Personal Data File and Controller
Aiven Ltd as Data Controller
You may contact us in privacy related matters by email at email@example.com
Where do we collect the personal data from and what personal data we process?
We collect personal data predominantly directly from the Applicants through our website’s application form. Furthermore, we may collect the personal data the Applicant tells us during job interviews, or when the Applicant contacts us by telephone, email or some other means. We may also collect personal data from third parties, for example, to ensure the chosen Applicant’s right to work in the relevant state.
The following personal data is processed in connection with the recruitment process:
Identity and contact information of the Applicants (e.g. full name, email address, address, telephone number);
Employment and education data, (e.g. previous title, previous employer office location and department, references, licenses, certificates, education information);
Additional personal information the Applicant may provide to us, (e.g. photos and videos, work samples, hobbies and any other personal information provided to us during interviews or other interaction with the Applicant).
Data collected from third parties, (e.g. working permit confirmations or personal data included in written or oral communication with Applicant’s references).
We collect some technical data automatically through the use of our website or services, which may be associated with Applicants (e.g. IP-address). See more information regarding the processing of personal data on our website here.
Special categories of personal data
We do not process special categories of personal data about our Applicants.
For what purpose do we process personal data?
We process Applicants’ personal data for the following purposes:
Organizing and managing the recruitment process
We process personal data for the purposes of storing, reviewing and managing job applications as part of our recruitment processes. Furthermore, we process personal data to communicate with, and to carry out the evaluation, selection and appointment of the Applicant. We may also carry out background and reference checks, and for some positions, ensure that the Applicant has the appropriate working permits.
Informing and offering our new open positions
We process personal data to inform the non-selected Applicants about our new similar open positions as the Applicant applied for, and to offer the similar positions directly to the Applicant.
To fulfill our legal obligations and rights.
We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities. We may also process personal data to establish, exercise or defend legal claims in court and administrative proceedings.
We do not process personal data for automated decision-making.
What is our legal basis to process personal data?
Our legitimate interest
We process personal data to the extent this is necessary to fulfill our legitimate interests, which include our interests to:
To effectively manage and carry out the recruitment process;
To evaluate the Applicants in an equal and effective manner;
To inform about and offer the Applicants our new open positions;
To protect our legal rights, including by handling complaints and exercising or defending legal claims;
We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.
To whom we share your data?
We share the Applicant’s personal data to third parties as follows:
to our relevant subsidiaries to the extent necessary to carry out the recruitment processes for open positions located at our subsidiaries;
to our third party service providers, including but not limited to, data storage, data management and recruitment service providers;
as required or permitted to comply with legal obligations, requests by competent authorities and courts and related legal proceedings;
as required to establish, exercise or defend against legal claims; and
to prospective sellers or buyers if we are involved in a merger, acquisition, or sale of all or a portion of our assets.
Do we Transfer personal data outside the EU/EEA?
We store personal data on servers located in the European Union ("EU") provided by Google and Amazon Web Services.
We transfer personal data to our subsidiaries and third party service providers overseas, which may involve the transfer of personal data to countries outside the European Economic Area ("EEA") which level of information protection may be lower than that offered within the EEA.
To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our subsidiaries and service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.
How long will we retain personal data?
We retain the data for informing the non-selected Applicants about our new open positions, and for safeguarding our legitimate interest to establish, execute or defend a legal claim, for a maximum period of three years.
What rights do you have?
You have the following rights:
The right to request access to personal data about yourself;
The right to object processing, that is based on legitimate interest;
If processing of personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and
The right to data portability, meaning the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or the Applicant's consent.
Should you wish to exercise your above mentioned rights, please send a request to us at firstname.lastname@example.org.
What security measures have we taken?
We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.
Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.