Last update 29.11.2019
This document describes how Scanfil Oü (hereinafter ”Scanfil”) and its staff process the per-sonal data of job applicants applying to Scanfil. Scanfil acts as a controller to such personal data.
As a controller, we are responsible for the personal data of job applicants, and for the processing of such personal data. Protecting your privacy and your personal data is of utmost importance to Scanfil. We are committed to complying with the requirements of data protection regulation applicable to us in the processing of your personal data. The means and purposes of processing the personal data of job applicants are described in more detail in this Privacy Notice.
The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies to all processing of job applicants’ personal data as a general law.
Processing of personal data must always be based on a legal basis set forth in the GDPR. Processing of job applicants’ data is based on the following legal bases:
Personal data of job applicants is processed in particular for the following purposes:
Scanfil may process the following personal data directly necessary for the processing purposes mentioned above. These necessary personal data can be categorised as follows:
Basic information, such as
Information relating to suitability to the position, such as
Other information obtained from the job applicant, such as
Other information accumulated during the recruitment, such as
Data collected through technical monitoring, such as
Data relating to job applicants shall primarily be collected from the job applicant him/herself. In addition, data is collected also from other permitted sources, such as from data systems to which personal data of the applicant is recorded in connection with the job applicant’s use such data system.
In addition, Scanfil may collect data from other sources based on the job applicant’s consent.
Scanfil may transfer job applicant’s personal data to third parties in the following manner in order to fulfil the processing purposes described in this Privacy Notice. When personal data are transferred to an entity which processes personal data on behalf of Scanfil (i.e. data processor) Scanfil has through contractual arrangements ensured that personal data is processed only in accordance with Scanfil’s written instructions and only for the purposes described in this document and that access to personal data is restricted to persons who need access to data based on their tasks.
Some of the data processors used by Scanfil are located outside the EU or EEA area. Scanfil has contractually ensured that these entities undertake to apply an appropriate level of data protection in their processing practices, and thus the data transfers are subject to appropriate safeguards. More information on cross border transfers of personal data and on the appropriate safeguards applied thereto from time to time is available from the contact person mentioned under Section 2 of this Privacy Notice.
Scanfil discloses personal data for instance to authorities and Scanfil’s service providers within the limits allowed or required in currently applicable legislation.
Scanfil retains the personal data of the job applicants in accordance with the applicable legislation only for as long as the retention of data is necessary for processing purposes specified in this Privacy Notice. When Scanfil no longer needs personal data for the specified purposes, the data will be deleted from the data systems of Scanfil as well as from other files.
The general maximum retention period of personal data of job applicants is two years from the relevant recruitment decision.
The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Scanfil to the extent Scanfil acts as the controller to the personal data of the data subject in question.
In certain cases the job applicant can access and rectify his/her personal data through electronic services provided by Scanfil. In other cases, the requests shall be directed to the contact person mentioned in section 2 of this document.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, Estonia to the Estonian Data Protection Inspectorate, in accordance with its instructions. The website of the Estonian Data Protection Inspectorate can be found here.
© Copyright Scanfil 2018. All rights reserved.
You may refuse to accept cookies from our website and delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to control cookies by adjusting your browser’s preferences.
Full Privacy notice for our website visitors can be found here: http://www.scanfil.com/privacy.html.