Privacy Policy
Nova Talent Oy - LTD
1. GENERAL INFORMATION
This privacy statement describes how Nova Talent Oy ("Nova Talent or the "controller") processes personal data. The privacy statement applies to our website, marketing and customer relationship management, as well as the processing of personal data related to the products and services we offer.
We comply with applicable data protection legislation in all processing of personal data. Data protection legislation refers to valid data protection legislation, such as the European Union's General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (December 5, 2018/1050). The concepts related to data protection, which are not defined in this data protection statement, are interpreted in accordance with the data protection legislation.
Our services and website may also contain links to external websites and services operated by other organizations. This Privacy Statement is not suitable for their use, so we recommend that you read the privacy statements that apply to them separately.
"Personal data" means all data concerning natural persons ("data subject") from which the person can be directly or indirectly identified, as defined in more detail in the data protection regulation.
3. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
Purposes of use (and legal grounds in parentheses) for processing personal data are:
• provision of services related to recruitment, training courses and intern placement service, conclusion of customer contracts and processing of orders (contractual relationship or its preparation, legitimate interest)
• customer service and communication and customer satisfaction surveys (legitimate interest, consent, contractual relationship)
• invoicing and debt collection (legitimate interest)
• marketing, including market research, other marketing promotion and analyses, as well as producing statistics and measuring the effectiveness of marketing (legitimate interest)
• direct marketing, including electronic direct marketing and telephone marketing, as well as planning and measuring the effectiveness of advertising and marketing, as well as combining and updating personal data for direct marketing purposes (legitimate interest, consent)
• managing stakeholder relations and subcontracting and cooperation with service providers (legitimate interest, contractual relationship or its preparation)
• improving the user experience of our website and other services and tracking user traffic (consent)
• internal reporting and other administrative measures (compliance with legal obligations)
• handling warranty and fault liability matters as well as processing complaints and handling court and official procedures (compliance with statutory obligations)
• preventing and investigating abuses, as well as ensuring information security, the safety of persons and property (compliance with legal obligations)
• Managing other statutory obligations (e.g. activities related to accounting and taxation) and reporting obligations
When we process personal data based on a legitimate interest, we evaluate the benefits and possible harms of the processing for the data subject and have assessed that the rights and interests of the data subjects do not override the legitimate interest. Upon request, we provide more information about the processing of personal data based on a legitimate interest.
If we process personal data to comply with the requirements of legislation or to fulfill certain of our reporting obligations, the legal basis for the processing is primarily to comply with a statutory obligation.
4. PROCESSED PERSONAL DATA AND INFORMATION SOURCES
|
Information group |
Examples |
|
Identification and contact information |
Name, address, phone number and email address of the customer, representative and/or intern*. |
|
Information related to recruitment purposes, trainee placement service and course background information |
Language skills, education, competence, work experience, industry-related hobbies, other interview information related to recruitment, host company information* and possible test results (technical competence and/or personality tests). In addition, feedback can be collected about the intern and/or internship location*. |
|
Information about products and services, as well as their orders and customer communications |
Information about processed orders, order delivery time and information related to contracts, invoicing, customer communication and complaints. |
|
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject |
Contact information for marketing, as well as information collected in connection with events and occasions. Consents and prohibitions regarding direct marketing. |
|
Information regarding the use of websites and other electronic services |
IP address, electronic communication identification data, search and browsing data, browser and operating system data and registration data |
Information marked with an asterisk (*) is generally processed in the role of a processor.
We collect personal data directly from the data subject, for example in connection with a transaction, or when the data subject buys or orders our products or services either himself or on behalf of the organization he represents, when the data subject visits our website or our other electronic services, subscribes to our newsletter, responds to a customer satisfaction survey or otherwise communicates with us.
When Nova Talent processes the trainees' personal data to produce the trainee placement service, it processes the trainees' personal data on behalf of the sending or receiving organization and does not act as an independent data controller in these respects. When Nova Talent acts as a processor on behalf of another data controller, the data protection statement and policies of that data controller apply to the processing of personal data.
5. STORAGE OF PERSONAL INFORMATION
We keep personal data for as long as is necessary to fulfill the purposes defined in the data protection statement and always for the time required by legislation (for example, responsibilities and obligations related to accounting obligations or reporting obligations), or for the purpose of settling a lawsuit or similar disagreement situation. We keep the personal data of job seekers and participants in our courses for 24 months from the last active contact. After the end of the purpose of use, the personal data will be deleted or made anonymous within a reasonable time.
