Home » Recruitment Candidate Register and Privacy Statement

Recruitment Candidate Register and Privacy Statement

This is the register and privacy statement of Trifecta Retail Ventures and DealDash Oyj in accordance with the personal data act (10, 24 §) and the European Union’s General Data Protection Act (“GDPR”). It was last updated on 28 September 2023.

1. Keeper of the register

DealDash Oyj, Siltasaarenkatu 18 B, 00530 Helsinki, Finland

2. Contact person regarding the register

Pekka Lampinen, [email protected]

3. Name of the register

4. Legal basis and purpose of data processing

The legal basis for the processing of personal data in accordance with GDPR is the consent of the registered persons for collection of information for the purpose of potentially entering into a work relationship.

The purpose of the processing of personal data is assessing the potential for entering into a work relationship with the registered person, to be able to communicate with the registered person, and to get information for fulfilling the contractual obligations of entering into a work relationship with the registered person.

The data in this register is not used for automated decision-making nor profiling.

5. Register data contents

Data stored in the register comprises data provided by the registered person, typically: Person’s name, date of birth, contact information (phone, email, address), social security number, employment history, education, skills related to work, nationality, work permit status, photographs, contents of interviews, communication sent by the registered person, and social media profiles.

Data will be stored for at most 12 months after the job posting(s) to which the data has been connected is closed.

6. Regular sources of data

Information may be collected or updated also from other sources in accordance with the law.

7. Data provision to third parties and data transfer outside the European Union and European Economic Area

Information is regularly shared with and processed by companies that belong to the same group of companies as the keeper of the register, since the companies in question may employ the necessary people to run the recruitment process and enter into contractual relationships with people who are hired.

Information may be stored and transferred outside of the European Union and the European Economic Area when the use of cloud software requires it or when persons participating in the recruitment process are located there.

8. Register information security

The register data is handled with care and the information systems using it have appropriate data protection features. The register keeper limits employee access to parts of the data where appropriate.

9. Right to view and correct data

Each person in the register has the right to view and correct data stored about them in the register and demand the correction or amendment of any possible incorrect data. If a person wishes to view or correct data related to them, the request must be made in writing to the register keeper. The register keeper will respond to the person making the request within a time limit set by GDPR, which is typically one month. The register keeper may require the maker of the request to prove their identity.

10. Other rights related to the processing of personal data

Each person in the register has the right to ask for data related to them to be deleted from the register, and they have rights according to GDPR to limit the processing of their data in certain situations. The request must be made in writing to the register keeper. The register keeper will respond to the person making the request within a time limit set by GDPR, which is typically one month. The register keeper may require the maker of the request to prove their identity.