Processing of (personal) data by the entity in charge of the online application process
PRIVACY POLICY – HUMAN RESOURCES AND RECRUITMENT DATA
1. ABOUT THIS POLICY
At Rentle Oy (“Rentle”), we take data protection seriously.
We process the personal data of our employees to meet our legal and contractual obligations as an employer. Personal data of job applicants are processed for recruitment purposes.
Please note that this Privacy Policy only applies to the processing of personal data carried out by Rentle as a data controller and only in a human resources context.
Occupational health care data is controlled by your occupational health care provider.
This Privacy Policy may be updated from time to time. We will not make substantial changes without prior notice.
2. CONTACT DETAILS OF CONTROLLER
Name: Rentle Oy
Business ID: 2634632-5
Correspondence address: Otakaari 5, 02150 Espoo, Finland
Contact: info@rentle.io
Website: Rentle.io
3. PERSONAL DATA COLLECTED
Job applicants
For job applicants we may process the following information:
Employees
For employees we also process the following information:
We only collect information that is either relevant for filling in the position in question or necessary for the rights and obligations of either party in the context of establishing or managing an employment relationship.
4. SOURCES OF PERSONAL DATA
Primarily we receive personal data directly from you.
During the employment relationship we may collect information about you generated through our data systems and from Rentle’s other employees such as your supervisor (e.g. relating to performance reviews) as well as feedback from Rentle’s customers and stakeholders.
When legally allowed, we may also acquire certain information from relevant authorities or public registers.
During a recruitment process we may, with your consent, contact a reference you have provided us with, such as your former employer. In this case we may get some information about you from such reference.
5. THE PURPOSE AND LEGITIMATE GROUNDS OF PROCESSING
Employee data is processed to meet our legal obligations as an employer, such as the arrangement of occupational health care, as well as to fulfil our contractual obligations based on your employment contract, such as salary payment.
Applicant data is processed on the basis of a pre-contractual relationship at your request and for our legitimate interests in order for us to assess the potential grounds for entering into an employment contract with you.
We also store both applicant and employee data for a certain period based on our legitimate interests in case of litigation, claims or regulatory investigations.
6. STORAGE PERIOD
We store the data concerning employees for as long as it is necessary to meet the employer’s legal obligations or for other legitimate reasons, such as litigation or regulatory investigations. For example, we are required to provide you with a certificate of employment on request during 10 years of termination of the employment relationship.
Job applicant data is stored for recruiting purposes for the duration of the recruitment process, and after that for as long as required for legitimate reasons, such as regulatory investigation and litigation purposes. With your consent we may also store your information for future recruitment purposes.
7. INTERNATIONAL DATA TRANSFERS
Employee and job applicant data is primarily stored within the European Economic Area.
However, in certain cases we may transfer or access personal data outside the European Economic Area. In such cases we provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.
8. THE RECIPIENTS OF PERSONAL DATA
We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:
For legal reasons
We may share personal data with third parties outside our organization if access to the personal data is reasonably necessary to: (i) meet taxation, any applicable law, regulation, and/or court order (ii) detect, prevent or otherwise address crime and/or security issues.
To authorized service providers
We may share personal data to authorized service providers who perform services for us. Such service providers are for example our accounting and payroll service providers and data storage service providers. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
For other legitimate reasons
If Rentle is involved in a merger or acquisition, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all those concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.
With your explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have a right to withdraw such consent at any time.
9. YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us and to request a copy of your personal data undergoing processing.
Right to withdraw consent
In case the processing is based on a consent granted by you, you may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that during the term of employment personal data is processed primarily due to legal obligations and therefore we may not be able to delete it.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.
Right to object
You may object to the processing of personal data on grounds relating to your particular situation if such data are processed for our legitimate interest. In case we do not have compelling legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to data portability
You have the right to receive some of the personal data you have provided us with in a structured and commonly used format.
How to use your rights
If you want to use your rights, please contact your supervisor (if you are an employee) or send us a letter or secure e-mail (if you are an applicant).
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
10. INFORMATION SECURITY
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality and integrity.
The personal data stored under this Privacy Policy shall only be processed on a need-to-know basis. The use of personal data is protected by appropriate user rights and passwords.
11. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right lodge a complaint with the local supervisory authority for data protection.
In Finland the competent authority is the Data Protection Ombudsman (www.tietosuoja.fi ).
This Privacy Policy was updated on 25.5.2022
1. ABOUT THIS POLICY
At Rentle Oy (“Rentle”), we take data protection seriously.
We process the personal data of our employees to meet our legal and contractual obligations as an employer. Personal data of job applicants are processed for recruitment purposes.
Please note that this Privacy Policy only applies to the processing of personal data carried out by Rentle as a data controller and only in a human resources context.
Occupational health care data is controlled by your occupational health care provider.
This Privacy Policy may be updated from time to time. We will not make substantial changes without prior notice.
