Terramare's Recruitment Register

1. Legal basis and purpose of processing personal data

The data protection and privacy policy describes how personal data is collected, processed and disclosed in connection with the recruitment process. Data subjects have applied for a particular job vacancy or have sent to Terramare an open application.

As a rule, the basis for processing the personal data of those applying for a particular job vacancy is implementing pre-contractual measures to achieve an employment contract at the request of the data subject as well as Terramare’s legitimate interest in demonstrating the equal treatment of applicants.

Processing of personal data related to background and security checks is based on the consent of the job applicant.

The basis for processing personal data obtained via open applications is the consent of the persons in question. If personal data are processed in some specific recruitment process, the basis for processing personal data is, however, implementing pre-contractual measures at the request of the data subject. If the data subject is not selected for a job in the application process, the processing of personal data is based on Terramare’s legitimate interest.

Processing of personal data may be outsourced to third parties.

2. Controller

Terramare Oy

Laurinmäenkuja 3A

00440 Helsinki

Data protection officer/contact person responsible for matters concerning the register:

Tapio Leinonen

Laurinmäenkuja 3A

FI-00440 Helsinki

+358 9 6136 2625, tapio.leinonen@boskalis.com

3. Data content of the register

The register contains the following personal data, which are essential for selecting individuals and which might vary depending on the job vacancy in question:

Basic information:
- Last name, first names
- Contact information (telephone number, email address and postal address)
- Date of birth (when required by the job in question)
- Nationality, work permit if necessary
- Positions of trust if necessary
- Possible other information provided by the job applicants themselves

Information related to the job application:
- Work experience justified with respect to the job in question (employment and education history), qualifications, expertise and language skills
- Referees
- Key skills
- Person’s own free-form presentation

Information arising during the recruitment process in relation to assessing the applications:
- Information related to the progress of the recruitment process
- Application-related notes
- Possible interview information and interview notes
- Referees and person’s consent to contact referees
- Results of suitability assessment
- Results of background and security checks

The employer’s representatives participating in the recruitment process prepare a recruitment memorandum of information arising and observations made during the process, and this memorandum is archived with the applicant’s other information.

The basic information of the person selected for the job and information related to the job application is transferred to Terramare’s human resources register.

4. Storage of information

Personal data are stored only for as long as it is necessary to implement the purposes specified in this statement.

Personal data processed in a recruitment process aimed at filling certain job vacancies are stored for two years or until processing of the matter has ended, based on the limitation period laid down in the Equality Act.

Open job applications are stored for two years from receiving the applications or until the data subjects cancel their consent to process personal data and request that their data be erased, at which point the data are erased if there is no other justification for their storage.

5. Normal sources of information

The normal sources of information are the job applicants themselves. In addition, information may be collected with the job applicant’s consent from referees, suitability assessment service providers or from the authorities when a client requires a background or security check.

Information also arises during the application process when observing a person’s actions.

6. Transfers of data and regular disclosures

Information is not, as a rule, disclosed to third parties.

Information may be disclosed within the Group, in which case some other company belonging to the Group may process personal data on Terramare’s behalf. This procedure is based on Terramare’s legitimate interest to transfer personal data between Group companies for administrative purposes, such as for reporting data or practising efficient business operations, for example when wishing to utilise the Group’s information systems.

Terramare may disclose personal data to third parties
- to the extent permitted and required by law
- when partners process personal data on Terramare’s request or in accordance  with Terramare’s instructions:  for example when purchasing recruitment services from an external partner, Terramare as the controller is responsible for the appropriate processing of personal data
- if Terramare is involved in a merger, business restructuring or in the sale of business operations or part thereof
- when disclosure is essential to fulfil Terramare’s rights, either to protect the security of someone in the register or others, to investigate malpractices or to respond to an official request and
- with the consent of the data subject, to parties whom such consent applies, for example referees.

7. Transfer of data regularly outside the EU or the EEA

Data are not regularly transferred outside the EU or the European Economic Area (EEA).

Data may, however, be transferred if a Terramare partner processes personal data outside the EU or EEA when executing an assignment.

8. Register's protection principles

A) Manual material

The principles of data storage are set out in the Group’s information security guidelines. Manual material in physical form is processed only by persons who must have access to personal data in order to fulfil tasks required by the employer.

Manual personal data is stored in a locked cabinet. Office premises are locked and access to premises is only possible by persons belonging to Terramare’s personnel and employees of service providers who must have access to premises to perform work. Some of the premises have camera surveillance.

Material that contain personal data are destroyed in a reliable way either by shredding the material or by transferring the material to a locked data protection trash container.

B) Data processed by IT system

In accordance with the Group’s information security guidelines, Terramare uses security measures that protect against viruses and other malware as well as software errors. The security measures are updated regularly. All log-ins to information systems can be authenticated on the basis of personal user IDs and passwords.

Material in digital form is processed only by appropriate persons who due to their work must know or must access personal data in order to fulfil tasks required by the company.

9. Right to inspect

Data subjects have the right to inspect what data have been saved about them in Terramare’s recruitment register. An inspection request must be sent, in writing and signed, to the contact person responsible for matters concerning the register, mentioned in section 2. An inspection request can also be made at the controller’s premises.

The controller shall respond to the client within the period set out in the EU’s Data Protection Regulation (as a rule, within one month).

10. Right to demand correction of data

Data subjects are themselves responsible for the accuracy of the information they provide, and data subjects must notify Terramare if changes take place in the information they provide.

If they wish to update out-dated or inaccurate information, data subjects must contact the contact person responsible for matters concerning the register, mentioned in section 2.

11. Changing the privacy statement

Terramare has the right to update the data protection and privacy statement to correspond with current policy.

Data subjects have the right under the Personal Data Act to prohibit the controller from processing data related to themselves by requesting that an open application previously submitted by them be destroyed, or by withdrawing their consent for the receipt of references.

Data subjects have the right to receive their personal data in a structured and commonly used format in order to transfer their own personal data from the system to another system, i.e. to another controller. Such requests for data may be addressed to Terramare’s person responsible for matters concerning the register, mentioned in section 2.

If a data subject considers that statutory rights have been violated, they have the right to file a complaint on the matter to the national data protection authority or to another data protection authority of the European Union or the EEA.

The Data Protection Ombudsman acts as the supervisory authority in Finland.