Privacy Statement For Job Applicants Privacy Statement For Job ApplicantsLast updated: November 2nd, 2020 Your privacy is important to us and we work hard to protect your information. This privacy statement which is based on the General Data Protection Regulation (EU) 2016/679 (“GDPR“) describes what personal data is being processed by Enersense, how it is processed and for what purposes. 1. Controller of Personal DataEnersense Oy Business ID: 2442767-4 Konepajanranta 2 28100 Pori, FINLAND hereinafter “Enersense“ 2. Contact Information for this RegisterYou may contact our Data Protection Officer, if you have any concerns related to the processing of personal data or the exercise of your rights under the EU Data Protection Regulation. Please contact our Data Protection Officer by email at firstname.lastname@example.org . 3. Name of the RegisterJob applicant and CV register (“Register“). 4. The nature, purposes and the legal basis for the processingThe Register contains information on job applicants, which is necessary for the establishing of an employment relationship between the job applicant and Enersense, its affiliates or their clients. Based on data protection regulations, Enersense processes personal data on the following legal basis for processing: Purpose of processing personal dataLegal basis for processingThe processing of personal data is necessary in order to take steps at the request of the data subject prior to entering into a contractAgreementThe processing of personal data is a necessary prerequisite for applying to open positions and thus for the conclusion of an employment agreement with Enersense, its affiliates or their clients. Personal data shall be processed only insofar as it is necessary for the evaluation of the job applicant’s suitability to the position he or she has applied to or other open positions provided by Enersense. Personal data can be used to contact the job applicant about other open positions provided by Enersense, that could be suited to the applicant.Legitimate interest The search for potential employees and the offering of employment for job applicants can be held as the legitimate interests of the Controller. The Controller shall make sure that the processing of personal data is proportionate to the interests of the data subject and corresponds with his or her expectations. The data subject has the right to object the processing of personal data according to the requirements of the EU Data Protection Regulation, insofar as the processing is based on the legitimate interest of Enersense. Enersense has also conducted the balancing test as defined by the Data Protection Authority to ensure that the data subject’s interests are taken into account.Personal data may be collected and updated as the recruitment process proceeds upon the job applicant’s consent from other sources such as job applicant’s referees Enersense’s co-operation partners or companies or authorities providing recruitment services. Personal data related to personal and suitability assessment tests may be collected upon the data subject’s consent to determine the suitability of the job applicant.Consent Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, which gives the Controller the legal basis to process personal data.When required or permitted by law, Enersense may process personal data (e.g. personal credit information, criminal record information, results of safety reviews or medical tests) for conducting a possible pre- employment background screening or employee reliability assessment. The controller informs the data subject in advance of collecting such information.Legal obligation5. ProfilingThe processing of personal data involves profiling. The personal data defined in section 5 below shall be used to evaluate the suitability and competence of the job applicant to the position in question. Thus, the purpose of the profiling is to satisfy both the employer’s need to acquire competent workforce and the employee’s need to be employed in a suitable position. Artificial intelligence may be used to enhance the reliability of the profiling. However, the profiling does not include wholly automated decision-making. The evaluation and decision-making are performed by competent and qualified recruiting specialists. 6. Categories of Personal Data contained in the RegisterThe Register may contain the following personal data concerning the data subject: Personal details first name and surname contact details (postal address, phone number, email address) date of birth nationality Information included in the job application and related documents spoken languages work permit, including its validity and restrictions driving license and access to the use of a car work experience education, including certificates and other special skills availability to work salary request other personal data submitted by the data subject in his/her CV Data collected and processed during the recruitment process Information given by the applicant through the chat service on the website of the Data Controller applicant’s wishes regarding employment assignment applied positions information given by the data subject in a job interview information on aptitude tests and references Personal data in The Register is stored for 2 years from the date of last update. The job applicant may update his or her information by logging in to the Register using a personal password. 7. Sources of Personal DataPersonal data is primarily collected from the job applicant, who fills in the necessary details and uploads his or her CV to The Register. Personal Data may also be collected from Enersense Group companies’ job applicant registers. Personal data may also be collected from other sources upon the data subject’s consent such as the job applicant’s referees, Enersense’s co-operation partners or companies or authorities providing recruitment services. The personal data of the job applicant may also be collected and updated without the consent of the data subject in the circumstances permitted or obliged by law. 8. Transfer of Personal Data and the Categories of Recipients of Personal DataPersonal data shall not be transferred to third parties without the consent of the data subject. Notwithstanding the above, personal data may be transferred to affiliates of Enersense within the limits of the purposes of processing determined above in the following circumstances: Within the Enersense Group: Personal data may be transferred to Enersense’s affiliate companies within the limits of the purposes of processing determined above. Client companies and Service providers: Based on the data subject’s consent, personal data may be transferred to those client companies of Enersense and its affiliates in whose assignments the data subject could be employed. In addition, personal data used to evaluate the suitability of a job applicant may be transferred to the partners assisting the recruitment of Enersense or its affiliated companies with the consent of the job seeker. The information given by the data subject in the Chat Service may be transferred to the Chat Provider based on the legitime interest of the Data Controller. Personal data shall not be transferred outside the European Union (“EU“) or the European Economic Area (“EEA“) unless it is necessary in regards to the purposes of processing determined above. In case personal data is transferred outside the EU or the EEA, Enersense shall implement suitable safeguards in order to comply with the requirements of applicable data protection legislation. Enersense may for instance conclude an agreement with a Client operating outside the EU or the EEA in accordance with the standard data protection clauses adopted by the European Commission. 9. Security of ProcessingEnersense has appropriate technical and organisational means of data security in order to safeguard data subjects’ personal data from loss, misuse or other equivalent illegal access. Secure processing of personal data is ensured by providing instructions as well as implementing access management to provide access to designated employees of the Enersense or its affiliates. Personal data is only processed by employees who have the right to do so within the framework of their work duties. Data security is a central part of the core values of Enersense. Therefore data security is evaluated and developed regularly. 10. Job applicant’s rights as a data subjectThe data subject can exercise their rights by contacting the data protection officer using the information in section 2. The data subject has the following rights as defined by the GDPR: The right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data. The right to have incorrect or incomplete information corrected or completed. The right to request erasure of personal data concerning him or her. The right to restrict processing of personal data, when applicable according to the GDPR. The right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller. The right to object processing of personal data according to the requirements of the GDPR. The right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. 11. Updates to this Privacy StatementEnersense seeks to develop its services continuously and thus reserves the right to modify this privacy statement. This privacy statement may also be updated to reflect any changes in applicable laws. Enersense encourages data subjects to periodically review this privacy statement. Enersense may also notify data subjects directly by sending a notification about updates that have material effects to data subjects.