Get ready for GDPR with us
Your applicants’ personal information is safe with us
On May 25, 2018, a new EU regulation regarding the protection of personal information will come into effect. This will also affect companies that are seeking and recruiting new employees. Teamio is ready: we are doing everything we can to make your work on GDPR compliance as easy as possible.
We process the personal information of applicants who respond to job vacancies. The administrators for this information are, however, the employers who publish job vacancy ads.
I.e. the employer who collects information on applicants during recruitment.
The administrator is responsible for ensuring that:
- Adequate technical and organizational measures are implemented to make it easy to prove that your data processing is GDPR-compliant.
- You process only such personal information as is necessary for the given, predefined, specific purpose (for example, the job selection process).
- When two companies share a registration in Teamio, these two companies are considered joint administrators in terms of GDPR. They must decide among themselves which of them is responsible for which part of data processing, especially in connection with the exercising of data subjects’ rights.
The Data Processor
I.e. Teamio/Alma Career Oy and LMC s.r.o. They process applicants’ personal data for employers (administrators).
The Processor is responsible for:
- Managing the platform that enables you to process applicant information.
- We process this data based on your instructions and on a contract with you as its administrator.
- We take into account the nature of applicant-data processing by utilizing suitable technical and organizational measures to ensure that our data processing complies with GDPR requirements and ensures the protection of applicants’ rights.
- We ensure that, on the processor’s side, applicant data is processed solely by persons bound by a non-disclosure agreement.
- We provide the cooperation needed to ensure the adequate processing of personal information by the administrator.
The applicants are the “data subjects” because we can (in)directly identify them using their personal information.
Information connected with a data subject. This might be their name, email, telephone number, CV, notes, labels, or recorded actions.
Actions performed on personal information by the administrator or processor; these are fully or partly automated (collection, recording, organizing, storing, and deleting).
All changes apply to the Free, Easy, and Smart editions.
Consent will be optional
There will be several changes in connection with the GDPR that will affect consent to the processing of personal data.
It must be easy to understand
And that is why we are newly adding an explanation to each reply. This explanation contains basic information on the purpose of the processing, the administrator, the processor, the HR agency, and requests for the processing of personal data outside the EU.
It will be optional
Applicants will be able to respond to a job opening even without providing consent to the processing of personal data.
An applicant can be registered and his or her personal information can be processed within an ongoing selection process for a given job opening.
There will be two separate modes for the processing of personal data:
- Without consent: personal information will be processed only for the duration of an ongoing selection process.
- With consent: personal information will be processed even after the end of the selection process (for example retaining it in Teamio after the selection process ends, enabling you to offer the subject other positions in the future, share information between the parts of a holding company, etc.)
We will differentiate and set rules for “no consent” applicants
During the selection process, you will be able to offer a “no consent” applicant another suitable, similarly-aimed position (assuming that the applicant is interested in working for your company).
We will revise the wording of the consent for employers
We are preparing a new wording here that is GDPR-compliant. We will let you know as soon as the text is approved by our lawyers.
We will continue to provide the option for employers to enter their own text and set their own period of validity for consent.
On our job portals, we are also testing ways to ensure that we send your Teamio as many applicants with consent as possible.
We erase applicants after the expiration of their consent
All data associated with any “no consent” applicant will be irreversibly deleted. When?
- After the job opening is archived (because archival means the end of the selection process).
- 6 months after the applicant’s reaction.
Why 6 months after the applicant’s reaction?
This time period has been evaluated as adequate for the given purpose: participation in a selection process.
We are removing the option to hide consent with the processing of personal information, because there will no longer be any reason for this option.
We are analyzing current consents
We are analyzing the impact of GDPR on personal information that was entered into Teamio before the GDPR came into effect.
We are preparing the options and the handling of access to personal information for applicants who responded to open positions in the period before the GDPR.
We will make the text of our general terms and conditions more precise
Work on this is under way.
How do I know if an applicant has provided consent with the processing of their personal information?
As long as the applicant is in Teamio, you can check whether or not they have provided consent with the processing of their personal information, including the specific text (e.g. for an applicant in the activity history/the details of the first activity).
If the client has paid for the export of positions, then they receive applicant details along with the consent text that has been confirmed by the applicant.
Can the applicant cancel their consent and exercise “the right to be forgotten?”
Applicants who want to have their details deleted from the database can send us an email on this. They can also contact us using the contact form. We get very few such requests. If the number of such requests increases, we will establish new processes here, including possible verification of the legitimacy of such a request.
If I enter an applicant into Teamio manually (for example because their CV was received by post), how can I ask them to provide their consent with the processing of personal information?
Teamio features a function that lets you send an additional request for consent with the processing of personal information. If you use this function, the applicant will receive an email with a request to confirm their consent. If the applicant does not provide confirmation for this request, Teamio will erase their personal information.
The function for supplementary confirmation of consent with the processing of personal details is optional, because employers can receive consent to processing even before they enter the personal information in Teamio.
Didn’t find the answer to your question?
Ask Matti, our specialist on personal data protection.