Recruitment and Candidate Sourcing Privacy Policy

12 January, 2022

This Recruitment Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about job applicants who apply to one of our open positions (referred to as “Applicant” or “you”). Moreover, this Privacy Policy provides information on how and why we process personal data regarding potential job candidates who we are contacting in connection with introducing our open positions (referred to as “Candidate” or “you”). 

Aiven Ltd, business ID: 2795743-5, is the data controller (referred to as "Aiven", "we" or "us") in relation to the processing of your personal data. As a data controller, Aiven is responsible for ensuring that personal data is processed in compliance with data protection laws. We take your data protection rights seriously and your personal data will be treated in a secure and confidential manner as set out in this Privacy Policy and as required by data protection laws.

If you have any questions regarding this Privacy Policy, please contact us at privacy@aiven.io

Where do we collect your personal data from?

We may collect your personal data from the following sources: 

Personal data provided directly by you

  • For the most part, we collect personal data directly from you during the recruitment process. You provide us with data, for example, when you send us your application through our application form, during job interviews and in connection with performing possible aptitude assessments. 

Technical data we collect or generate automatically

  • When you use our website, we may automatically collect some technical data which may be associated with you (e.g. IP-address) and your visit on our website. More information regarding the processing of personal data on our website here.

Personal data collected from publicly available services (e.g., LinkedIn, GitHub)

  • We may collect your personal data from publicly available services, such as LinkedIn and GitHub. This applies mainly with respect to Candidates who we are actively contacting in connection with introducing our open positions. Please note that we may use search engines to collect your public profile data from publicly available services. You can restrict search engines from accessing your public profile by changing certain profile settings or by removing the personal data available on such services.

Personal data collected from background checking organizations

  • As part of the recruitment process, and subject to your consent, we may also perform background checks on you. As necessary, such background checks may include criminal records, credit reports or working permits. If background checks are performed, Aiven will at all times ensure that data protection laws are complied with.

References from former employers or educational institutions

  • Moreover, during the recruitment process, we may also collect your data from references such as your former employers or educational institutions.

Why do we process candidate personal data?

We may process personal data concerning you, as a Candidate, for the following purposes:

Evaluating and finding suitable Candidates 

We process your personal data to evaluate your potential and to identify you as a suitable Candidate for one of our open positions. The processing in this regard includes categorizing and evaluating your suitability for open positions by using certain criteria with respect to professional attributes and skills when performing searches from publicly available services (e.g., LinkedIn, GitHub).

Categories of personal data
Legal basis
Identity data / Contact data / Skills data / Employment data / Education data
The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in attracting and appointing high caliber talents to secure competitiveness and business continuity.

Informing and offering open positions to suitable Candidates

We process your personal data, as a Candidate, to inform and offer our open positions to you. The processing in this regard may also include contacting suitable Candidates about new open positions via email.

Categories of personal data
Legal basis
Identity data / Contact data
The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in imparting information and establishing a dialogue with suitable Candidates to ensure effective communication of open positions.

If you submit a job application to us, we will further process your personal data for the purposes set out below in section “Why do we process Applicant personal data?”

Further information on how we perform candidate searches

We use a dedicated search engine to perform Candidate searches from publicly available services. For each of our open positions, to which we are looking for Candidates, we always have certain predefined criteria against which we perform the searches. The predefined criteria consist of the following information regarding the Candidate (the combination used in each search may vary):

  • Working location

  • Work experience

  • Technology skills (e.g., key programming languages)

  • Other similar professional attributes

In other words, we use pre-determined criteria and automated means to process personal data and create profiles of Candidates. Although the processing may amount to profiling, as defined in data protection laws, we do not carry out any automated decision making that would have legal effects or similarly significant effects on the Candidates.

After performing the search, our recruiters will always review the results and decide which Candidates to contact. In addition, before communicating, our recruiters may also manually check the potential Candidate’s profile in Public Services in order to determine whether the Candidate has the necessary skills and attributes to succeed in our open position.

Why do we process applicant personal data?

If you submit an application to us, we may process your personal data for the following purposes:

Managing the recruitment process and Applicant evaluation to reach a selection decision

We process your personal data for the purposes of storing, reviewing and managing job applications as part of our recruitment process. Furthermore, we process personal data to communicate with, and to carry out the evaluation, selection and appointment of the Applicant. We may also carry out background and reference checks, and for some positions, ensure that the Applicant has the appropriate working permits.

Categories of personal data
Legal basis
Identity data / Contact data / Skills data / Employment data / Education data / Background check data / Reference check data / Other data categories provided (e.g., photos or videos, work samples, hobbies, etc.)
The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in managing and carrying out recruitment processes as well as in evaluating Applicants in an equal and effective manner. Where required by data protection laws, we will ask your consent prior to collecting data in connection with background checks and reference checks. Further in the recruitment process, the processing of personal data also becomes necessary in order to take steps at Applicant’s request prior to entering into contract of employment.

