Privacy Policy - Recruitment

Approved on 23.5.2019
Updated on 5.7.2023

Data Controllers  

Proventia Oy
Business ID: 0961194-0

Proventia Group Oyj
Business ID: 1612236-0

the address of each of the above companies:

Tietotie 1, 90460 Oulunsalo
phone: 020 7810 200 exchange

Contact person for matters concerning the Register

Director, Development, HR & ICT Kaisu Kivioja
phone: 050 327 5774
e-mail: rekisterit(at)
postal address: Tietotie 1, 90460 Oulunsalo

Data Protection Officer

Proventia Group Oyj and Proventia Oy have concluded in their report that a Data Protection Officer will not be appointed, as neither company's core activities consist of processing activities that require the regular and systematic monitoring of Data Subjects on a large scale or that are targeted at specific categories of personal data.

Tasks related to data protection are included in the role of the ICT Director, contact details above.

The name of the Register

The name of the Register is Recruitment.

Personal data of job applicants is collected in the Recruitee recruitment system, where the recruitment process of job applicants is administered.  

The purpose and basis of processing personal data

The purpose of the processing of personal data is to receive, process and store a file of Proventia Group Oyj and Proventia Oy comprised of job applicants who have applied to the Registrars, for the use of recruiters and recruiting managers. The application can be for a specific job, or an “open´ application. Applications can be internal (from Proventia Group personnel) or external applications.

Proventia Group Oyj and Proventia Oy do not carry out profiling.

The data content of the Register 

The Register processes the personal and contact information of Proventia Group Oyj and Proventia Oy's job applicants, as well as other necessary information related to recruitment. 

The types of information that may be stored regarding the Data Subject include:  

  • personal data: first name, last name, e-mail, phone number, address
  • details of education and qualifications, degree, specific skills, language skills, IT skills, previous employment, preferences of the applicant for the job applied for, salary expectations for the job applied for, contact details of referees
  • documents such as an application, résumé, photo or video application, work or study certificates
  • personal assessment data
  • other information provided in connection with the application process, as well as the information provided by the applicant´s potential referees and notes.

Regular sources of data

Data is primarily obtained from the Data Subjects themselves.
With the applicant´s consent, data may also be collected from other sources (for example, from references provided by the applicant).   

Register security principles

Material from the Register is printed only if necessary. Material in paper form is stored in a locked space or in locked cabinets, which can only be accessed by separately authorised persons. Printed material is destroyed after use.

The use of digitally stored information requires a username and personal password, which are given only to recruiters and recruiting managers.

Technical equipment is carefully protected.   

The partners processing the personal data of Proventia Group Oyj and Proventia Oy have undertaken to store and process the personal data as required by the Data Protection Regulation and to ensure its secure processing.

Regular disclosures of information

Proventia Group Oyj and Proventia Oy may disclose personal data to companies belonging to the same group as well as to third parties acting as subcontractors involved in the production of their services. Partners may not use the information for other purposes or disclose it to third parties.

Transferring data outside of the EU or the European Economic Area 

Proventia Group Oyj and Proventia Oy do not transfer the data in their possession outside the EU or the European Economic Area.

Right of inspection 

The Data Subject has the right to inspect what data concerning them is stored in the Register.  

In addition, after making a sufficiently accurate and identified request for inspection, Data Subjects have the right to receive other information concerning themselves and the information contained in the records. The inspection request is made in writing or in an otherwise verified format, and sent to the address mentioned in Section 2.  

If necessary, the Controller may ask the Data Subject to specify their request in writing and, if necessary, the identity of the Data Subject can be verified before taking other measures. 

The right of inspection may be denied on the grounds provided by law. The exercise of the right of inspection is, in principle, free of charge.

Right to rectification and erasure 

The Data Subject may request the rectification, erasure or restriction of processing of incorrect, unnecessary, incomplete or outdated information. The Data Subject must submit their respective claim to the Data Controller at the address specified in Section 2.

Other rights related to the processing of personal data 

As a Data Subject, the job applicant also has the right to:

  • under certain conditions, object to the processing;
  • under certain conditions, to be able to transfer data from one system to another; and
  • withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal if the processing was based on consent.

A request for the exercise of the Data Subject's rights must be made in writing or in otherwise verified format, and sent to the address specified in Section 2.

The Data Subject´s right to lodge a complaint with a supervisory authority 

The Data Subject has the right to lodge a complaint with a competent supervisory authority if the Controller has not complied with the applicable data protection regulation.

Personal data deletion and retention period 

Data from an open application is stored in the register for 6 months.
An application for a specific job is stored in the register for two (2) years from the date of submission of the job application.

The Controller may, on its own initiative, delete job applications with incomplete information. 

Applications may also be processed for other possible vacancies, unless the job applicant has informed the Controller that they want the application to be processed only for a specific job, or have otherwise requested that the processing is terminated.  

Digital data is destroyed by overwriting, and paper documents are disposed of with due regard for data security when there are no longer grounds for processing or storing the data. However, the data will not be deleted if the law prescribes otherwise or a competent authority has initiated a process that requires Proventia Group Oyj or Proventia Oy to retain the data, or another party has applied to a Finnish court for a decision on the protection of the data.

Changes to the Privacy Policy 

Proventia Group Oyj and Proventia Oy reserve the right to make changes to this Privacy Policy by posting changes on their websites.