1. DATA CONTROLLER
puh. +350 20 433 111
This privacy statement describes how YIT processes the personal data of job applicants in order to carry out recruitment processes. Personal data is processed in accordance with this privacy statement, laws, and the European Union General Data Protection Regulation (GDPR).
Person responsible for data protection matters:
+358 40 821 1214
Person responsible for register matters:
+421 903 630 420
3. PROCESSORS AND RECIPIENTS
The technical platform for the register is SmartRecruiters. The service provider is SmartRecruiters, whose headquarters is in the United States. Those SmartRecruiters’ data centers in which YIT’s data is processed are located in the EU and in the US. The service provider acts as a processor of personal data.
4. PURPOSE AND GROUNDS FOR PROCESSING PERSONAL DATA
The processing of personal data is based on job applicant’s (data subject’s) consent. In some cases, processing may also be necessary for the performance of an employment contract between YIT and the job applicant or in order to execute measures prior to entering an employment contract between YIT and the job applicant.
Personal data is processed in order to execute YIT’s recruitment processes and save the data of potential job applicants for later recruitment purposes if suitable positions open later. The above mentioned includes communications with job applicants, such as a recruitment mailing list, and other measures connected to the recruitment process.
The personal data collected is only used for the purposes mentioned in this privacy statement.
It is not necessarily possible to consider the applicant in the recruitment process, if the job applicant does not wish to disclose his/her personal data necessary to the recruitment process to YIT.
5. DATA CONTENT OF THE REGISTER
YIT processes job applicants’ following personal and contact data as well as other data that are necessary in order to carry out the recruitment process:
6. REGULAR SOURCES OF DATA
Personal data are primarily collected from the data subjects themselves during the recruitment process. With the data subject’s consent, personal data can also be collected from other sources, such as the consultants and the recruitment companies participating in the recruitment process.
With the data subject’s consent, personal data can also be collected from referees, whose contact information the job applicant has submitted on his/her own initiative.
7. REGISTER SECURITY PRINCIPLE AND THE STORAGE PERIOD OF PERSONAL DATA
YIT processes the job applicant’s personal data during the recruitment process. After the recruitment process has been completed, personal data will be stored for as long as it is necessary for executing YIT’s rights and obligations and responding to potential claims, but not for longer than two years.
If an applicant is chosen for the position, YIT may transfer the personal data collected during the recruitment process to YIT’s personnel register.
Personal data can also be stored for a longer period if it is necessary to carry out the obligations of YIT under acts, regulations, and other authority sources.
The service provider (SmartRecruiters, Inc.) provides the technical protection of personal data stored in the service.
8. RIGHTS OF THE DATA SUBJECT
Right to request access
Data subject has the right to be informed if his/her personal data is being processed and the right to request access to personal data concerning him/her.
Data subject has the right at any time to:
A SmartProfile (Candidate Portal) is formed after a job applicant submits an application. In the case of an internal job applicant (YIT employee) an inner applicant profile is formed after an application has been submitted through the Employee Portal.
Data subjects may exercise their rights by logging into the Candidate Portal or in the case of an internal job applicant, to the Employee Portal. In the Candidate Portal or Employee portal data subjects can for example erase or complete their inaccurate or incorrect personal data.
To the extent that the data subjects cannot exercise their rights in the Candidate Portal or Employee Portal, a request has to be submitted as instructed in section two.
9. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION (EU) OR EUROPEAN ECONOMIC AREA (EEA)
When transfer of personal data outside the EU or EEA is necessary, the data controller makes sure that the European Commission has issued an adequacy decision for the country or that standard clauses adopted by the Commission are used.
10. AUTOMATED DECISION MAKING
Personal data will not be used for automated decision making.
These sub-contractors process personal data in order to provide..