top of page

Privacy policy

Tietosuojaseloste

Privacy policy

1. Data Controller

Armstrong Ammattiturva Oy (hereinafter referred to as the "Data Controller”).

Business ID: 3241642-2.

Address: Valssipadonraitti 3, 33100 Tampere.

Email: info@armstrong.fi.

​

2. Name of the Register

Recruitment Register.

​

3. Purposes and Legal Bases for Processing Personal Data

The Data Controller collects and processes personal data for the following purposes:

  • Receiving, storing, and managing applicants’ personal data.

  • Updating personal data during the recruitment process (e.g. during interviews).

  • Supplementing personal data with suitability assessments and other recruitment-related information.

  • Comparing applicants’ data with the requirements of open positions.

  • Presenting applicants’ data to the Data Controller’s clients for recruitment evaluation.

  • Creating summaries of applicant data using artificial intelligence (no automated decision-making).

  • Communicating with applicants during the recruitment process or regarding other suitable opportunities.

 

The processing of personal data is based on the following legal grounds under the EU General Data Protection Regulation (GDPR):

  • Consent (GDPR 6.1.a): the applicant’s consent to the processing and disclosure of their data to the Controller’s clients.

  • Legitimate interest (GDPR 6.1.f): the need to assess applicants’ suitability and provide recruitment services.

  • Performance of a contract (GDPR 6.1.b): measures taken at the request of the applicant prior to entering into a contract.

​The applicant has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

​

4. Categories of Personal Data Processed

The register may include the following categories of personal data:

  • Applicant’s basic information (name, email address, phone number, address).

  • Applicant’s work history, education, and skills.

  • Applicant’s language skills, certifications, and qualifications.

  • Applicant’s CV, cover letter, references, and other attachments.

  • Information provided during interviews and any related assessments.

  • Possible interview recordings (only with the applicant’s consent).

  • Records of the applicant’s consent for data processing and sharing.

  • AI-generated summaries based on the applicant’s data.

If special categories of personal data (e.g. health data) are processed, such processing is based on the applicant’s explicit consent and limited to what is necessary for the position in question.

​

5. Data Retention Period

Personal data is retained as follows:

  • For the duration of the active recruitment process.

  • For a maximum of 12 months after the end of the recruitment process.

  • For a longer period if the applicant provides consent for future recruitment opportunities.

The applicant may request the deletion of their data at any time, unless there is a legal obligation to retain the data.

​

6. Recipients and Disclosure of Personal Data

Personal data may be disclosed to the Data Controller’s clients who participate in evaluating applicants during the recruitment process. The data shared may include the applicant’s application materials and profile (such as CV, application, interviews, and assessments) to the extent necessary for carrying out the recruitment process and filling the position in question. Personal data will not be disclosed to other third parties without the applicant’s consent unless such disclosure is required by law.

​

The Data Controller may use external service providers, such as recruitment systems, which process personal data on behalf of the Data Controller. These service providers act as data processors and process personal data based on written data processing agreements.

​

7. Transfer of Data Outside the EU/EEA

As a rule, personal data is not transferred outside the EU or EEA. If such transfers are necessary for the recruitment process, appropriate safeguards will be implemented in accordance with the GDPR (e.g. EU Standard Contractual Clauses).

​

8. Principles of Data Protection

Access to the register is restricted to individuals who require it for their work duties. Access rights are limited so that users can only access personal data that is necessary for their specific tasks (e.g. applicants related to a particular recruitment process or position). Personal data is protected through appropriate technical and organizational measures, such as access control and secure authentication.

​

9. Rights of the Data Subject

The data subject has the following rights under the GDPR:

  • Right of access to their personal data.

  • Right to rectification or completion of data.

  • Right to erasure (“right to be forgotten”).

  • Right to restriction of processing.

  • Right to object to processing based on legitimate interest.

  • Right to data portability.

  • Right to withdraw consent.

  • Right to lodge a complaint with a supervisory authority (Office of the Data Protection Ombudsman).

The information may be edited by the applicant or requested to be deleted in https://talent.armstrong.fi/data-privacy or by contacting the Data Controller.

​

10. Other Information

This privacy notice may be updated from time to time. The latest version is available on the Data Controller’s website. Last updated: 27 April 2026.

bottom of page