Introduction to data privacy statement

Valmet Automotive Group (“Valmet Automotive”) is committed to protecting your privacy and will process your personal data in accordance with good data processing practice and applicable laws and regulations. We adhere to continuously improving our operations and we carry out regular risk management measures to ensure data security.

The Privacy Policy Statement includes the following information:

  • What and why is collected?
  • How do we use the information?
  • Do we share your information with other parties?
  • How is your data protected?
  • Where is your data transferred to?
  • What are your rights related to the personal data ?
  • How long is your data stored for?
  • Can this Privacy Statement be changed?
  • How can you contact us?

What information is collected and why?

All personal data is collected for a predefined purpose. No other data is collected from our data subjects and we delete data when the predefined purpose no longer exists. Our main purposes to collect data are:

  • Employee identification and to carry out recruitment process
  • Managing employer obligations
  • Customer and partner relationship management
  • To enable us to fulfil our legal and contractual obligations

Data security and handling principles:

  • We collect only personal data necessary for the predefined purpose and we do not distribute your information to third parties without a proper data processing agreement signed by both parties
  • Data is collected in a legal and fair manner
  • Data is processed only for the predefined purpose
  • The Data subject is informed of how his/her data is being processed and data is collected directly from the individual concerned
  • Before processing data, it is determined whether and to what extent the processing of data is necessary to achieve the purpose for which it is undertaken
  • Data is deleted when it is not necessary for the predefined purpose
  • We strive to ensure that personal data is correct, complete and kept up to date
  • All personal data are classified within Valmet Automotive and secured with appropriate security measures

Personal data related to recruiting

The data to be recorded in the register is regularly acquired in the following manners:

  • Job applicant
  • Job interviews
  • Possible referees provided by the applicant
  • Valmet Automotive employees or subcontractors reviewing the application, participating in the interviews, or evaluating the recruitment assignment,
  • From possible aptitude tests data will be collected from the applicant during self-evaluation or by a third party supplier
  • Other sources of information are used if legislation allows

The collected data includes some or all of the following:

  • The applicant’s surname and first name
  • Address
  • Phone number
  • E-mail
  • Date of birth
  • Education
  • Work history and information related to professional skills
  • Applicant’s expectations for the applied position
  • Job application with the attachments (incl. CV, photo, certificates)
  • And other information provided by the applicant

Former employees’ data

The data to be recorded in the register is regularly acquired in the following manners:

  • Personal data required by legislation, collective agreement and local agreements
    • ​Includes all the information that the company has collected to achieve the legislative needs

The collected data includes information related to:

  • Basic personal information
  • Salary
  • Position
  • Absence
  • Performance
  • Occupational health and safety information
  • Other information according to the legislation

Customer data

The collected data includes some or all of the following and the data to be recorded in the register is regularly acquired in the following manners:

  • Customer contact information
  • Name
  • E-mail
  • Phone number
  • Address
  • Other information provided by the contact persons

How long will my data be stored and who will have access to my personal data?

Personal data is stored in accordance with the requirements of the local legislation and European union. Access to personal data is managed by the local identity and access management system. Access to personal data is restricted to only those users who have a business need to access the data. All persons with access will be properly trained and have the necessary awareness level to handle the information in a safe and secure way.

How is my data protected?

The recorded data is only viewed by selected employees or subcontractors who have a business need to access the data. Each of these persons has a non-disclosure commitment in relation to the information that they receive while accessing the database. To protect personal data Valmet Automotive operates a systematic security program that constantly improves our security practices.

Data in physical form:

Data collected during the recruitment process is not stored in a physical form in any manual register.

Data in electronic form:

Data in electronic form is stored in the Valmet Automotive Data systems or sub-contractors’ data systems. All data systems and applications are secured by hardware and software-based methods of protection. Such measures include, but are not limited to, logical (and physical) access control, monitoring, vulnerability scans, firewalls and server (security) hardening.

WHERE IS YOUR DATA TRANSFERRED TO?

Your personal data may be transferred outside the EU/EEA area. We primarily process your personal data inside EU/EEA area, but we cannot exclude the possibility of processing in third countries due to system provider’s technical access. The processing is done with appropriate safeguards implemented such as using standard data protection clauses approved by the European Commission.

We use processors to provide us with technical platforms and systems to process all relevant data efficiently. Processors process personal data on technical level, such as providing us support in case of problems and/or malfunction in the system. If they need to process personal data, they will conduct it under our instructions and only under a valid data processing agreement. The processors are never allowed to process personal data for their own purposes. We expect the processors to ensure the same level of security as we provide for our own processing activities.

How do I use my individual rights?

In compliance with the Personal Data Act, each person is entitled to access his/her data that has been registered in the personal data file. The access request shall be made in writing, signed and delivered to the person in charge of matters relating to the personal data file (see “How Can I contact you?”).

Furthermore, pursuant to the Personal data Act, the data subject is entitled to request rectification of erroneous or incomplete data contained in the personal data file. The request for rectification shall identify the error to be rectified and provide the correct information.

A written request for rectification shall be sent to the person in charge of matters relating to the personal data file (see “How Can I contact you?”)..

If your personal information is stored in the register, you have the right to receive, inspect and request correction or removal of data. You can send a written request to Data privacy officer or the Human resources department of your local business line.

Other rights of the data subject are as provided for in the applicable legislation.

How can I contact you?

In case of questions, please contact:

privacy@valmet-automotive.com

Valmet Automotive Oyj
PO Box 4
FI-23501 Uusikaupunki, Finland
Tel. +358 20 484 8111 (Switchboard)

Changes to this statement

We reserve the right to change this Privacy Policy Statement by informing of such changes internally on the internal intranet pages (for internal data subjects) and on the company’s external web page (for the external data subjects). We recommend that our data subjects read this Privacy Policy Statement on regular basis to keep track of possible changes.