Purpose and legal grounds of the processing of personal data
Stevena processes personal data for the following purposes:
Processing is based on the company’s legitimate interests to process job applications and select employees.
Customer and marketing communication
Processing is based on the company’s legitimate interests to communicate business information to current and potential customers.
Processing is based on the company’s legitimate interests to deliver ordered services.
Verification of customer service events
Processing is based on the company’s legitimate interests to verify previous assignments and the controller’s statutory obligation to retain accounting material in accordance with the Accounting Act.
Processing is based on preventing security risks to assets and people.
Processing is based on the company’s legitimate interests to develop the website based on user analytics.
Personal data processed, data sources and groups of data subjects
Personal data processed for recruitment purposes includes the job-seeker’s name, personal identity code, address, telephone number, email address, education, previous jobs and, if the job-seeker so requests, a video recording. Stevena does not separately request any other data. However, job-seekers can also provide other personal data in their job application. All personal data related to recruitment is obtained directly from data subjects. In some situations, Stevena uses an external recruitment partner which sends the data obtained to Stevena.
Personal data processed for customer and marketing communication purposes includes a name, address and email address.
For providing customer service and verifying customer service events, Stevena processes the names, addresses, telephone numbers and email addresses of private and corporate customers. Stevena also processes this same data about subcontractors that carry out services in the name of Stevena. Data is obtained directly from data subjects or their employers.
Due to video surveillance, recorded surveillance footage of persons within the premises or in close proximity of the premises as well as information on licence plate numbers of vehicles and spatial data (the location of the camera can be used to determine the location of the person visible on the footage) are processed.
A cookie is placed on browsers of persons visiting the stevena.fi website that is used to save a random identification number for the browser used. Stevena uses this browser data to monitor what sections of the stevena.fi website visitors visit and the time they spend in each section.
Recipients of personal data
The personal data processed by Stevena can be processed by suppliers of IT services, software and security services that act as subcontractors and maintain and operate systems that contain personal data within the scope of the service they provide.
In recruitment processes, some job-seekers undergo an aptitude test, in which case personal data about job-seekers is also processed by the company that conducts the aptitude test.
No personal data is transferred outside the EU or EEA.
Data used in customer service, the verification of customer service events and customer and marketing communication is retained for ten years. Data used in recruitment is retained for one year. The video surveillance data is retained for two months. The cookies expire and are deleted after two years from the last visit to the stevena.fi website.
Rights of data subjects
Data subjects have the following rights related to their personal data, taking any restrictions set in the data protection legislation and other laws into account:
• the right to access personal data
• the right to have data rectified
• the right to have data erased
• the right to restrict processing
• the right to object to processing
• the right to have data transferred from one system to another
If the processing of personal data is based on consent given by data subjects, they have the right to withdraw their consent, at any time, by emailing email@example.com.
If a data subject deems that the processing of their personal data is in breach of the EU General Data Protection Regulation, they have the right to file a complaint with the supervisory authority, particularly in the member state in which their permanent place of residence or work is or in which the alleged breach has taken place. This right does not restrict any other administrative means of change application or legal protection.