services for employment, re-employment, training and coaching based on the implementation of pre-contractual measures, 2) to implement communications, reporting and development work in accordance with official provisions, laws and regulations based on statutory duty, 3) based on a legitimate interest in implementing customer service, communications and invoicing, 4) to develop, analyse and compile statistics on business and services, 5) to analyse the use of our websites and 6), with your consent, to implement direct marketing and marketing campaigns for the above-mentioned services.

In addition, anonymised personal data may be used for research purposes (e.g. to examine service effectiveness). In this case, individual persons will no longer be identifiable.

Back to Top

What personal data do we collect?

The purpose of the processing determines the kind of data that we collect in any given situation. We will only process your personal data mentioned below on legitimate grounds for the purposes specified above. The filing system may include the following personal data relevant in terms of employment and re-employment, training and coaching as well as service objectives and service production:

  • Basic data: first and last name, date of birth, sex, personal identity number
  • Contact details: address, phone number, e-mail address
  • Data relating to work experience, education and competence: previous employment relationships and duties, education (basic education, further education, field of study), competence, language skills, driving licence information and access to a car
  • Data on the job seeking process, training and coaching: application and curriculum vitae, information relating to target job, wishes for future job, other information possibly used in job seeking (positions of trust, hobbies, etc.), references and statements from references, area where work is sought, possible information relating to starting or ending work, salary request, interview and coaching notes, photograph, video interview responses, other possible additional information or appendices relating to job seeking or employment provided by the jobseeker, any other information relevant to the employment goal
  • Data relating to the administration of the job seeking, training and coaching process: information on meetings and other communications between the parties, information relating to the service (e.g. information on which customer company of the controller the jobseeker’s introduction has been submitted to), participation and feedback information
  • Registration and browser data: registration data (user name, password and other similar information), IP address, operating system, browser version and terminal device model, site from which Saranen’s online service has been accessed

Back to Top

Who provides us with personal data?

Saranen receives the personal data relating to the production and provision of services mainly from the data subjects themselves during the customer relationship. Data subjects fill in their own data in connection with registration through Saranen’s website and directly into Saranen’s systems (e.g. Laura and Jelpp recruitment systems, SC Trainer training enrolment system, various forms and surveys completed with a browser). Saranen’s employees (e.g. coaches and recruiters) supplement the data as the service process progresses. Personal data may also be collected by phone, via e-mail or in face-to-face meetings promoting the person’s career goal.

Data may also be obtained through references, customer companies and the labour administration.

Back to Top

Who has the right to process your data and do we disclose data to third parties?

We process your data in a confidential manner and do not disclose it to third parties except in the following cases:

  • Customer companies: With your permission, we disclose your personal data to promote employment, for example, when introducing you to our customer companies in order to find a suitable job or training place for you.
  • Labour administration (TE Services and ELY Centres): Data is disclosed due to a statutory obligation and with appendices to invoices.
  • Within Barona Group: Data might be disclosed within the Barona Group in order to promote employment of the person concerning the purposes of processing data mentioned in this privacy statement.
  • Authorities: We may have to disclose some data to authorities or administrators of justice when required by law to do so. We will only do this upon a valid court decision or an order or summons by an authority.
  • Mergers and acquisitions: In the context of corporate acquisitions or mergers, the acquiring party may gain access to essential customer data. In such situations, the confidentiality of all personal data is guaranteed by non-disclosure agreements.
  • Consent: We may disclose your personal data to third parties if you have consented to this.

We also use subcontractors and service providers (e.g. for technical maintenance or the implementation of campaigns and direct marketing) to process the data we collect. They are only entitled to process your data to the extent required by the agreed services. This means that they cannot use your data for their own purposes. By contract, we require them to ensure an adequate level of data protection and lawful processing.

The data we collect is stored and processed in part outside the European Economic Area in the United States, for example, when the service provider that we use is located or stores data outside the European Economic Area. Our service providers are committed to a high level of data protection through contracts and the Privacy Shield arrangement between the EU and the United States.

Back to Top

How do we process sensitive personal data?

Special categories of personal data, or the so-called “sensitive personal data”, refer to personal data revealing, for example, the ethnic origin, data concerning health or trade union membership of a natural person.

We may, in some cases, obtain sensitive data from data subjects themselves when assessing their ability to work or suitability for certain duties. Sensitive personal data will never be disclosed to third parties without your permission.

Back to Top

Does the processing of personal data involve automated decision-making?

An automated decision refers to a decision made completely automatically without human participation in the decision-making. The processing of your personal data does not involve automated decision-making.

Back to Top

How do we protect your data?

Saranen has the appropriate technical and organisational security tools to protect personal data against loss, abuse and other similar illegal access. Such tools include the use of firewalls, encryption techniques and secure equipment facilities, appropriate access control as well as controlled granting of access rights and supervision of their use. Your personal data will only be processed by Saranen’s employees who have the right to do so within the scope of their duties and the achievement of your employment goal.

