Kamux Group 24.5.2018
1. General information
The purpose of this Privacy Notice is to inform the job applicants of Kamux Group (later “we”, “Kamux”) what personal data we collect, how the data is used and to whom the data is disclosed. The Privacy Notice also informs you about the obligations and legislation we follow when processing your personal data.
Kamux is dedicated to protecting your privacy and commits to adhere to the provisions of the European Union’s General Data Protection Regulation (2016/679, later “GDPR”) and applicable national laws concerning the processing of your personal data.
This Privacy Notice applies to the current and former job applicants whose personal data we process (later “you“ or “data subject”).
Personal data refers to information, which allows a person to be directly or indirectly identified as an individual person, as defined the GDPR. Examples of Personal data: name, email address AND date of birth.
2. Controller and data protection officer
2.1 Controller
Kamux Group
Address: Parolantie 66, 13130 Hämeenlinna, Finland
Kamux Group is a group of companies whose parent company is listed on the Nasdaq Helsinki. Companies belonging to the Kamux Group: Kamux Oyj, Kamux Suomi Oy, Suomen Autorahaksi Oy, KMX Holding AB, Kamux AB and Kamux Auto GMbH.
2.2 Point of contact
HR Director: Marjo Nurmi Phone: +358 (0) 50 632 16
Email: marjo.nurmi@kamux.fi
2.3. Data Protection Officer
Chief Digital Officer : Jarkko Lehtismäki
Email: privacy@kamux.fi
3. Purpose and legal basis of the processing of personal data
The purpose of the processing of personal data is to recruit new employees to us and to offer open positions to the job applicants. This is the legitimate interest that is the primary legal basis for the processing.
In addition, the processing of personal data is based on consent for possible background checks and for storing your data longer than necessary after the termination of the recruitment process. You can withdraw your consent at any time (see later, Rights of the data subjects ( job applicants) and Supervisory Authority).
Your personal data can also be processed to manage the legal obligations related to the rights and obligations of the parties.
If you are hired, the primarily legal basis for processing your personal data is the employment contract and its preparations. The processing of your data will continue according to the Privacy Notice for employees.
4. Personal Data processed and sources of information
We process only personal data that is necessary for the recruitment.
Personal data processed:
| Categories of personal data | Example of data |
| 1. Contact and identity information | Name and contact details. |
| 2. Job application, education data and work history | Job application, CV and possible other data regarding work history, exams, skills and references. |
| 3. Suitability test data (voluntary) | Suitability test results. |
| 4. Additional data (voluntary) | Job applicant’s preferences and other data shared voluntarily during the recruitment process. |
| 5. Background check data (voluntary) | Possible credit data check or security screening results.
Answers/comments from contacted references (these background checks are performed only with the consent of the job applicant) |
The personal data defined in the points 1.-2. are mandatory to be able to join a recruitment process.
The other personal data is voluntary. However, if we ask you to participate in a suitability test or we want to perform a background check, and you decline, we may not be able to evaluate you properly. We may also terminate the recruitment process.
Sources of personal data:
The primary source of personal data is you. You provide us your personal data when you submit your job application and participate in our recruitment process. You may also have submitted your personal data to the recruitment companies we utilise in the recruitment process. We can receive your personal data from the recruitment companies that we ask to provide us suitable candidates or to perform suitability tests on our job applicants.
In addition, we may collect your personal data from 3rd parties that perform background checks, but only with your consent.
5. Retention of personal Data
The personal data we collect are retained for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law (e.g. specific legislation, accounting or reporting requirements or obligations), or we need to resolve possible disputes.
The retention periods depend on the purpose of the processing and type of the information. Personal Data and retention periods are listed in the table below:
| Category of Personal Data | Retention period or criteria used to determine the period |
| All data regarding a job applicant for a specific position | 12 months after the termination of the recruitment process for a specific position
unless we ask and receive consent to save the data longer, or unless the job applicant is hired, in which case the personal collected continues to be processed according to the Privacy Notice for employees |
| All data regarding a job applicant that has submitted an open job application | 12 months if the job applicant does not join a recruitment process for a specific position
unless we ask and receive consent to save the data longer |
6. Recipients of personal data
Personal data can be transferred within the Group is necessary for the purposes of this Privacy Notice.
We may transfer your personal data to 3rd parties that perform suitability test. In addition, your personal data may be processed by our IT service providers, but only to the extent necessary to provide the service.
Personal data is disclosed to the following recipients:
- HR and recruitment system provider: Visma Oy and TalentAdore Oy
- Recruitment companies (on occasion) if used during the recruitment process
In a case of emergency or other surprising occasions, we may need to disclose the personal data to protect lives and health, and rights and property. We may also disclose the personal data to exercise legal claims.
We can be obliged to transfer personal data to the third parties involved in any merger, sale of our assets, or other similar arrangements. We will continue to ensure the confidentiality of your personal data give appropriate notice when necessary.
Transfer outside EU/EEA
We do not transfer your personal data to countries outside the European Union or the European Economic Area.
7. Protection of Personal Data
We commit to follow to the security provisions of applicable data protection regulations, as well as to process personal data in compliance with good processing practices.
Personal data are protected with appropriate technical and organizational measures. We store the information in locked environments with limited physical access rights and secure IT-environments. The IT-environments are protected with adequate security technics, and advanced monitoring is done 24/7. Our personnel and processors that process personal data are obliged to keep personal data strictly confidential. The employees sign a confidentiality agreement in connection to the conclusion of the contract of employment. Access to your personal data is only granted to those employees that need the information to perform their work tasks (the recruitment team). Employees and processors have personal IDs and passwords.
We inform the authorities and data subjects of data breaches according to applicable information security and data protection regulation(s).
Rights of the data subjects ( job applicants) and Supervisory Authority You have the rights set out in the applicable data protection legislation.
Right to access and verify
You have the right to have confirmed if we process your personal data.
You have the right to verify and access your personal data and to request us to provide you the data in writing or electronically.
Right to correct and erase (right to be forgotten)
You have the right to have corrected any incorrect or incomplete personal data. You have also the right to request us to remove data.
We also remove, correct and complete incorrect, unnecessary, incomplete or outdated data on our own initiative when we notice such data.
Right to data portability and to object and restrict processing
You have the right to transmit your data to another controller.
You have the right to request us to restrict processing of your personal data in accordance with the conditions set out in the data protection legislation. We will also restrict the processing of your personal data if we cannot correct or remove incorrect data, or if there is any uncertainty related to request to erase your data.
You have the right to object to processing of your personal data for certain purposes.
Right to withdraw consent
If the processing of your personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
How to exercise the rights of the data subjects
You can use these rights by contacting us using the contact information provided in the beginning of this document, requests are primarily directed to the point of contact.
We will comply with your request unless we have legitimate grounds to refuse the request.
Right to lodge a complaint with the supervisory authority
In case you consider our processing activities of your personal data to be inconsistent with applicable data protection legislation, you have the right to complain to the data protection supervisory authority:
Data Protection Ombudsman
Address: Ratapihantie 9, 6th floor
00520 Helsinki, Finland
Tel: +358 29 56 66700
Email: tietosuoja@om.fi
8. Changes to this Privacy Notice
We may have to change or update this Privacy Notice from time to time, whenever necessary. The need for a change may arise from changes in the legislation. We recommend you to read this Privacy Notice regularly. All changes hereto will be made available on our web site. In addition, we will inform you by email of any significant changes affecting your rights if necessary.
This Privacy Notice has been published on 24.5.2018. Change history
| Version number | Change description | Date |
| Data Protection Officer | 14.2.2022 | |
| Chief Digital Officer | 23.4.2024 | |