Privacy Policy for Recruitment

Privacy Policy of Whitelake Software Point Oy Recruitment Data Filing System

1.1 General

Whitelake Software Point Oy (later “We”) is committed to ensure the confidentiality and data protection of
personal data at its possession. This privacy policy is applied to personal data that We collect in relation
to our recruitment data filing system (later “Data Filing System”). The personal data and related processing
is described in this privacy policy. Additional information regarding the processing of personal data in the
Data Filing System is provided by Our HR department.
We may update this privacy policy from time to time, for example due to changes in applicable legislation.
Therefore, We advise you to review this privacy policy. We endeavour to carry out reasonable means to
inform You of any possible changes beforehand. This privacy policy was last updated on 1.5.2018.

Data Controller
Name: Whitelake Software Point Oy
Address: Metsänneidonkuja 6, 02130 Espoo.
Tel: 09 439 1320
Business ID: 0893345-4

1.2 Whose Personal Data Do We Collect?

We process the personal data of Our job applicants (“You”) in the Data Filing System. We also collect the
names and contact information of referees named by You.

1.3 What Categories of Personal Data Do We Process?

We process the following categories of Your personal data:
- Your name;
- Your contact details: email address, address and telephone number;
- Your date of birth, if such has been provided by You
- The name and contact details of Your referees;
- Your prior work experience and education;
- A picture of You, if you have provided Us with one;
- Evaluations made by the people taking part in Our recruitment process and other similar information;
- Information included in a safety report or an aptitude assessment of You, if such have been made;
- Your gender
- Your certificates
- Other information you have provided Us with.

1.4 Which Sources Do We Use to Collect Personal Data?

We collect personal data primarily from You. We may also collect data from other sources at Your permission
such as from the referees whose contact information You have provided to Us.

1.5 Basis for and Purposes of Processing Your Personal Data

The basis for processing your personal data is our legitimate interest for the evaluation of Your job application
and for carrying out of the recruitment process. We also process Your personal data relating to
aptitude assessments and safety reports on the basis of Your consent.
The purpose of the processing of personal data is to carry out Our recruitment processes and save the
data for later recruitment purposes. This includes i.e. the evaluation of Your data for recruitment purposes,
communications with You and other measures related to the recruitment process.
As a job applicant You are responsible for obtaining necessary authorisations and consents for
saving and processing the personal data of any referees You name. 

1.6 Regular Disclosures and Transfers of Your Personal Data to Third Parties

We may disclose or transfer your personal data only to recruitment consultants and recruitment companies
that have a contractual relationship with Us and are bound by professional secrecy obligations in so
far as the consultant or company in question is involved in the recruitment process. We also may disclose
Your personal data to the security police, provided that a security report is prepared on You on Your
permission. We do not disclose or transfer Your personal data to such consultants or companies for any
other purposes than our recruitment process. We always ensure that Our partners do not process the
personal data transferred to them for any other purposes.
We do not disclose or transfer Your Personal data to parties that have no relation to the recruitment, e.g.
for direct marketing or some other similar purposes. However, we may be required to share Your personal
data with competent authorities in accordance with data protection legislation.

1.7 Transfers of Your Personal Data outside the EU or European Economic Area

We transfer your personal data outside the European Union or the European economic area in accordance
with data protection legislation through Sympa Oy: Sympa pays particular attention to data protection
and data security. The requirements of EU's Data Protection Regulation (GDPR) have been taken
into consideration when selecting subcontractors. Maintenance-related services, such as support and
security, are delivered from Sympa's offices, via secure connections from remote work locations in
EU/EEC area and overnight from the United States in accordance with the EU-US Privacy Shield agreement.

1.8 Principles for the Retention of Your Personal Data

Should you send Us an open application, We retain the application and the personal data in Our system
for six (6) months following the submission of the application after which We destroy them. Should You
apply for a specific vacant post, the application and the personal data shall be stored during the recruitment
process and by your request for six months after the recruitment period after which We destroy
them unless the data is needed for a longer period due to trials or disputes.

1.9 Rights of a Data Subject in Relation to the Processing of Personal Data

You have the right to, according to applicable data protection legislation, at any time:
- be informed about whether We process Your personal data;
- obtain access to data relating to You and review your personal data we process;
- require rectification and completion of inaccurate and incorrect personal data;
- require erasure of Your personal data
- withdraw Your consent and object to the processing of Your personal data in so far as the processing
of your personal data is based on Your consent;
- object to the processing of Your personal data on grounds relating to your particular situation in so far
as the processing of Your personal data is based on our legitimate interest;
- receive your personal data in a machine-readable format and transmit those data to another controller
(provided that You have delivered us such data yourself, We process such personal data based Your
consent and the processing of personal data is carried out by automated means); and
- obtain a restriction of processing of Your personal data.
Please note that objecting to the processing or erasure of Your personal data may lead to a situation
where it is not possible for Us to consider Your application in the recruitment process.
If You withdraw Your consent, it will not affect the lawfulness of the processing based on consent before
its withdrawal.
You should present Your request for exercising any of the aforementioned rights in the manner described
in the ‘Contacts’ Section of this data protection record. We may ask You to specify Your request in writing
and to verify Your identity before processing the request. We may refuse to fulfil your request on grounds
set out in applicable data protection legislation. 

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory
authority of the EU member state of your habitual residence or place of work, if You consider that
We have not processed Your personal data in accordance with applicable data protection legislation.

1.10 Principles of Data Security

We respect the confidentiality of Your personal data.
Your personal data are protected and stored in Our systems and are accessible only to such of Our
employees and other persons who need to know the personal data within their tasks such as Our marketing
personnel. Such persons have personal user credentials and passwords.
We keep Our systems appropriately up-to-date and use reputable providers of anti-virus software.

1.11 Information on Cookies and Similar Technologies

We use cookies in Our website.
A “cookie” is a commonly used small text file that the internet browser installs on your computer or other
terminal when you visit a website. The browser sends information on your visit back to the website when
you revisit it. All contemporary websites use cookies in order to offer you a more personal browsing experience.
Each cookie is separately installed on each terminal You use and cookies can be read only by the server
that installed the cookie. Because the cookie is bound to the browser, and is not distributable between
separate browsers or terminals in general (unless a browser, plugin or other application separately enable
this), Your choices relating to the management of cookies are applicable only to each separate browser.
A cookie cannot control software, and it cannot be used as a medium for viruses or other malware, nor to
harm Your terminal of files. A single user cannot be identified solely through the use of cookies or similar
technologies.

1.12 Contacts

All requests concerning the use of the rights mentioned above, questions about this data protection record
All requests concerning the use of the rights mentioned above, questions about this privacy policy and
other contacts should be made by e-mail to the address gdpr-team@softwarepoint.com