Privacy Policy
Declaration of Data Processing in Employment Promoted Services provided by BearIT Ltd.
We at BearIT Ltd. respect your privacy and aim at processing any personal data as transparently as possible. BearIT Ltd. is committed to follow all applicable privacy legislation in its operations and processes personal data only in accordance with such legislation, including General Data Protection Regulation (EU 679/2016). This document is a description about what personal data is collected from customers who apply or participate in employment promoted services provided by BearIT Ltd (for example labour market training services, guidance services, coaching services, expert assessment services), how the collected personal data is processed and stored, and for what purposes the data is used.
1. Personal data collected and processed
BearIT collects and processes personal data only if it is necessary for fulfilling purposes mentioned in part #2. The personal data covers the following information: customer’s first and last name, date of birth, personal identity code, municipality of residence, email address; information about customer’s educational background, work experience, skills and competency, expertise, hobbies, interest, career plans, and the other information that customer provides. The personal data includes also information collected during the customer’s participation in the employment promoted service such as assessments, tests, messages, notes from interviews and coaching discussions.
In addition, the personal data is collected when the customer uses digital service systems. The collected data includes information about customer’s registration data and actions within system (such as time of login, pages visited) devices and operating systems used, IP address.
2. Purposes of processing personal data
BearIT collects and processes personal data only for specifically determined purposes such as to supply personalized employment promoted services, to supply customer support services and customer messaging as well as to provide reports and statistics on the services offered. The data is also collected and processed for monitoring and managing customer’s service processes.
BearIT also collects and processes personal data for managing user data of digital service systems, monitoring use of digital service systems, and solving possible usability issues and technical problems.
BearIT may also use the personal data in other ways if the customer gives separate consent to this.
The personal data processed by BearIT will not be used for automated decision-making or profiling, which can produce legal effects concerning the data subject.
Anonymized data is personal data that is rendered anonymous permanently in such a manner that makes it impossible to identify individuals from them. The anonymized data is used to develop information systems and services. The persons engaged in this development work are personnel of BearIT, who have a contractual obligation of professional secrecy and confidentiality.
3. Legal basis for the processing personal data
According to the data protection legislation the processing of personal data must be based on the legal basis. BearIT may process personal data based on customer’s consent if the customer has given explicit consent beforehand for processing his/her personal data for certain purposes. BearIT may also process personal data based on a procurement contract between BearIT and ELY Centre (or other customer company) for providing employment promoted services to the customers using the services.
BearIT emphasizes that providing information and allowing its processing may be a prerequisite of the introduction or use of the service.
4. Regular sources of the personal data
The customer’s personal data such as basic information, contact information, information about educational background, work experience, skills and competency, hobbies, career plans as well as the other relevant information for employment is mainly collected directly from the customer himself/herself by phone and email, through digital service systems, from tests and surveys, from materials and information provided by customer. Personal data may also be collected directly from the customer during interviews and coaching discussion.
In addition, when the customer uses digital service systems the personal data is collected and stored as a part of log data that is chronological recording of events and their causes in information systems.
Some personal data such as the customer’s contact information may be received from TE-Office or municipal employment service provider for providing employment promoted services to the customer.
5. Periods for storing the personal data
The personal data is stored only as long as it is required for fulfilling purposes determined for data processing. If personal data is processed based on the customer’s consent and the customer withdraws his/her consent, or if the validity period of the contract on which data processing is based on ends, the personal data is deleted from all digital data storages and databases. The personal data can also be anonymized which means processing personal data permanently in the manner that identification of individuals from it is impossible. The personal data stored manually is deleted in a secure way.
The personal data will not be deleted if legal obligations or order of authorities require storing the personal data.
Regarding all the records, the information regarding the use of rights of the data subjects is stored for two years.