Communicating new open positions

If you are not selected to the position applied, we may further process your personal data to inform you about similar open positions at Aiven.

Categories of personal data
Legal basis
Identity data / Contact data
The processing is necessary to achieve legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in imparting information and establishing a dialogue with suitable Applicants to ensure effective communication of open positions.

Establishing, exercising or defending legal claims

To the extent necessary, we may need to process your personal data in order to handle and defend possible legal claims, for example in cases of recruitment selection related disputes or legal proceedings.

With whom do we share your data?

In order to fulfil the purposes described in this Privacy Policy, we may have to share your personal data with the parties set out below. These parties may include:

  • Our relevant subsidiaries to the extent necessary to carry out the recruitment process for open positions located at our subsidiaries;

  • Third-party service providers, including but not limited to, data storage, data management and recruitment service providers; 

  • Courts, counterparties etc., as required to establish, exercise or defend legal claims;

  • To the extent required and necessary, competent authorities if we are obligated under law to disclose data; and

  • Prospective sellers or buyers if we are involved in a merger, acquisition, or sale of all or a portion of our assets.

All of our subsidiaries and third-party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy and in accordance with our instructions.

Do we transfer personal data outside the EU / EEA?

We store personal data on servers located in the European Union ("EU"). However, some of our service providers or subsidiaries may be based outside the European Economic Area ("EEA"), including the United States of America, so their processing of your personal data will involve a transfer of personal data outside the EEA.

Whenever we transfer personal data out of the EEA, and unless a specific derogation applies, we seek to ensure that a similar degree of protection is afforded than that provided in the EEA by ensuring at least one of the following safeguards is implemented:

  • Where possible, we will transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or

  • Where we use a service provider residing in a country outside the EEA that is not deemed to provide an adequate level of protection for personal data, we use specific contractual clauses approved by the European Commission (i.e., the Standard Contractual Clauses approved by the European Commission) which aim to provide personal data the same protection as it has in the EEA.

Please email us at privacy@aiven.io if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place. Please note, however, that some details may be redacted for confidentiality reasons.

How long do we retain personal data?

We will only retain personal data for as long as it is necessary to fulfill the purposes defined in this Privacy Policy. In general, we comply with the following criteria with respect to retaining and erasing personal data: 

  • With respect to you as a Candidate, personal data are retained during the search and evaluation period. Personal data will be erased after we have contacted you to inform and offer open position at Aiven;

  • With respect to you as an Applicant, personal data are retained for the duration of the recruitment process. After the selection decision has been made, non-selected Applicants personal data are retained for a maximum period of 1 year in order to be able to communicate new open positions as well as for safeguarding our legitimate interests in establishing, executing or defending possible legal claims.

Please note that if you are hired as a result of your application, some of the personal data collected as part of the recruitment process may be transferred to your personnel file.

What rights do you have?

  • Subject to certain exemptions and limitations, you have certain rights in relation to the processing of your personal data. You have the right to:

  • Access your personal data;

  • Update incorrect or incomplete personal data;

  • Object to the processing of personal data;

  • Erase your personal data;

  • Restrict the use of your personal data;

  • Data portability, meaning the right to receive your data in a structured, commonly used machine-readable format and transmit the data to another data controller; and

  • Withdraw your consent.

Should you wish to exercise your above-mentioned rights, please send a request to us at privacy@aiven.io.

In case you exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Updates to this privacy policy

We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page.

Contact us

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details: 

Aiven Oy Antinkatu 1 00100 Helsinki Finland

privacy@aiven.io

You have the right to make a complaint at any time to the supervisory authority in your country of residence. List of the EEA supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. In Finland, the relevant supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority. Therefore, please contact us in the first instance.

orange decoration
yellow decoration

Start your free 30 day trial!

Build your platform, and throw in any data you want for 30 days, with no ifs, ands, or buts.

orange decoration
yellow decoration

Start your free 30 day trial!

Build your platform, and throw in any data you want for 30 days, with no ifs, ands, or buts.

Products

Aiven for Apache Kafka®Aiven for Apache Kafka Connect®Aiven for Apache Kafka MirrorMaker 2®Aiven for Apache Flink® BetaAiven for M3Aiven for M3 AggregatorAiven for Apache Cassandra®Aiven for OpenSearchAiven for PostgreSQLAiven for MySQLAiven for RedisAiven for InfluxDBAiven for Grafana

Let‘s connect

Apache Kafka, Apache Kafka Connect, Apache Kafka MirrorMaker 2, Apache Flink and Apache Cassandra are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. ClickHouse, M3, M3 Aggregator, OpenSearch, PostgreSQL, MySQL, Redis, InfluxDB, Grafana are trademarks and property of their respective owners. All product and service names used in this website are for identification purposes only and do not imply endorsement.