Privacy policy - job applications

Last Updated: December 3, 2019

EU General Data Protection Regulation (679/2016)

Date: 3 December, 2019

Version: 1.0.1


1. Controller

Buddy Healthcare Ltd Oy (later together with its possible parent companies, subsidiaries, and affiliate companies shortly “Buddy Healthcare”)

Kuortaneenkatu 2

00510 Helsinki


tel. +358 20 735 2310


2. Contact person

Jukka Hassinen

tel. +358 40 736 4090


3. Data protection officer

Jukka Hassinen

tel. +358 40 736 4090


4. Register

Buddy Healthcare’s recruitment system's personal data register


5. The purpose of processing personal data

The processing of applications relating to recruitment at Buddy Healthcare.


6. The legal basis of data processing

The processing of personal data is contingent on the data subject's consent.

The recruiter's right of access to personal data is based on legislation.


7. Filing system data content

Information relating to the applications:

  • applicant's personal identification information (name, address, telephone number, gender, other possible contact details)

  • personal data submitted by the applicant such as information relating to education and employment, work history other information supporting the application such as curriculum vitae, resume, school reports, employment certificates, references listed by the applicant, other necessary information relating to the job application and the terms of filling the position.


8. Information sources other than the data subject

Buddy Healthcare may collect information from other sources provided by the applicant during the recruitment process e.g. references or links provided by the applicant.

Following the applicant's specific consent, information relevant to the application process can also be acquired from other information sources and stored in Buddy Healthcare’s recruitment system.


9. Recipients to whom personal data has been or shall be released

The personal data of an applicant shall be only be viewed by the persons being part of the recruitment process and hiring decision makers.


10. Transfer of personal data outside the EU or EEA or to international organizations

The purpose to process the job applications is purely for Buddy Healthcare’s needs and is not transferred in that purpose outside Buddy Healthcare.

However, Buddy Healthcare uses technical data processors for receiving the job applications (like email system) and storing the job applications (like email system). These systems are hosted on systems provided by international organizations that are headquartered outside EU or EEA. These types of data transfers are based on the adequate level of protection in those countries via EU - U.S. Privacy Shield Framework ( or the standard contractual model clauses approved by the European Commission.


11. The principles of filing system protection

A. Manual data

Manual data will be handled by educated personnel in a space secured to the level required by data protection.

B. Digital data

The information in the filing system is protected from inappropriate viewing, altering, and disposal. The protection consists of access rights management, technical protection of databases and servers, physical protection of the premises, access control, protection of telecommunications and data backup.

Access to data and its processing is granted in accordance with professional duties. Access to the service requires personal user identification. Administrative control shall be used to ensure that the activities are appropriate.


12. Time limit of storing personal data and the relevant criteria

Applications shall be removed from the system six months after the closure of the recruitment process. Open applications shall be removed six months after they have last been saved in the system. The applicant's personal data shall be removed after it has been idle for a year. Before the removal of the data, the applicant shall be informed accordingly. The applicant has a right to request the removal of his or her personal data. The recruiter's data shall be removed following a request made by the human resources officer at the latest when the recruiter's employment contract ends.


13. Rights of the data subjects

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, if processing takes place, the data subject's access to his or her personal data shall be granted.

The information contained in the filing system shall not be used for profiling or automated decision making.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. The request for rectification shall be submitted to


14. Right to complain to the Data Protection Authority

The data subject shall have a right to make a complaint to the Data Protection Officer regarding the processing of his/her personal data.