Upon request, we will provide more information about personal data storage practices.
6. RECIPIENTS OF PERSONAL INFORMATION
Various service providers and other third parties may also be used in the processing of personal data, such as providers of technical solutions or server space or accounting and financial administration service providers. We take care of the agreements required by data protection legislation with the entities we use in processing personal data.
Personal data can be handed over to third parties in situations required by legislation or authorities, or to investigate abuses, and to ensure security. In addition, personal data may have to be disclosed in connection with legal proceedings or similar legal procedures.
If the controller is involved in a merger, business transaction or other business arrangement, personal data may be disclosed to the parties to the arrangement or to parties assisting in the arrangement.
Upon request, we provide additional information about recipients of personal data.
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of personal data protection, for example by agreeing on matters related to the processing of personal data as required by data protection legislation, such as using standard contract clauses approved by the European Commission. Information is transferred to the following recipients:
• Google Cloud and Google Analytics / Google LLC
Upon request, we will provide additional information regarding the transfer of personal data and the protection mechanisms used.
8. PROTECTION OF PERSONAL DATA
Data security and the protection of personal data is of the utmost importance to us. We use appropriate technical and organizational safeguards to protect personal data. We also ensure the fault tolerance of our systems and data recovery possibilities. The right of access to personal data is limited only to separately authorized entities. Entities processing personal data have a duty of confidentiality regarding matters related to the processing of personal data.
9. REGISTRANT RIGHTS
Registrants have rights to their own personal data in accordance with data protection legislation. However, the application of rights in each individual situation depends on the purpose and situation of use of personal data.
• The right to access personal data. The registrant has the right to receive confirmation as to whether the registrant's personal data will be processed, as well as other information on the processing of personal data in accordance with data protection legislation. The registered person has the right to receive a copy of the personal data.
• The right to correct personal data. Subject to certain restrictions, the registered person has the right to demand the correction or deletion of incorrect or inaccurate information.
• The right to delete personal data. The registered person has the right, in accordance with the requirements of data protection legislation, to request the deletion of his personal data. Upon request, we will delete personal data, unless the legislation or another applicable exception in accordance with data protection legislation requires us to keep personal data.
• The right to restrict processing. In accordance with the requirements of the data protection legislation, the registered person has the right to request the restriction of the processing of personal data in certain situations.
• The right to transfer personal data. The registered person has the right to request the transfer of his personal data to another controller. The right to transfer basically applies to personal data that the data subject has provided to the controller in a structured and machine-readable format, and whose processing is based on the consent or agreement of the data subject, and/or for which the processing is carried out automatically.
• The right to object to processing. The registered person has the right, in accordance with the requirements of data protection legislation, to object to the processing of personal data based on legitimate interests, including profiling. We can refuse the request if the processing is necessary to fulfill the compelling and legitimate interests of the controller or a third party. However, the registered person always has the right to object to the processing of personal data for direct marketing purposes and profiling related to direct marketing.
• The right to withdraw consent. If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw his consent to the processing of his personal data. Withdrawal of consent has no effect on the processing carried out prior to the withdrawal.
Using the rights
We hope that you will contact us if you have any questions regarding the processing of your personal data.
You can send a request regarding the registered person's rights by letter or e-mail using the contact information mentioned in this privacy statement.
The identity of the person making the request can be checked before the request is processed. The request will be answered within a reasonable time and basically within one month from the time the request is submitted and the identity is checked. If the request cannot be agreed to, the refusal will be notified separately.
10. THE RIGHT TO COMPLAINT TO THE SUPERVISORY AUTHORITY
The data subject has the right to file a complaint with the competent data protection authority, if the data subject considers that his personal data has been processed in violation of data protection legislation.
You can find the contact information of the Finnish Data Protection Authority here.
11. CHANGES TO THE PRIVACY STATEMENT
This privacy statement may need to be changed from time to time. Changes may also be based on changes in data protection legislation. We therefore encourage you to regularly check the privacy policy to detect changes. The latest version is available on our website.
This Privacy Policy has been published on 10.11.2023.