2. CONTACT DETAILS OF CONTROLLER
Name: Rentle Oy
Business ID: 2634632-5
Correspondence address: Otakaari 5, 02150 Espoo, Finland
Contact: info@rentle.io
Website: Rentle.io
3. PERSONAL DATA COLLECTED
Job applicants
For job applicants we may process the following information:
- full name
- date of birth
- gender
- address and contact details
- application and curriculum vitae
- educational and professional background
- work permit or visa information (where necessary for confirming applicant is eligible to work in target country)
- qualifications and skills (for example language skills)
- results of any tests or evaluations carried out in connection with recruitment
- possible drug test results and credit status data in case permitted by applicable laws in order to assess the applicant’s performance and reliability
- possible consent given by the applicant for storing the data for future recruitment
- possible non-disclosure agreement made in connection to recruitment process
- any other information provided by applicant during recruitment process and communication with us.
Employees
For employees we also process the following information:
- identification information, such as name and title, social security number and photograph
- information needed for salary payment, such as bank account and tax information
- information collected during recruitment stage (please see above)
- responsibilities, qualifications, assignments and professional development
- start and (if applicable) end date of employment
- content of your employment contract
- content of any other employment-related contracts (e.g. non-disclosure agreements or agreements made in connection to the termination of employment)
- Copy of visa or work permit (foreign employees)
- information on stock options, shares and related agreements
- information regarding tracking of working hours and absences
- information concerning the employee’s state of health, family or trade union membership when necessary for us to fulfil our legal obligations (e.g. to coordinate sick leaves or parental leaves) and IT information, such as user credentials, emails, access information, device information and associated data.
We only collect information that is either relevant for filling in the position in question or necessary for the rights and obligations of either party in the context of establishing or managing an employment relationship.
4. SOURCES OF PERSONAL DATA
Primarily we receive personal data directly from you.
During the employment relationship we may collect information about you generated through our data systems and from Rentle’s other employees such as your supervisor (e.g. relating to performance reviews) as well as feedback from Rentle’s customers and stakeholders.
When legally allowed, we may also acquire certain information from relevant authorities or public registers.
During a recruitment process we may, with your consent, contact a reference you have provided us with, such as your former employer. In this case we may get some information about you from such reference.
5. THE PURPOSE AND LEGITIMATE GROUNDS OF PROCESSING
Employee data is processed to meet our legal obligations as an employer, such as the arrangement of occupational health care, as well as to fulfil our contractual obligations based on your employment contract, such as salary payment.
Applicant data is processed on the basis of a pre-contractual relationship at your request and for our legitimate interests in order for us to assess the potential grounds for entering into an employment contract with you.
We also store both applicant and employee data for a certain period based on our legitimate interests in case of litigation, claims or regulatory investigations.
6. STORAGE PERIOD
We store the data concerning employees for as long as it is necessary to meet the employer’s legal obligations or for other legitimate reasons, such as litigation or regulatory investigations. For example, we are required to provide you with a certificate of employment on request during 10 years of termination of the employment relationship.
Job applicant data is stored for recruiting purposes for the duration of the recruitment process, and after that for as long as required for legitimate reasons, such as regulatory investigation and litigation purposes. With your consent we may also store your information for future recruitment purposes.
7. INTERNATIONAL DATA TRANSFERS
Employee and job applicant data is primarily stored within the European Economic Area.
However, in certain cases we may transfer or access personal data outside the European Economic Area. In such cases we provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.
8. THE RECIPIENTS OF PERSONAL DATA
We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:
For legal reasons
We may share personal data with third parties outside our organization if access to the personal data is reasonably necessary to: (i) meet taxation, any applicable law, regulation, and/or court order (ii) detect, prevent or otherwise address crime and/or security issues.
To authorized service providers
We may share personal data to authorized service providers who perform services for us. Such service providers are for example our accounting and payroll service providers and data storage service providers. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
For other legitimate reasons
If Rentle is involved in a merger or acquisition, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all those concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.
With your explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have a right to withdraw such consent at any time.
9. YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us and to request a copy of your personal data undergoing processing.
Right to withdraw consent
In case the processing is based on a consent granted by you, you may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that during the term of employment personal data is processed primarily due to legal obligations and therefore we may not be able to delete it.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.
Right to object
You may object to the processing of personal data on grounds relating to your particular situation if such data are processed for our legitimate interest. In case we do not have compelling legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to data portability
You have the right to receive some of the personal data you have provided us with in a structured and commonly used format.
How to use your rights
If you want to use your rights, please contact your supervisor (if you are an employee) or send us a letter or secure e-mail (if you are an applicant).
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
10. INFORMATION SECURITY
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality and integrity.
The personal data stored under this Privacy Policy shall only be processed on a need-to-know basis. The use of personal data is protected by appropriate user rights and passwords.
11. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right lodge a complaint with the local supervisory authority for data protection.
In Finland the competent authority is the Data Protection Ombudsman (www.tietosuoja.fi ).
This Privacy Policy was updated on 25.5.2022