This Privacy policy acts as frame for the personal data collected by Pankaboard Oyj according to the European Union General data Protection Regulation (GDPR) and the local legislation.

Effective from May 25th 2018

Data controller is Pankaboard Oyj, registered address Ruukintie 2, 81750 Pankakoski. Data controller manages the collected data. Subsidiaries of the data controller may also manage the personal data or share the management responsibility.

This Privacy Policy covers our recruiting process.

This Privacy policy describes the type of personal data we collect, how we use the data, how we manage the data, how long we hold the data, who we share the data with and the rights the data subject has for the collected personal data. We also tell how to contact us in case of questions or comments about our privacy policy or if you want to use your rights.

Privacy policy

  • Collected data
  • How collected data is used
  • How we manage and protect the user data
  • Time to hold of collected data
  • Sharing the data
  • Transferring the data
  • User rights
  • Changes in privacy policy
  • Contact information

Collected data

We collect personal data from the job applications. We collect the following data (within the local legislation):

  • Contact information (Name, address, email address, telephone number)
  • Other information you may give us in questionnaires or
  • In contact forms in our website
  • Job experience and education
  • Language skills and other work related skills
  • Social security number, national id number
  • Date of birth
  • Gender
  • Information given by the references; and
  • Information in resume/CV; information related to career development and other information related to qualifications to work

We may also collect information that you give about other people, such as contact persons for emergency situations.

Use of collected data

Data controller collects and uses the collected data for the following purposes (within the local legislation):

a) Recruitment

All data is managed by different legal basis which among others are:

a) Consent, or separate agreement if needed according to legislation
b) Confirming that our activities follow the legal contractual requirements or qualifications to make contracts

If you work for our client or if you are applying for a job, we use the data described in this privacy policy within the local legislation also for the following purposes:

a) Employment opportunities and providing work
b) Evaluating your qualifications as a job seeker for a certain task

We may also use the data other ways of which we inform separately when collecting data or before collecting data.

Legal aspects

Data controller can manage the personal data in certain business purposes which includes the following aspects:

  • Detecting and blocking a fraud
  • Improving the safety of the website and information systems

Always when we handle personal data for these purposes we make sure that your rights are fully appreciated. You have a right to object handling your personal data, please see detailed “Rights of the data subject”.

How we handle and protect personal data

We manage collected personal data also automatically for the purposes mentioned above and we hold the data a period of time that follows our internal policies. This makes sure that the personal data is not being held longer that is necessary.

We have administrational, technical and physical processes which are designed to protect your data from being destroyed, disappeared, modified, processed, revealed or being used by mistake, illegally or unauthorized. To make sure the safety and the confidentiality of the personal data we use the following safety processes:

  • Encryption of transferred data
  • Strong access control
  • Reinforced network infrastructure
  • Website control

Time to hold the data

We save the collected data for six months.

Sharing the data

We don’t share the personal data we have collected with others than mentioned in this privacy policy or described in separate notification given in connection to certain activities.

We can share the personal data collected about the data subject if needed by the law, law process or if the authorities submit an official request and the sharing the data is seen as inevitable or necessary to avoid physical or monetary damage or to investigate fraud or illegal activities. We hold the right to transfer the collected personal data in case the business or asset sale or transfer (also in case of reorganization, business closure, bankruptcy).

Transferring the data

We don’t transfer the data outside the country where the data was originally collected or inside the country.

Rights of the data subject

According to GDPR articles 15-22 the data subject has the following rights:

  1. Right to access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
  2. Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
  3. Right to erasure (‘right to be forgotten’): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
  4. Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing
  5. Notification obligation regarding rectification or erasure of personal data or restriction of processing: The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
  6. Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller.
  7. Right to object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
  8. Automated individual decision-making, including profiling: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Always when personal data is being handled on the basis of consent as defined in GDPR article 7 the data subject has a right to cancel the consent at any time.

Changes in privacy policy

This privacy policy (and possible attachments) may be updated in case there are changes in our privacy policies or in legal requirements. We inform of any significant changes in our website. In the beginning of each privacy policy there is mentioned when the policy has been updated.

Contact information

In case you have questions or comments about our privacy policy or if you want to use your rights as a data subject, please contact us in the following address:

Tietosuoja / Pankaboard Oyj
Ruukintie 2,
81750 Pankakoski