Recruitment privacy statement

Personal data is processed for the following purposes and on the following legal basis:

• Management and administration of the recruitment processes
• Communication and contact (incl. sending professional newsletters)
• Preparing and concluding an employment or professional contract
• Organizing recruitment and training events, managing event invitations and event participation information
• Conducting prize draws or competitions related to recruitment and training events (incl. contacting the winner, delivering the prize and preparing and archiving the prize draw protocol)
• Conducting suitability assessments
• Security clearance vetting
• Checking credit information
• Processing a drug test certificate
• Investigating and correcting an error in an IT service (e.g. online service, application) or device
• Ensuring the legal protection of Terveystalo and the data subject, as well as the fulfillment of legal obligations and obligations pursuant to regulations/instructions issued by the authorities, the verification of misconduct and the monitoring of use
• Reporting, analytics and statistical data collection on the recruitment processes

Depending on the purpose of the processing and/or the personal data, the basis for the processing of personal data is the person’s consent, an agreement between the person and Terveystalo or the preparation thereof, the implementation of rights and obligations arising from legislation or a legitimate interest.

We process the following personal data:

• Basic information (e.g. name, date of birth)
• Contact information (e.g. address, email address, telephone number)
• Personal identity code
• Work and education history and data on degrees
• Qualifications, specializations, information pertaining to professional practice rights
• Permissions, competence tests
• Languages
• The applicant’s salary request
• Video interview responses recorded by the applicant
• Suitability assessment data
• Contact information of those who provide recommendations
• Other information provided by the applicant and attachments to the application (e.g. CV, cover letter, transcripts of studies, LinkedIn profile information in cases where the person has filled out Terveystalo's application form by using the LinkedIn service or provided their LinkedIn profile in their application, etc.)
• Notes from interviews
• Security clearance information
• Credit information
• Information contained in the drug test certificate
• Communication with Terveystalo
• Responses to surveys and questionnaires
• Event invitation and participation information (incl. any food restrictions)
• Information related to prize draws and competitions
• Online and communication behavior data and log data:
• Online behavior and use of services are monitored by, for example, IP address and cookies. Collected information may include, for example, pages you browse, forms you fill in, the model of the device you use, channels such as application, mobile browser or Web browser, browser version, session ID, time and duration of the session.
• With regard to the monitoring of communication behavior; the collected information may include, for example, the opening of email messages sent by us, clicking or accessing our site through a message.
• Log data related to the use of applications and online services.

Terveystalo only stores personal data that are necessary for Terveystalo’s operations and the purposes for which the personal data in question are processed and for which there are legal prerequisites for processing. The retention period of personal data is determined on the basis of the purpose for which the personal data is processed and/or the personal data. The retention period of personal data is also affected by legal obligations to retain personal data and other time limits  for the implementation of various measures (e.g. limitation period or prosecution limits).

Applications made by the data subject are stored for 24 months, after which the applications are automatically deleted from the system. Based on the person’s separate consent, the application may then be retained for a another 24-month period.

Data that has become unnecessary for its purpose, outdated data or data for which there is otherwise no basis for processing, is anonymized or securely destroyed.

• Personal data is primarily collected from the data subjects themselves. If data is obtained in the recruitment process from a source other than the data subject themself (e.g. references, credit checks, criminal record extracts for certain tasks, concise security clearance vetting), the person’s consent will be separately requested.
• For recruitment purposes, data is also obtained from public sources, such as information related to professional practice rights from the register for healthcare professionals, as well as from Terveystalo’s partners (e.g. healthcare student organizations)
• Online behavior and the use of applications and services are monitored on the basis of activities on Terveystalo’s website, applications and services
• Communication behavior is monitored through responses to Terveystalo’s messages

Personal data may be disclosed:

• for administrative reasons within the group
• to our suitability assessment partner with the applicant’s consent
• if we are involved in a merger, reorganization or the sale of a business or part of a business
• on the basis of legislation, such as to authorities.

The processing of personal data is outsourced to Group companies and/or external service providers who process the personal data on behalf of Terveystalo. Personal data may be transferred outside the EU or the EEA within the bounds of legislation. In such cases, the transfer takes place in accordance with the European Commission’s standard contractual clauses or some other transfer mechanism permitted by data protection legislation.

The processing of the personal data does not involve automated decision-making. The recruitment process may include the automated assessment of personal characteristics, for example as part of the applicant’s suitability assessment.  

Right of access

• Data subjects have the right to know whether personal data concerning them are being processed and to access the data concerning themselves.

Right to rectification

• Data subjects have the right to request the rectification of erroneous or incomplete data.

Right to erasure

• Data subjects have the right to request the erasure of their personal data. Requests for erasure are implemented within the confines permitted by the law.

Right to object or restrict processing

• The data subject has, in certain situations, the right to object to the processing of their personal data on grounds relating to their particular situation at any time.
• In certain situations, the data subject has the right to request the restriction of the processing of their personal data. For example, if the data subject disputes the accuracy of their personal data, the processing of the personal data will be restricted for the duration of the investigation. The request of the data subject can be refused if restricting the processing of personal data could cause serious danger to the health or treatment of the data subject or to the rights of the data subject or someone else.

Right to data portability

• A data subject has the right to request that their data be transmitted from one system to another if the data has been provided by the data subject themselves and if the processing of the personal data is based on consent or an agreement.

Right not to be subject to automated decision-making

• The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning them or similarly significantly affects them. However, there are exceptions to this prohibition.

Withdrawal of consent

• Where the processing of personal data is based on consent, the data subject can withdraw their consent at any time.

The right to refer the matter to a supervisory authority

• The data subject has the right to refer the matter to the supervisory authority (in Finland, the Data Protection Ombudsman) if the data subject considers that the processing of personal data concerning them is in breach of data protection legislation. For more information, visit the Data Protection Ombudsman’s website: tietosuoja.fi/en.

Requests pertaining to the rights of data subjects can be made by contacting hrtietosuoja@terveystalo.com.

You can unsubscribe from the professional newsletter or event invitations at any time via the unsubscribe link in the email.

Data Protection Officer’s contact information

email: tietosuoja@terveystalo.com

Terveystalo’s Data Protection Officer

Suomen Terveystalo Oy

Jaakonkatu 3A, 6th floor, 00100 HELSINKI