Jobradar Recruitment Agency personal data processing policy and data protection terms and conditions 

 

This document has been drawn up based on the instructions of the Data Protection Inspectorate of the Republic of Estonia and the European Union General Data Protection Regulation (GDPR) and the Personal Data Protection Act of the Republic of Estonia. 

The document is valid from 25 May 2018 

 

Definitions 

Personal data– any information relating to a natural person which makes it possible to identify that natural person, directly or indirectly, on the basis of various identifiers, whatever the form or format of the information.

Processing of personal data means any operation performed upon personal data, including collection, recording, storage, modification, disclosure, access, etc. of personal data.

A processor is a natural or legal person, a branch of a foreign company, or a national or local authority that processes personal data or on whose behalf personal data are processed.

The controller is the company/body that determines the purposes and means of the processing of personal data.

The data controller is the person who processes personal data on behalf of and for the account of the controller.

Recipient is any person or body to whom personal data are disclosed.

 

 

Main principles of the processing of personal data by Turvax OÜ

·      lawfullness;

·      purposefulness;

·      minimality;

·      accuracy;

·      storage for a limited period;

·      security;

·      accountability and transparency.

 

 

Jobradar Personal Data Processing Overview

 

Turvax OÜ, as the owner of the Jobradar Recruitment Agency (hereinafter simply Jobradar), is both the data controller and the data processor of personal data with its registered office in the Republic of Estonia.

Jobradar's data processors are Jobradar's contractual partners, to whom only the purposeful and minimal personal data is transferred.

Recipients of personal data are representatives of Jobradar's customers and cooperation partners, to whom only personal data of pre-selected individuals are transferred.

The data subjects are job applicants (candidates) and users of our job search service.

The main purpose of the processing of personal data is the processing of orders from customers and the filling of job openings.

In order to achieve this objective, automated data processing and profiling of candidates is carried out, after which the data subjects are significantly affected by the suitability or unsuitability for a position. This means that the processing of personal data is one of the key activities of Jobradar.

It is a regular and systematic, but not extensive, processing of data, which does not require Jobradar to appoint a Data Protection Officer.

Jobradar Basics of processing personal data:

·      Consent of the data subject (CV or otherwise sending data to be added to the database of jobseekers, permission to ask for references from previous employers, etc.);

·      Performance of a contract (entering into an employment or other contract with a client or a cooperation partner);

·      statutory obligation (e.g. keeping original documents with personal data for accounting purposes, keeping employment contracts).

 

Information to be collected

 

Jobradar collects personal information in various ways, for example:

·      via the feedback form on our website;

·      job applications;

·      telephone, e-mail or other communication with the candidate, other candidates or referrers nominated by the candidate;

·      professional or publicly available social networks (eg LinkedIn), blogs, photo albums, Youtube, online comments;

·      from agencies involved in background checks;

·      job portals or other public databases;

·      public registers (e.g. business registers, court judgments, official notices);

·      media sources. 

The personal data collected are:

 

·      first and last name;

·      photo

·      personal ID number or other government-issued identification number;

·      gender;

·      date of birth or age;

·      contact details (postal address, e-mail address, telephone number, skype);

·      nationality and residence permit information;

·      educational background;

·      previous work experience (including current employer);

·      information on work certificates and work permits;

·      tax information

·      salary expectations

·      information on references (name, position, organisation, contact details);

·      any other information included in the candidate's CV or relevant to the position (e.g. country of destination, job preferences, field of work, occupation, etc.).

Jobradar expects candidates to provide only relevant and truthful information about themselves that will allow an informed decision to be made about their fitness for the chosen position.

Jobradar's collection of personal data is purposeful and minimal, which means that the data listed above will not always be requested in its entirety unless there is a need or legitimate interest to do so.

 

Use of collected information

 

Jobradar will always process personal data on the appropriate legal basis, which is first of all the consent of the data subject. We collect and use personal data for the purposes set out below:

·      assessing candidates' qualifications and skills;

·      providing job opportunities to candidates;

·      building a pool of candidates and job seekers;

·      matching candidates with employers.

 

In addition, Jobradar may process personal data for certain legitimate purposes, such as:

·      to optimise and improve business processes;

·      to detect and prevent infringements;

·      to analyse and improve the security of information systems.

 

Preservation and protection of collected information

 

Jobradar will retain the personal data collected for no longer than is necessary to fulfil the above purposes or is required by the legislation of the Republic of Estonia. By submitting his/her CV to Jobradar, the candidate gives his/her consent to the processing of his/her data for a minimum period of 36 months, during which Jobradar may make job offers to the candidate according to the data submitted.

At the end of the relevant period, or when the need to keep personal data ceases, Jobradar will delete or anonymise the candidate's personal data.

Jobradar implements a variety of security measures to protect candidates' personal data from accidental, intentional, unlawful or unauthorized disclosure or use. These security measures are:

·      organisational (e.g. internal company rules etc.);

·      physical (e.g. restricting physical access to the premises of the Jobradar recruitment agency);

·      technical (reinforced network infrastructure, data encryption, etc.).

 

Information sharing and disclosure

 

Jobradar does not disclose personal data of job applicants, except in the following cases.:

·      the consent of the candidate, i.e. the data subject;

·      a legal obligation to disclose.

 

Job Radar may share the candidate's personal data with:

·      Clients who have an interest in the candidate or who have potential job offers for the candidate;

·      business partners who have an interest in the candidate or who have potential job offers for the candidate;

·      business partners who carry out additional ability and aptitude tests or background checks (e.g. certification of welders by a partnering company);

·      law enforcement or other government officials (to prevent or investigate illegal activity, fraud or harm).

 

Outside the European Economic Area, Jobradar may transfer a candidate's personal data only if the requirements of the General Data Protection Regulation are met. 

 

Data subject rights

 

The rights of the data subject are set out in Chapter 4, Section 3 of the Personal Data Protection Act of the Republic of Estonia (§ 24.-28) and in Articles 15-22 of Regulation 2016/679 of the European Parliament and of the Council:

 

·      The right to receive information and personal data concerning him or her;

·      the right to request the rectification and erasure of personal data concerning you;

·      the right to request the restriction of the processing of your personal data;

·      the right to be informed of the rectification, erasure and restriction of the processing of personal data concerning them;

·      the right to apply to the Data Protection Inspectorate.

NOTE: Where the processing of personal data is based on consent in accordance with Article 7 of the GDPR, the data subject may withdraw his or her consent at any time, i.e. request the erasure of the personal data. This rule applies, for example, to an individual who has sent his CV to Jobradar and has not yet signed an employment contract with a partner.

It is worth remembering that the withdrawal of consent does not have retroactive effects.

To exercise his/her rights, the data subject must send a request to this effect by e-mail to info@jobradar.ee.

 

Policy update

Jobradar may unilaterally and without notice update its personal data processing practices and data protection conditions at any time to reflect changes or to comply with applicable law. The updated version of the document will be available at www.jobradar.ee/policy.html and the date of the change can be checked in the header of the notice. 

 

Jobradar contact information

 

If you have any questions or comments about Jobradar's processing of personal data and the data protection conditions, please write to the contact details below:

info@jobradar.ee
Turvax OÜ
Rüütli 23
Tartu 51005
Estonia