Kohdistamo Service’s customer, recruitment, and marketing register.
The register processes personal data of registered and potential users of the Kohdistamo Service and user data of the Kohdistamo.fi website.
Types of personal data collected by Kohdistamo include:
We do not collect information belonging to special categories of personal data.
The legal basis for processing personal data is the user's consent upon registration, legitimate interests, contracts related to customer relationships, and compliance with legal obligations.
The register data is used for profiling. Profiling involves processing personal data to assess certain personal characteristics using the information provided. Profiling is used, for example, to match registered users with job positions and to improve the functionality of the service.
Recommendations provided in the application may also be used for marketing related to the work unit and its job positions, even outside the service. Through feedback surveys related to job positions, the well-being area develops the operations and management of its units.
Personal data is collected from the following sources:
Additionally, we collect customer data, information about the use of our website and services, and technical data related to the functioning of the technology (technical log data and monitoring) using Facebook, Instagram, LinkedIn, LianaMailer, Google Ads, Google Analytics, Google Play, Google Firebase, Microsoft Azure, Google Forms, and Apple Store services, among others. We use this information to develop our services and to provide relevant content and marketing to website visitors and registered users.
As a general rule, the data controller does not disclose personal data of registered individuals to external parties. Data may be disclosed to authorities when required, to fulfill contractual obligations, or as agreed upon with the data subject. Data from the register may be disclosed to organizations in contractual relationships with the Kohdistamo Service for recruitment purposes, such as well-being regions. In some situations, data of registered individuals may be disclosed to subcontractors or partners of the data controller. Such entities process personal data confidentially and based on separate written agreements according to the data controller's written instructions.
The data controller may disclose statistical or anonymized data that cannot be linked to an individual.
Data may be transferred and stored on servers located outside the EU or the European Economic Area for processing by the data controller or on behalf of the data controller's partner in accordance with the General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.
If personal data is transferred outside the EU/EEA area, it will always be done on a legal basis:
Personal data is retained only as long as necessary for the purposes and legal basis described in this data protection statement or as required by law (e.g., appeal periods may be 2 years). The data controller regularly assesses the need for data retention in accordance with its internal guidelines.
We use automated decision-making, such as assessing the suitability of registered users for various job positions. We continuously analyze the fairness and non-discrimination of automated decisions. Humans are always responsible for automated decisions, especially when they relate to the recruitment process.
Data subjects have the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed and, if so, access to their personal data.
Upon request of the data subject, the data controller corrects, erases, or completes personal data that are inaccurate, unnecessary, deficient, or outdated for the purposes of processing. The data controller may also correct, erase, or complete data proactively.
For personal data processed based on consent, data subjects have the right to withdraw their consent for the processing of their personal data.
Data subjects have the right to have their personal data, which they have provided to the data controller based on consent or a contract, transferred to another data controller if technically feasible. In this case, the data controller will transfer the data in a commonly used and machine-readable format. The data controller is not responsible for the compatibility of the data transfer format with the recipient's system.
In situations where the processing of personal data is based on the public interest, the exercise of official authority by the data controller, or the legitimate interests of the data controller or a third party, the data subject has the right to object to the processing of their personal data.
The data subject has the right to prohibit direct marketing, including profiling analyses carried out for direct marketing purposes. The data subject has the right to request the restriction of the processing of their data if the personal information is inaccurate, the processing is unlawful, or the data is no longer needed.
You can exercise your rights by submitting a request to the data controller via email or mail. Contact information can be found in the "Data Controller Contact Information" section of the privacy policy.
The protection of personal data is at the core of our entire business.
We employ appropriate technical, organizational, and administrative security procedures to safeguard all data in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Personal data is kept confidential. The data controller's network and the equipment on which the register is located are secured with firewalls, encryption, and other necessary technical measures. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job responsibilities include such access.
This privacy policy was last updated on December 21, 2023.
We continuously improve and develop our services, products, and websites. Therefore, privacy policies may be subject to occasional changes. In case of significant changes to the privacy policy, we will notify you as required by applicable law.
Kohdistamo Service is provided and operated by Graldo Oy (Business ID: 3351558-8).
Graldo Oy Kempeleentie 7 C6, 90400 Oulu tiimi@kohdistamo.fi
If you have any questions regarding this privacy policy, the processing of your personal data, or if you wish to exercise your rights under data protection legislation, please contact our data protection officer via email at support@kohdistamo.fi or by mail using the provided contact information.