Nov 23, 2022

Recruitment and Candidate Sourcing Privacy Policy

This Recruitment Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about job applicants who apply to one of our open positions (referred to as “Applicant” or “you”). Moreover, this Privacy Policy provides information on how and why we process personal data regarding potential job candidates who we are contacting in connection with introducing our open positions (referred to as “Candidate” or “you”).

Aiven Ltd, business ID: 2795743-5, is the data controller (referred to as "Aiven", "we" or "us") in relation to the processing of your personal data. As a data controller, Aiven is responsible for ensuring that personal data is processed in compliance with data protection laws. We take your data protection rights seriously and your personal data will be treated in a secure and confidential manner as set out in this Privacy Policy and as required by data protection laws.

We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at

Where do we collect your personal data from?

We may collect your personal data from the following sources:

Personal data provided directly by you

For the most part, we collect personal data directly from you during the recruitment process. You provide us with data, for example, when you send us your application through our application form, during job interviews and in connection with performing possible aptitude assessments.

Technical data we collect or generate automatically

When you use our website, we may automatically collect some technical data which may be associated with you (e.g. IP-address) and your visit on our website. More information regarding the processing of personal data on our website here.

Personal data collected from publicly available services (e.g., LinkedIn, GitHub)

We may collect your personal data from publicly available services, such as LinkedIn and GitHub. This applies mainly with respect to Candidates who we are actively contacting in connection with introducing our open positions. Please note that we may use search engines to collect your public profile data from publicly available services. You can restrict search engines from accessing your public profile by changing certain profile settings or by removing the personal data available on such services.

Personal data collected from background checking organizations

As part of the recruitment process, and subject to your consent, we may also perform background checks on you. As necessary, such background checks may include criminal records, credit reports or working permits. If background checks are performed, Aiven will at all times ensure that data protection laws are complied with.

References from former employers or educational institutions

Moreover, during the recruitment process, we may also collect your data from references such as your former employers or educational institutions.

Why do we process candidate personal data?

We may process personal data concerning you, as a Candidate, for the following purposes:

Evaluating and finding suitable Candidates

We process your personal data to evaluate your potential and to identify you as a suitable Candidate for one of our open positions. The processing in this regard includes categorizing and evaluating your suitability for open positions by using certain criteria with respect to professional attributes and skills when performing searches from publicly available services (e.g., LinkedIn, GitHub).

Informing and offering open positions to suitable Candidates

We process your personal data, as a Candidate, to inform and offer our open positions to you. The processing in this regard may also include contacting suitable Candidates about new open positions via email.

If you submit a job application to us, we will further process your personal data for the purposes set out below in section “Why do we process Applicant personal data?”

Further information on how we perform candidate searches

We use a dedicated search engine to perform Candidate searches from publicly available services. For each of our open positions, to which we are looking for Candidates, we always have certain predefined criteria against which we perform the searches. The predefined criteria consist of the following information regarding the Candidate (the combination used in each search may vary):

In other words, we use pre-determined criteria and automated means to process personal data and create profiles of Candidates. Although the processing may amount to profiling, as defined in data protection laws, we do not carry out any automated decision making that would have legal effects or similarly significant effects on the Candidates.

After performing the search, our recruiters will always review the results and decide which Candidates to contact. In addition, before communicating, our recruiters may also manually check the potential Candidate’s profile in Public Services in order to determine whether the Candidate has the necessary skills and attributes to succeed in our open position.

Why do we process applicant personal data?

If you submit an application to us, we may process your personal data for the following purposes:

Managing the recruitment process and Applicant evaluation to reach a selection decision

We process your personal data for the purposes of storing, reviewing and managing job applications as part of our recruitment process. Furthermore, we process personal data to communicate with, and to carry out the evaluation, selection and appointment of the Applicant. We may also carry out background and reference checks, and for some positions, ensure that the Applicant has the appropriate working permits.

Communicating new open positions

If you are not selected to the position applied, we may further process your personal data to inform you about similar open positions at Aiven.

Establishing, exercising or defending legal claims

To the extent necessary, we may need to process your personal data in order to handle and defend possible legal claims, for example in cases of recruitment selection related disputes or legal proceedings.

With whom do we share your data?

In order to fulfil the purposes described in this Privacy Policy, we may have to share your personal data with the parties set out below. These parties may include:

All of our subsidiaries and third-party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy and in accordance with our instructions.

Do we transfer personal data outside the EU / EEA?

We store personal data on servers located in the European Union ("EU"). However, some of our service providers or subsidiaries may be based outside the European Economic Area ("EEA"), including the United States of America, so their processing of your personal data will involve a transfer of personal data outside the EEA.

Whenever we transfer personal data out of the EEA, and unless a specific derogation applies, we seek to ensure that a similar degree of protection is afforded than that provided in the EEA by ensuring at least one of the following safeguards is implemented:

Please email us at if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place. Please note, however, that some details may be redacted for confidentiality reasons.

How long do we retain personal data?

We will only retain personal data for as long as it is necessary to fulfill the purposes defined in this Privacy Policy. In general, we comply with the following criteria with respect to retaining and erasing personal data:

Please note that if you are hired as a result of your application, some of the personal data collected as part of the recruitment process may be transferred to your personnel file.

What rights do you have?

Subject to certain exemptions and limitations, you have certain rights in relation to the processing of your personal data. You have the right to:

Should you wish to exercise your above-mentioned rights, please send a request to us at

In case you exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Updates to this privacy policy

We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page.

Contact us

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details:

Aiven Oy
Antinkatu 1
00100 Helsinki

You have the right to make a complaint at any time to the supervisory authority in your country of residence. List of the EEA supervisory authorities can be found here. In Finland, the relevant supervisory authority is the Office of the Data Protection Ombudsman. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority. Therefore, please contact us in the first instance.