Nov 23, 2022
This Recruitment Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about job applicants who apply to one of our open positions (referred to as “Applicant” or “you”). Moreover, this Privacy Policy provides information on how and why we process personal data regarding potential job candidates who we are contacting in connection with introducing our open positions (referred to as “Candidate” or “you”).
Aiven Ltd, business ID: 2795743-5, is the data controller (referred to as "Aiven", "we" or "us") in relation to the processing of your personal data. As a data controller, Aiven is responsible for ensuring that personal data is processed in compliance with data protection laws. We take your data protection rights seriously and your personal data will be treated in a secure and confidential manner as set out in this Privacy Policy and as required by data protection laws.
We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at dpo@aiven.io.
We may collect your personal data from the following sources:
For the most part, we collect personal data directly from you during the recruitment process. You provide us with data, for example, when you send us your application through our application form, during job interviews and in connection with performing possible aptitude assessments.
When you use our website, we may automatically collect some technical data which may be associated with you (e.g. IP-address) and your visit on our website. More information regarding the processing of personal data on our website here.
We may collect your personal data from publicly available services, such as LinkedIn and GitHub. This applies mainly with respect to Candidates who we are actively contacting in connection with introducing our open positions. Please note that we may use search engines to collect your public profile data from publicly available services. You can restrict search engines from accessing your public profile by changing certain profile settings or by removing the personal data available on such services.
As part of the recruitment process, and subject to your consent, we may also perform background checks on you. As necessary, such background checks may include criminal records, credit reports or working permits. If background checks are performed, Aiven will at all times ensure that data protection laws are complied with.
Moreover, during the recruitment process, we may also collect your data from references such as your former employers or educational institutions.
We may process personal data concerning you, as a Candidate, for the following purposes:
We process your personal data to evaluate your potential and to identify you as a suitable Candidate for one of our open positions. The processing in this regard includes categorizing and evaluating your suitability for open positions by using certain criteria with respect to professional attributes and skills when performing searches from publicly available services (e.g., LinkedIn, GitHub).
Categories of personal data | Legal basis |
|---|---|
Identity data / Contact data / Skills data / Employment data / Education data | The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in attracting and appointing high caliber talents to secure competitiveness and business continuity. |
We process your personal data, as a Candidate, to inform and offer our open positions to you. The processing in this regard may also include contacting suitable Candidates about new open positions via email.
Categories of personal data | Legal basis |
|---|---|
Identity data / Contact data | The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in imparting information and establishing a dialogue with suitable Candidates to ensure effective communication of open positions. |
If you submit a job application to us, we will further process your personal data for the purposes set out below in section “Why do we process Applicant personal data?”
We use a dedicated search engine to perform Candidate searches from publicly available services. For each of our open positions, to which we are looking for Candidates, we always have certain predefined criteria against which we perform the searches. The predefined criteria consist of the following information regarding the Candidate (the combination used in each search may vary):
In other words, we use pre-determined criteria and automated means to process personal data and create profiles of Candidates. Although the processing may amount to profiling, as defined in data protection laws, we do not carry out any automated decision making that would have legal effects or similarly significant effects on the Candidates.
After performing the search, our recruiters will always review the results and decide which Candidates to contact. In addition, before communicating, our recruiters may also manually check the potential Candidate’s profile in Public Services in order to determine whether the Candidate has the necessary skills and attributes to succeed in our open position.
If you submit an application to us, we may process your personal data for the following purposes:
We process your personal data for the purposes of storing, reviewing and managing job applications as part of our recruitment process. Furthermore, we process personal data to communicate with, and to carry out the evaluation, selection and appointment of the Applicant. We may also carry out background and reference checks, and for some positions, ensure that the Applicant has the appropriate working permits.
Categories of personal data | Legal basis |
|---|---|
| The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in managing and carrying out recruitment processes as well as in evaluating Applicants in an equal and effective manner. Aiven processes special categories of personal data (health status) provided by the Applicant if and as needed to provide the Applicant an equal opportunity to participate in the recruitment process. Where required by data protection laws, we will ask your consent prior to collecting data in connection with background checks and reference checks. Further in the recruitment process, the processing of personal data also becomes necessary in order to take steps at Applicant’s request prior to entering into contract of employment. |
If you are not selected to the position applied, we may further process your personal data to inform you about similar open positions at Aiven.
Categories of personal data | Legal basis |
|---|---|
Identity data - Contact data | The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in imparting information and establishing a dialogue with suitable Applicants to ensure effective communication of open positions. |
To the extent necessary, we may need to process your personal data in order to handle and defend possible legal claims, for example in cases of recruitment selection related disputes or legal proceedings.
In order to fulfil the purposes described in this Privacy Policy, we may have to share your personal data with the parties set out below. These parties may include:
All of our subsidiaries and third-party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy and in accordance with our instructions.
We store personal data on servers located in the European Union ("EU"). However, some of our service providers or subsidiaries may be based outside the European Economic Area ("EEA"), including the United States of America, so their processing of your personal data will involve a transfer of personal data outside the EEA.
Whenever we transfer personal data out of the EEA, and unless a specific derogation applies, we seek to ensure that a similar degree of protection is afforded than that provided in the EEA by ensuring at least one of the following safeguards is implemented:
Please email us at privacy@aiven.io if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place. Please note, however, that some details may be redacted for confidentiality reasons.
We will only retain personal data for as long as it is necessary to fulfill the purposes defined in this Privacy Policy. In general, we comply with the following criteria with respect to retaining and erasing personal data:
Please note that if you are hired as a result of your application, some of the personal data collected as part of the recruitment process may be transferred to your personnel file.
Subject to certain exemptions and limitations, you have certain rights in relation to the processing of your personal data. You have the right to:
Should you wish to exercise your above-mentioned rights, please send a request to us at privacy@aiven.io.
In case you exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page.
If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details:
Aiven Oy
Antinkatu 1
00100 Helsinki
Finland
You have the right to make a complaint at any time to the supervisory authority in your country of residence. List of the EEA supervisory authorities can be found here. In Finland, the relevant supervisory authority is the Office of the Data Protection Ombudsman. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority. Therefore, please contact us in the first instance.