Data controller

Name: Oral Hammaslääkärit Ltd
Business ID: 2863321-3
Postal and street address: Linnoitustie 6 B, FI-02600 Espoo, Finland
Tel.: +358 (0)10 400 3010 (switchboard)

Contact person in matters concerning the register

Name: Jenna Pankolainen
Email: rekry@oral.fi

Contact information of the Data Protection Officer

Name: Sanna Elomaa
Email: tietosuojavastaava@oral.fi

Name of the register

Oral Group’s recruitment register (Teamtailor)

Purpose of and legal basis for the processing of personal data

The purpose of the processing of personal data is the recruitment of staff (including independent professionals) for the Oral Group. The processing of personal data is based on the consent given by data subjects (e.g. the processing of an applicant’s employment application, the conduct of personal and suitability assessments as well as the storage and processing of the data for subsequent recruitment purposes) and on Oral’s legitimate interest (e.g. conducting the recruitment process).

Categories of data subjects

Employment applicants of the Oral Group (including independent professionals)

Data content of the register

The recruitment register contains the following personal data on applicants which is necessary for the recruitment process and for the position being applied for:

Basic information:

  • first name and last name
  • contact details (such as postal address, email address and telephone number)
  • place of residence
  • job title

Data relating to the application and data collected during the recruitment process:

  • data related to the assessment of qualifications, suitability and competence of the applicant, such as previous work experience, educational background, language skills and other skills
  • data related to the job application and CV submitted by the applicant
  • data about the position being applied for
  • data generated during the recruitment process, such as interview and other notes, data related to personal and suitability assessments, and data related to the progress of the recruitment process and selection
  • email correspondence and other communication
  • information on whether the applicant’s application can be used in other Oral Group’s recruitments
  • possible additional information provided directly by the applicant

Other information:

  • information on whether the applicant has enabled the Connect function
  • email address and used search terms if the applicant has ordered an automatic job alert via the Connect function

Regular sources of the register’s data

The data is primarily retrieved directly from the data subject. Data may also be collected from the references given by the applicant and from public registers within the oral health care industry (e.g. the central register for social and health care professionals), and, with the applicant’s consent, from other public sources (such as LinkedIn). In addition, data generated during the recruitment process is stored in the register.

Regular disclosure of data

The personal data are not regularly disclosed to third parties.

Oral may use external service providers for its recruitment processes and for personal and suitability assessments, including recruitment consultants and expert assessors. In these cases, Oral is committed to ensuring that the service provider shall process the personal data only to the extent necessary for the purposes of providing the service.

The technical platform of the recruitment register is an electronic recruitment system, the supplier of which (Teamtailor AB) is responsible for the technical implementation of the system and, therefore, acts as a processor of personal data.

Transfer of data outside the EU or EEA

The data in the electronic recruitment system is regularly processed outside of the European Union or the European Economic Area as follows:

  • The information provided by the applicant on the application form or in its attachments is processed in the United States by a sub-processor of the supplier of the recruitment system (Section.io). The protective measures required by the EU General Data Protection Regulation have been implemented by the supplier of the recruitment system in the following manner: the supplier of the recruitment system (Teamtailor AB) and the sub-processor (Section.io) have concluded an agreement on the transfer of data in accordance with the standard contractual clauses (SCC) approved by the EU Commission.
  • Information about the applicant may be processed in the United States by a sub-processor of the supplier of the recruitment system (Intercom) in those situations where Oral is in contact with the customer support of the recruitment system. The protective measures required by the EU General Data Protection Regulation have been implemented by the supplier of the recruitment system in the following manner: the supplier of the recruitment system (Teamtailor AB) and the sub-processor (Intercom) have concluded an agreement on the transfer of data in accordance with the standard contractual clauses (SCC) approved by the EU Commission.
  • Information about the applicant’s use of the website is processed in the United States by a sub-processor of the supplier of the recruitment system (Google). The protective measures required by the EU General Data Protection Regulation have been implemented by the supplier of the recruitment system in the following manner: the supplier of the recruitment system (Teamtailor AB) and the sub-processor (Google) have concluded an agreement on the transfer of data in accordance with the standard contractual clauses (SCC) approved by the EU Commission.

In addition, data transfer may take place outside of the European Union or the European Economic Area, for example, in the event that an applicant or a person participating in the recruitment process is located outside of the European Union or the European Economic Area when using the electronic recruitment system. In this case, the data security of the processed data is ensured by using encrypted communication connections.

The principles of register protection:

The service provider of the electronic recruitment system (Teamtailor AB) is responsible for the technical protection of the data stored in the register, which includes, for example, the system’s internal data security, access control, software security updates and backups. In addition to internal tests, the data security of the recruitment system is also tested with data security checks carried out by a third party. Communication between the recruitment system and a user’s browser is always protected by strong encryption.

User rights in the register are limited to the personnel responsible for recruitment. Each person using the register has a personal user ID and password to access the system. All personnel with access to the data in the register are bound by confidentiality.

Data retention period

The personal data of applicants is stored for twenty-four (24) months after the submission of an application. Upon the applicant’s consent (e.g. for subsequent recruitment purposes), the aforementioned retention period may be extended.

The data of the selected applicant will be transferred to Oral Group’s human resources management register. Further information on the processing of personal data can be found in the privacy notice of Oral Group’s human resources management.

With the applicant’s consent, data can be transferred to Oral Group’s stakeholder register of health care professionals. Further information on the processing of personal data can be found in the privacy notice of Oral Group’s stakeholder register of health care professionals.

Rights of the data subject

Right of access
Applicants have the right to inspect what personal data on them has been stored in Oral’s recruitment register. The inspection request can be made through the data protection section of Oral’s career website or by logging in to the service via the Connect function. Alternatively, the inspection request may be submitted to the contact person of the register in writing.

Right to request the rectification of data
Applicants have the right to request the rectification of inaccurate personal data concerning them. The rectification request must be submitted to the contact person of the register in writing.

Right to request the erasure of data
Applicants have the right to request the erasure of personal data concerning them in the register unless there is a legal basis for the retention of the data (e.g. a legally decreed period of complaint on the decision of the recruitment process). The request to erase personal data is made through the data protection section of Oral’s career website or by logging in to the service via the Connect function. Alternatively, the erasure request may be submitted to the contact person of the register in writing.

Right to request the restriction of the processing of personal data and the right to object to the processing of personal data
Applicants have the right to object to the processing of their personal data on the grounds of personal circumstances, insofar as the processing of data is based on the legitimate interest of Oral. In addition, applicants have the right to request the restriction of the processing of their personal data under certain circumstances. The restriction and/or objection request concerning the processing of personal data must be submitted to the contact person of the register in writing.

Right to withdraw a consent regarding the processing of personal data
Applicants have the right to withdraw their consent regarding the processing of personal data at any time. The consent can be withdrawn by submitting a request to the contact person of the register in writing.

Right to data portability
To the extent the data has been provided directly by the applicant, applicants have the right to request for it to be transferred in electronic format. The transfer request must be submitted to the contact person of the register in writing.

Right to lodge a complaint to the supervisory authority
Applicants have the right to lodge a complaint concerning failures in the processing of personal data to the supervisory authority (Data Protection Ombudsman).


Date of preparation: 15 November 2022