Psyconline Data Privacy Statement

Last updated July 10, 2023

Register maintained by

Psycon Oy (Business ID 0807347-4)
Mannerheiminaukio 1
00100 Helsinki, Finland

Contact person for register matters

Sinikka Viinikainen
Psycon Oy
Mannerheiminaukio 1
00100 Helsinki, Finland
tel +358 20 710 1200
firstname.lastname@psycon.com

Name of register

Psyconline personnel assessment services participant register.

Purpose of processing personal data

The processing of personal data is based on the consent given by the data subject.

The register will be used to store the information on the persons participating in the personnel assessments and which is used for carrying out the assessments on behalf of Psycon Oy’s employer-clients and Psycon’s own recruitment processes. The personal data collected in the register is necessary for the job search process and hiring decisions. Failure to provide information may result in the discontinuation of the job search process.

Data content of the register

All the information that the person themselves give is saved in the register. Information to be filled in on the form:

name
date of birth (for identification of the person)
phone number
email address
gender
education
language
current employer
current job
the person’s responses to the tasks in the personnel assessment

In addition, a person may choose to upload their résumé.

Storage period of personal data

Personal data is stored for 24 months from the time of recording. After this, personal data is anonymized so that it is no longer possible to identify any one respondent. After anonymization, it is no longer possible to return the data to its original form. Anonymized data is only used after two years for statistical and research purposes.

Regular sources of information

The primary source of information is the participant in the personnel assessment themselves. This information can be supplemented by Psycon Oy personnel and persons involved in the selection process of the client in question.

Regular information handover

No register information is disclosed to outside parties, i.e. to parties not involved in the production, development, or maintenance of Psycon’s evaluation services.

Data transfer outside EU or EEA

Profiling and automated decision-making

The data in the register is not used for profiling purposes. The service does not use automatic decision-making.

Register protection principles

Access rights to the registry are exclusively available to persons participating in Psycon Oy’s assignments. Access to the information contained in the register is protected by personal user IDs and passwords. Psycon Oy is responsible for the technical protection and data security of the contents of the register. These protections are adequate and appropriate, and generally accepted in the security industry. They are also kept up to date with technological developments in the field. The servers in which the data is stored are kept in locked and cooled equipment rooms that are physically accessible only to designated persons. The servers are protected against malicious software and unauthorized access with software security and firewalls.

The data subject’s right to withdraw their consent

The data subject has the right to withdraw their consent to the processing of their personal data at any time by informing Psycon Oy. This is to be done in writing and sent by email to dataprivacy@psycon.com.

The data subject’s right of access to their data (right to inspection)

The data subject has the right to check what data concerning them is stored in the Psyconline personnel assessment services participant register. Requests for inspection must be made in writing and sent by email to dataprivacy@psycon.com. The right to inspection can be denied on legal grounds. Exercising the right to inspection is in principle free of charge.

However, Psycon Oy has, on the basis of the copyright on the methods used in personnel assessments, the right to refuse to disclose copyright-protected information in the register.

Psycon Oy may, if necessary, ask the data subject to clarify their request in writing and the identity of the data subject may be verified before any action is taken.

The data subject’s right to rectification, erasure and restriction of the processing of data

The data subject has the right to have any personal data pertaining to them rectified, erased or completed that may for the purposes of data processing be erroneous, unnecessary, incomplete or obsolete. The right to rectification can be denied on legal grounds. Psycon Oy has the right to refuse a request for rectification if the storing of data is necessary to comply with a statutory requirement that necessitates processing on legal grounds. Requests for rectification and erasure must be made in writing and sent by email to dataprivacy@psycon.com.

The data subject also has the right to have Psycon Oy to restrict the processing of their personal data in such situations where, for example, the subject is waiting for Psycon Oy’s response regarding a request for rectification or erasure.

Psycon Oy may, if necessary, ask the data subject to clarify their request in writing and the identity of the data subject may be verified before any action is taken.

The data subject’s right to transfer data between systems

Insofar as the data subject has personally provided data for the Psyconline personnel assessment services participant register which are processed with the consent of the data subject, the data subject has in principle the right to receive this data for themselves in a machine-readable format as well as the right to transfer this data to another data controller. However, Psycon Oy has, on the basis of the copyright on the methods used in personnel assessments, the right to refuse to disclose copyright-protected information in the register.

Psycon Oy may, if necessary, ask the data subject to clarify their request in writing and the identity of the data subject may be verified before any action is taken.

The data subject’s right to lodge a complaint with the supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if the data controller has failed to comply with applicable data protection regulations.