6. Regular disclosure or transfer of the personal data
The personal data can be disclosed or transferred to legal authorities or other third parties who processes the personal data for their own purposes. The personal data can be disclosed or transferred to following entities:
- To TE Office, municipal employment service provider and the customer’s unemployment benefit payer in order to fulfill legal obligations related to the customer’s participation in employment promoted service.
- To ELY Centre in order to fulfill reporting obligations agreed in the procurement contract.
- To the customer company with purpose to introduce the customer as a candidate to the company for work placement or job position, if the customer has given explicit consent beforehand for that.
The personal data can also be disclosed or transferred to other third parties in accordance with current legislation or requirements of competent authorities.
The personal data may also be transferred or disclosed to BearIT’s partner who processes personal data on behalf of BearIT in accordance with the contract between BearIT and the partner and a separate data processing agreement made between BearIT and the partner. The processor does not have the right to process the transferred or disclosed personal data for its own account or for its own purposes. The partners processing personal data on behalf of BearIT are
- Amazon Web Services as a provider of cloud computing services.
- BeeHealthy Oy and Mediamaisteri Oy as providers of application platforms.
- Netorek Oy as a provider of booking service.
The personal data may not be disclosed or transferred by BearIT or by the partners used by BearIT outside of EU or ETA countries.
7. Principles of personal data protection
BearIT is committed to complying with the current legislation of data protection and to process personal data in accordance with good data management and processing practices.
The collected personal data is processed carefully and the data as well as the information systems are protected properly. Whenever the personal data is processed security is taken care with appropriate technical and organizational safeguards. The personal data in digital form is protected by using the technical means generally accepted in the security industry, such as firewalls, encryption methods and data access control. Only particular employees have access to the data in the filing systems with a data access granted by BearIT. The personal data in manual form is stored in a locked space and access to this data is restricted with access control. The personal data is processed only by those employees whose responsibilities include processing of the personal data.
8. Right of access to the personal data and right to demand rectification
The customer has the right to know whether his or her personal data is processed or not, and right to inspect stored personal data concerning him or her (inspection right). Additionally, the customer has the right to ask and receive a copy of the personal data processed. The customer has also the right to obtain rectification of inaccurate personal data and have incomplete personal data to be completed.
9. Other rights regarding processing of the personal data
- The customer has the right to obtain the personal data concerning him or her to be deleted (“right to be forgotten”) if the data is redundant or outdated or if personal data has been processed against the law or if the customer withdraws his/her consent for processing personal data. However, the customer does not have this right if it is necessary to process the personal data to fulfill the legal obligations of BearIT (such as obligations related to the offering of employment promoted services).
- The customer has the right to object to the processing of personal data, except if BearIT is able to demonstrate that the purpose for processing of the personal data overrides the interests or the rights of the customer (e.g., BearIT’s legal obligations). The customer also has the right to restrict processing of his or her personal data for a certain period due to, e.g., resolving a disagreement.
- Every customer has the right to lodge a complaint with the supervisory authority if the person considers that the processing of his or her personal data is against the General Data Protection Regulation. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman. https://tietosuoja.fi/en/home
For using these rights (see parts #8 and #9) the customer has to send a written request to BearIT’s data protection officer (see part #10). If necessary, BearIT may require the customer to confirm their identity. BearIT will respond to the request within the timescale regulated in the General Data Protection Regulation (mainly within one-month timescale).
10. Contact information of data controller
A data controller is the entity that defines the purposes and methods of processing personal data. A processor is a third party that processes personal data on behalf of the controller.
BearIT operates as a controller for the personal data that is processed within BearIT’s digital service systems. When processing personal data disclosed by TE Office (usually the customer’s contact information) BearIT operates as a processor. As the joint controller of the personal data disclosed by TE Office operates ELY Centres, TE Offices and KEHA Centre together.
BearIT Oy
Åkerlundinkatu 11 D, 33100 Tampere
Business ID: 2529594-1, info@bearit.fi
Contact information of the data protection officer
Marco Ylitörmä, tietosuoja@bearit.fi
This policy has been published on March 8th 2023.