Back to Top

What are your rights as a data subject and how can you enforce them?

As a data subject, you have the right:

  • to obtain confirmation as to whether or not your personal data is being processed (or has been processed);
  • to check what data we have collected on you or to obtain confirmation that our filing system does not include your personal data;
  • to ensure the accuracy of your data and to correct/rectify false, inaccurate, incomplete or outdated data;
  • to have your data erased (right to be forgotten);
  • to transfer your data to another system;
  • under certain circumstances, to request that the processing of your data be restricted or otherwise object the processing; and
  • to lodge a complaint with a supervisory authority regarding the processing of your personal data.

You can review, correct, supplement and erase data you have stored in Saranen’s systems using your personal user name and password.

In addition, you can submit a written and sufficiently specific request to review, rectify, supplement or erase data to the contact person of the filing system via e-mail or by post. The request must indicate the subject of the request and, in the case of a request to rectify, supplement or erase, the false and correct information or the data you want erased. Upon receipt of the request, we will verify your identity using TUPAS authentication. The controller is obliged to correct or erase the data within one month of receiving the request, or if the request is complex or there are several of them, within three months of receiving the request. When you request erasure, the data will be erased in so far as we are not under a statutory or contractual obligation to retain it.

We will erase all the data concerning you that we have collected once the personal data is no longer needed for the purposes for which it was originally collected and we have no specific statutory obligation to retain the data. We will also erase the data if the processing of the personal data is based on consent and you withdraw your consent, or if you object to the processing based on legitimate interests of your personal data, unless there are other statutory grounds for the processing. For example, you can withdraw your consent to electronic direct marketing at any time.

You can request the transfer of your personal data, in which case we will provide you with your personal data in a machine-readable format so you can store it yourself or transfer it to another controller (e.g. another service provider). If technically possible, we will also transfer your data directly to another controller upon your request. This is only possible in situations where we process your personal data based on your consent or agreement and applies only to data that you have submitted to us yourself.

If your data is inaccurate in some respects, you have the right to demand the temporary limitation of processing until we have verified the accuracy of the data. You also have the right to wholly object to the processing of your personal data if the data is processed on the basis of the controller’s legitimate interest.

Back to Top

How long will we store your data?

We will store your personal data for the duration required by its purpose, as long as it is required from us by law or until we receive an erasure request or you withdraw your consent.

We will store your data only as long as is necessary for carrying out the specified purposes (see Why do we collect and process personal data?), always within the limits of the applicable law. All data relating to employment, re-employment, training and coaching will generally be stored in our filing system for two (2) years, unless otherwise stated. The data in our recruitment systems will automatically be stored for two (2) years from the creation of the profile or from when the person has edited their profile. Due to, for example, the monitoring, reporting and authentication obligations imposed on us, the storage period of the data of participants in projects organised in cooperation with the authorities is ten (10) years from the end of the service.

Thereafter, the data is either destroyed or rendered unidentifiable by converting it irreversibly into a format from which individual persons will no longer be identifiable.

Back to Top

How do we use cookies?

We can collect data relating to your computer using cookies and other similar technologies. A cookie is a text file that the browser stores on your computer. Cookies contain a unique identifier and are used for the purpose of us being able to identify and count the browsers that visit our site. You have the right to prevent the use of cookies, but this may affect the functionality of our services. You can clear cookies from the settings of your browser.

Back to Top

How is data used for direct marketing?

Personal data can be used when marketing Saranen’s other services promoting recruitment, or other services that support the employment, study or entrepreneurship of data subjects, to customers.

Personal data will not be disclosed to third parties for the purpose of direct marketing, distance selling, market research, surveys or other similar activities.

You have the right to prohibit the processing of your data for direct marketing at any time.

Back to Top

Changes to the privacy statement

We are constantly developing our privacy policies, which is why we may change this privacy statement from time to time. Changes may also be based on changes in the legislation. We recommend that you revisit this privacy statement page to note any changes. If necessary, we can also notify you directly of changes.

Back to Top

Controller and contact details

Saranen Consulting Llc
Business ID: 2588306-5
Innopoli 1
Tekniikantie 12
FI-02150 Espoo
Tel.: +358 20 198 3430

Data protection officer:
Kalle Risku
Email: tietosuoja@saranen.fi
Tel.: +358 46 921 2145

Back to Top

 

CHANGE HISTORY OF SARANEN’S PRIVACY STATEMENT
May 2018

We published a new privacy statement in accordance with the EU General Data Protection Regulation.

June 2018

We updated the privacy statement from the part of disclosing data within the Barona Group.

Back to Top

Ota yhteyttä

Henkilötietoja käytetään Saranen Consulting palveluista kertomiseen yhteydenoton yhteydessä. Lue lisää henkilötietojen käsittelystämme tietosuojaselosteestamme.