Privacy Statement
We process and maintain jobseekers’ personal data to fill vacant positions.
We process your personal data to fulfill a contractual relationship or to carry out pre-contractual actions based on your consent. Your data will be processed in accordance with the provisions on the protection of privacy in working life.
In these activities, Varma is the data controller according to the EU’s General Data Protection Regulation. Teamtailor AB is Varma’s partner and the data processor according to the EU’s General Data Protection Regulation in recruitments. Teamtailor processes and stores the personal data of Varma's jobseekers on behalf of Varma for the duration required for the job search process.
In this task, we maintain and process personal data about jobseekers. Your information will be processed in the following matters and activities:
- job application process (incl. the processing of applications, interviews)
- any conduct of personal assessments
- the selected applicant’s credit rating will be checked
- personal security clearance of selected persons in certain tasks
We will not process your personal data for any purposes other than those mentioned above.
In order to carry out the recruitment, Varma has information about you belonging to the following category of personal data:
- basic information and information for identification and communication
- education information
- information provided on the job application form and its appendices (e.g. CV)
- information about the position applied for
- information about professional experience and skills
- recordings of video applications
- information about personal assessment
- selected person’s credit rating and security clearance information
The more detailed content of this information is described below:
- last name, first names, contact information (street address, postcode, city/town, e-mail address, telephone number), IP address, preferred language, geographic location
- information provided by the applicant on the application forms and their appendices concerning the position applied for
- information about degrees taken
- information about current and previous duties, incl. employer
- from you
- from your job applications (incl. electronic job application forms)
- Varma's telephone and chat service providers
- from Teamtailor AB
Varma will store your data to fill vacant positions. Varma will store information relating to your job application as follows: Your data will only be stored for the period specified as mentioned above. After the fixed period, we will erase your data from Varma’s information systems. The fixed term is:
- your data will be stored for 2 years after you have been informed of the decision on selection
- chatbot and chat conversation data: 3 months
Partners conducting any suitability assessments and to the recruitment system provider partner (Teamtailor AB).
The above-mentioned parties are bound by the non-disclosure obligations concerning them. They may only disclose the information required for managing your case to Varma in accordance with their non-disclosure regulations.
Personal data may only be processed by persons authorised to do so in accordance with access rights management. Access to personal data, hardware and servers is limited to persons whose duties require it. The persons processing the data are subject to a statutory secrecy obligation, and they have additionally signed a separate non-disclosure agreement.
Subcontractors may also be used for performing services. The subcontractors are subject to the same non-disclosure regulations and commitments as Varma’s employees.
The employees have been instructed in the processing of personal data, and they are trained and tested to understand and prevent risks to the data in the data file.
Compliance with the principles of processing personal data is verified through internal and external audits and by documenting our own operations.
Varma maintains high-quality data security in its internal data network. The transfer of personal data in the public data network is secured using secure and appropriate encryption technology. When transmitted through the public communications network, confidential data is secured by technical measures. The servers used in processing data are located in data centres protected with access control and security systems, and data files containing personal data have been isolated from public information networks with technical security measures. Personal data is stored in secured premises.
The data is backed-up regularly and log data is collected on the use of data to develop the services and investigate any incidents and cases of abuse.
The confidentiality, integrity, availability, data availability and redundancy of processing systems and services is ensured through various systems and methods, such as data security updates and system audits.
With regard to service companies engaging in data processing, the processing of data is based on agreements and access rights granted and supervised by Varma.
Yes. In such transfers, the protection of personal data is secured through GDPR-compliant transfer mechanisms.
No.
If you would like to get additional information about the processing of personal data at Varma, please contact us by secure email.
You have the right to receive a confirmation of whether personal data about you is processed by Varma. In case we process your personal data, you have the right to receive a copy of the data processed. Please send your request for information by using the personal data request form.
We will provide the information to you within a month of receiving your request. The fixed period may be extended by a maximum of two months in certain situations. If the period is extended, we will inform you of it within one month of receiving your request.
If you observe a shortcoming, inaccuracy or error in the personal data we have provided to you, you have the right to request your data is supplemented or rectified. The same right applies to outdated information. Please send your request to have your data supplemented or rectified by secure email.
You have the right to request Varma as the controller to erase, for example, outdated information about you. In this case, the data must be erased immediately when there are no longer grounds for the processing. This right applies to situations in which personal data is no longer needed for the purposes for which it was collected or if you withdraw your consent to the processing of data and the processing was based on your consent and there are no other legal grounds for the processing and it needs not be stored by law.
The right to demand personal data to be erased referred to in data protection legislation does not apply to situations in which there is a statutory obligation to store the data or the data needs to be stored to prepare, present or defend a legal claim.
Therefore, it is not possible to erase the data based on a demand during the period when it has to be stored in the above-mentioned situations.
However, we will erase your personal data without a separate request after the fixed period for its storage has expired.
You have the right to have Varma, as the controller, restrict the processing of data about you in certain situations. The restriction of processing refers to marking the stored data with the aim of restricting its subsequent processing.
In spite of this, your data may continue to be stored. You will be notified before the restriction is removed. You can exercise the right if you deny the accuracy of the data or lawfulness of processing, for example. Processing will be restricted while the accuracy of the data or lawfulness of processing is ensured. If the processing of data has been restricted, it may only be processed under certain conditions (e.g. with your consent or to prepare a legal claim).
The right to object to the processing of personal data referred to in data protection legislation does not apply to you. This right only concerns part of the grounds of processing (legitimate interest, performance of a task carried out in the public interest). We have not used these grounds of processing in your case.
If the automatic processing of your data is based on consent or an agreement concluded with you, you have the right to receive the information about you, after which you may transfer the information to another controller. This only applies to information you have provided to Varma yourself. We will provide the information in a commonly used electronic format.
You have the right to withdraw your consent at any time if the processing of your data is based on consent. Withdrawing your consent will not have effects on the lawfulness of processing carried out on the basis of consent before it is withdrawn.
If Varma refuses to take measures based on your request, we will inform you of the legal grounds for our negative reply without delay and within a month of receiving your request at the latest. You can submit the matter to the Data Protection Ombudsman if you have received a negative reply to your request from Varma. We will include the contact details of the Data Protection Ombudsman in our reply. You may appeal against the decision of the Data Protection Ombudsman by appealing to the Administrative Court in accordance with the Administrative Judicial Procedure Act. The decision of the Data Protection Ombudsman includes instructions for appeal, which provides you with instructions for appealing to the Administrative Court.
This document is based on the requirements of the EU’s General Data Protection Regulation.
Updated 7 August 2024
© Varma Mutual Pension Insurance Company