Skip to content

Digia's Recruitment Privacy Statement

This Privacy Statement (‘Statement’) covers the processing of personal data carried out in connection with Digia Plc’s (‘Digia’) recruitment activities.

This Statement was last updated on 28 September 2023.

1. Data Controller's contact details

Digia Plc

Business ID: FI-08313124
Address: Atomitie 2A, 00370 Helsinki
Tel.: Exchange, +358 (0)10 313 3000 (mpm/pvm)

In addition, the companies of the Digia Group are joint data controllers with Digia Plc insofar as these companies participate in the recruitment activities, or recruitment activities are carried out to meet the recruitment needs of these companies, or the companies otherwise take advantage of the personal data collected in connection with Digia Plc’s recruitment. The majority of Digia Plc’s recruitments are carried out under the name of Digia Plc’s subsidiary Digia Finland Ltd. The contact details of the Digia Group companies are available here. All Digia Group companies comply with the data protection principles of this Statement in their recruitment.

The contact point for the personal data processing under this Statement is:

rekry(at)digia.com

 

2. Data Protection Officer's contact details


Data Protection Officer Digia Plc
dpo(at)digia.com

 

3. Purposes and legal bases of the processing

The below processing of personal data at Digia is carried out solely for the purposes of recruitment activities. Personal data of candidates is processed during the recruitment process for assessing the candidate’s suitability, to invite candidates to interviews, and in other such activities necessary for completing the recruitment process. If a candidate is chosen, the personal data provided by the candidate during the recruitment process is also used to establish the candidate’s employment and in tasks related to the start of the employment.

The legal bases for the processing of the personal data collected by Digia for recruitment purposes are the candidate’s consent, Digia’s legitimate interests related to appropriately completing the recruitment process, and legal requirements related to investigating what work permits are required, for example. If a candidate is selected for employment at Digia, the candidate’s personal data is processed in accordance with the obligations laid down in legislation, to which Digia is subject as the employer.

Candidates must provide certain personal data during the recruitment process. Such information is marked as mandatory in the relevant form fields (e.g. with an asterisk *). If a candidate does not want to provide this information to Digia, it may be impossible for Digia to consider the candidate for the open position. In addition, certain candidate contact details are required to ensure that Digia can contact the candidate to provide information on the recruitment process.


The purposes and legal bases of the personal data processing are summarised in the table below.

Purpose Legal basis
Carrying out the recruitment process and assessing candidate suitability Consent

Retaining the candidates’ documents for 24 months after the end of the recruitment process

Statistical reporting on candidate data		 Legitimate interest
Providing statistical candidate data to authorities to comply with legal obligations Legal obligation

 

4. Categories of data subjects

Candidates

 

5. Personal data processed

Digia processes the following personal data of candidates:

  • Name (full name)
  • Telephone number
  • E-mail
  • Address
  • Educational background and work experience
  • Other information necessary for assessing suitability (e.g. language skills, other skills)
  • Attachments provided by candidates (e.g. written applications, CVs, work samples, photos, websites)
  • Notes taken by Digia on the candidates during the recruitment process

In addition to the above, the following personal data of candidates may be collected in the following situations:

  • Recipient email address, if a job advertisement is shared with the ‘Tell a friend’ function.
  • Recipient email address and used search terms if an automatic summary of open postings is subscribed to with the ‘Hakuvahti’ alert function.
  • The candidate’s IP address, name, contact details and other information related to a recruitment provided by a candidate through the Digia recruitment bot on Digia’s website.

 

6. Data retention periods

Candidates’ applications and personal data provided by them during the recruitment process are retained throughout the recruitment process and for a total of 24 months after the date on which the candidate submits their application, unless the candidate requests the data to be erased earlier.

Candidate data obtained via the recruitment bot on Digia’s website is retained for 24 months, unless the candidate requests the data to be erased earlier.

Candidate data sent to the recruitment email address is retained in the recruitment inbox for 12 months after the data is received.

 

7. Regular data sources

Data is primarily collected from the candidates themselves. With the candidate’s consent, some data may be collected from public websites linked in the candidate’s application (e.g. LinkedIn) and referee’s named by the candidate, for example. In some situations, Digia may also use external recruitment consultants to find candidates, in which case Digia may receive some candidate data from such recruitment consultants as well.

