Privacy Policy regarding the company job applicant register

1 Controller

DRA Consulting Oy
Pakkalankuja 7, 01510 Vantaa
+358 9 825 64 200

(hereafter “we” or ”DRA Consulting”)

2 Contact person for register matters

Eeva-Liisa Rahko
Pakkalankuja 7, 01510 Vantaa
+358 9 825 64 200

3 Name of register


4 What is the legal basis for and purpose of the processing of personal data?

The basis for processing personal data is:

  • For the purposes of carrying out the obligations and exercising
    specific rights of the controller or of the data subject in the field of
  • the data subject has given explicit consent to the processing of his
    or her personal data.

The purpose of the processing of personal data is related to the recruitment process and management of the recruitment process and enabling contacts regarding application and selection processes from persons (data subjects) who have applied for the positions.

5 What data do we process?

We process the following personal data of the job applicants or other data subjects in connection with the job applicant register:

  • basic information of the data subject, such as name, contact information, birth date, gender, mother tongue;
  • information regarding the position applied for, such as information of the position in question including information of the nature and type of the employment relationship and information of the contact persons designated for the application process;
  • other information that the data subject has provided of himself, his background etc. in connection with the application process, such as a picture, study and other educational information, work history, language skills, other special skills, description of personal features, different certificates and ratings;
  • information regarding the recruitment process of the data subject, such as information of upcoming further interviews or of the interruption of the recruitment process;
  • other possible information that the data subject himself has provided voluntarily in connection with the recruitment process or information that the controller has collected based on a separate consent of the data subject.

6 From where do we receive information?

We receive data primarily the data subject himself through the application form.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7 To whom do we disclose data and do we transfer data outside of EU or EEA?

We process information ourselves or use a HR partner that processes personal data on behalf of and for us. We do not disclose personal data outside of EU/EEA.

8 How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system.

The information is collected into databases that are protected by firewalls, passwords, and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

The data is stored for 24 months or until the applicant selection process has ended.

9 What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

10 Who can you be in contact with?

All contacts and requests concerning this privacy policy must be submitted in writing or in person to the person mentioned in section two (2).

11 Changes in the Privacy Policy

Should we make amendments to this privacy protection statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.