Data processing purposes and legal grounds
We process your personal data only to the extent necessary to find the most suitable employee and make the necessary preparations for concluding an employment agreement.
This includes the following purposes and legal grounds.
- Taking pre-contractual measures for an employment contract and processing your data on the basis of our legitimate interest – we must process information about your qualifications, previous experience, skills and competences, to evaluate your suitability for the position you are applying for. We will only ask for information that is necessary in the relevant phase of the recruitment process and that we have a legitimate interest in as your potential employer, based on the nature of the specific employment relationship and the requirements of the position to be filled.
- Processing based on the consent of the Data Subject - if you are not selected to the position you initially applied for, we may ask for your consent to retain your personal data for up to 36 months, to invite you to apply again in case of job openings which might be suitable for you.
Data categories and sources
The personal data we process during recruitment typically includes your name, address, contact information, work experience and education, achievements, identity documents and test results. During the recruitment process we might ask you to complete tests or occupational personality profile questionnaires, submit home works or attend interviews. Thereby information related to you will be generated and recorded. For example, you might complete a written test, or we might take notes on your interview.
For successful candidates we may further conduct a background check prior to making a job offer, including collecting data related to criminal offences and proceedings, to the extent permitted by applicable law.
During the recruitment process, Cybernetica refrains from the processing of special categories of personal data, revealing one’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, health data and data concerning one’s sex life and sexual orientation.
To the extent possible, we collect personal data directly from you, when you apply for a role with us. We may also receive personal information about you from other sources, such as from the persons you indicate as your referees, or when making inquiries in connection with background or employment checks. Please note that in case you indicate any references, we presume you have an appropriate legal basis (like consent) for providing us personal information about the referees.
We may also view information that has been disclosed under the law, such as public records, court decisions, official notices and journalistic texts. We may also collect personal data about you online to the extent that you have chosen to make this information publicly available. For example, we may find your profile on professional social media websites (such as LinkedIn).
Cybernetica as the controller may, if necessary, engage processors who have the right to use or access the data only for the purpose of performing their contract with Cybernetica. This includes recruitment agencies and third parties providing tools for managing our recruitment process.
Only a very limited number of employees of Cybernetica, such as management team members, direct line managers and HR staff, have access to your personal data. We do not disclose any information about your application to any other third parties, unless we have a legal obligation to do so or we have your consent.
Rights of the Data Subject
You as a Data Subject have certain rights concerning your personal data and we as a controller have an obligation to enable these rights to be exercised. In situations where Cybernetica decides how and why personal data is processed, Cybernetica is the controller and must provide further information on the rights of data subjects and the use thereof.
- Access to personal data – the Data Subject has the right to access his or her personal data that is being held by Cybernetica as the controller.
- Correction of personal data – the Data Subject has the right to request the correction of his or her personal data that is being held by Cybernetica as the controller. Once Cybernetica has been informed that the personal data it is processing in its capacity as controller is no longer up-to-date and if changing that data is practically possible, Cybernetica will make corrections, if necessary, on the basis of the updated information provided to Cybernetica.
- Deletion of personal data – the Data Subject has the right to request the deletion of his or her personal data if this is justified due to a specific situation. In such a case, Cybernetica will delete the personal data, unless it demonstrates that there is a valid legal basis for processing or imposing, using or protecting legal requirements.
- Restrictions on or the submitting of objections to the processing of personal data – The Data Subject has the right to restrict or object to the processing of his or her personal data at any time, if this is justified by a specific situation. In such a case, Cybernetica shall refrain from the further processing of personal data or shall restrict the processing of personal data, unless it is able to demonstrate that there is a valid legal basis for the processing or the establishment, use or protection of legal requirements.
- Information on the transfer of personal data – The Data Subject has the right to request information on the possibility of transferring his or her personal data in a structured, commonly used, machine-readable and interoperable format. If this is technically feasible, the Data Subject has the right to transfer personal data directly from one controller to another; however, it should be borne in mind that controllers are not obliged to adopt or maintain technically compatible data processing systems.
- Withdrawal of consent – If Cybernetica is processing personal data based on the Data Subject’s consent, the Data Subject shall have the right to withdraw his or her consent at any time.
If you wish to submit a request to Cybernetica to exercise the above right(s), please send a relevant e-mail to the address firstname.lastname@example.org.
Cybernetica has implemented organisational, physical and IT security measures in accordance with ISO/IEC 27001: 2013 requirements to protect data from unintentional or unauthorised processing, disclosure or destruction. These measures cover the entire organisation, including people, information, infrastructure and equipment.
We do not use any automated decision-making in the recruitment process, all the decisions throughout the process are made by our employees.
Cybernetica retains personal data of unsuccessful applicants for one year for the sole purpose of defence of potential legal claims.
If you wish to submit a complaint to Cybernetica regarding the use of your personal data, please send a relevant e-mail to the address email@example.com. In addition, you always have the right to file a complaint with the Estonian Data Protection Inspectorate or to apply to a court.
If you have questions about this Privacy Notice or want to know more about how and why we process personal information, please contact us:
Address: Mäealuse 2/1, 12618 Tallinn, Estonia
Cybernetica reserves the right to modify this Privacy Notice. We will post any updated versions of our Privacy Notice on this page.