If a candidate is chosen for the position open at Digia as a result of the recruitment, personal data required for the performance of tasks and obligations related to the candidate’s employment (such as paying wages) may also be collected. Such data includes the candidate’s personal identity code, information on valid work permits and qualifications, and bank account number for paying wages. Personal data of candidates employed by Digia is processed in accordance with Digia’s employee privacy statement.

 

8. Regular data disclosures and transfer of data outside of EU or the EEA

Digia uses the TalentAdore service provided by its partner TalentAdore Ltd as a technical platform in its requirement. As the provider of the TalentAdore service, this Digia partner has access to the personal data collected by Digia in accordance with this Statement, and the partner serves as Digia’s data processor in connection with recruitment activities. Digia has concluded the appropriate agreements with the partner as required by data protection legislation, and in the agreements, Digia has obligated the partner to comply with the principles of this Statement in its tasks as Digia’s data processor, among other provisions.

Digia may, from time to time, use third parties such as subcontractors, service providers and consultants in carrying out its recruitment. Such third parties include any recruitment consultants or other recruitment service providers used by Digia for its recruitment activities. These third parties may, from time to time, process or other otherwise access the personal data controlled by Digia and described in this Statement. However, such third parties are permitted access to personal data controlled by Digia only when required and only to the extent necessary for the provision of the service. In its activities, Digia uses only the services of trusted service providers and subcontractors that are bound by agreement to comply with the data protection principles described in this Statement.

Digia does not disclose or transfer the personal data collected in connection with recruitment outside the EU or the EEA. However, the TalentAdore service includes certain features and functions that are partly or fully provided by a service provider established outside the EU or the EEA. Therefore, it is possible that the candidate’s personal data is processed outside the EU or the EEA when these features and functions of the TalentAdore service are used. Such service providers are subcontractors of Digia’s partner TalentAdore Ltd. Digia has obligated TalentAdore Ltd to implement the appropriate safeguards for the data transfers of its subcontractors and ensured that these have been implemented.

For more information on the locations of data processing and the subcontractors, service providers and consultants used by Digia in its recruitment, please contact Digia with the contact details provided herein.

 

9. Data protection principles

Digia has implemented the appropriate technical and organisational measures required by legislation in order to prevent the unlawful access, processing, loss, and alteration of personal data, as well as other security risks. The candidates’ information is saved in a system of the data controller that is protected with operating system security software and functions. Accessing the system requires a user-specific identifier. The system is also protected with firewalls and other technological means. Only specific employees of the data controller have access to the system and have the right to use the data.

 

10. Rights of data subjects

Data protection legislation guarantees data subjects several rights concerning the processing of their personal data. Digia respects these rights and is committed to their implementation. The rights of data subjects are listed below.

  1. Data subjects have the right to request access to their personal data from the data controller and receive a copy of the data;
  2. Data subjects have the right to data portability when the processing is based on consent and carried out automatically;
  3. Data subjects have the right to request that any inaccurate, incomplete or outdated personal data is rectified or erased, and data subjects logged in to the recruitment system can also edit their information directly in the system;
  4. Data subjects have the right to request the restriction of processing in certain circumstances, such as when Digia no longer requires the data but the data subject does not wish the data to be erased but instead requests that its processing is restricted;
  5. Data subjects have the right to object, on grounds relating to their particular situation, to processing in certain circumstances, such as when the processing is based on the data controller’s legitimate interest and the data controller cannot present grounds that would override those presented by the data subject;
  6. Data subjects have the right to request that the data controller erases their personal data, provided that certain conditions are met (‘the right to be forgotten’), such as when the personal data is no longer needed for the purpose for which it was collected, or when the processing was based on consent and this consent is withdrawn;
  7. Data subjects have the right to withdraw their consent to processing at any time; and
  8. Data subjects have the right to lodge a complaint with the competent supervisory authority, which in Finland is the Office of the Data Protection Ombudsman (see tietosuoja.fi/en).

Requests for the execution of these rights should be addressed to PrivacyQuery(at)digia.com. Please note that the execution of some of the rights may require that certain additional legal requirements are met. In addition, Digia may need to request certain additional information from the party making the request to allow us to verify their identity.

Include the following information in your request:

  • Information that allows us to identify you (such as full name, email address or similar)
  • The role in which you are contacting us (= jobseeker/candidate)
  • Which of the legal rights listed above you wish to exercise.