Skip to main content
Jobs in Organisations Top menu
    • Data protection policies

    Website Data Protection Policy

    1. Use of the website and data protection statement

    By using the www.valtiolle.fi website, the user accepts the terms of this data protection statement.

    2. What data is collected about the user?

    We collect the user’s personal data to the extent necessary for our purposes if the user themselves provides this data on the feedback form. Providing such data is not required.

    The personal data provided is conveyed via the feedback form on the website to Palkeet’s email address; no personal data is saved on the website. Data provided by the user or data from which the individual can be identified is visible on the feedback form. Identified data can include the individual’s name, email address, phone number, possible content of the message and the time and date when the message was sent, for example.

    The website also collects anonymous data for network analytics with the Snoobi Analytics service.

    3. What is the data used for and how is it stored?

    We process the data collected for developing the service and detecting and preventing possible misuse. The data collected with feedback forms is stored in Palkeet’s email box for the necessary time.

    The data collected with the Snoobi Analytics service is stored in the Snoobi Analytics tool. The data collected, saved and analysed by Snoobi Analytics does not contain data from which the individual can be identified. Furthermore, Snoobi manages this data in accordance with its privacy policy. Further information on the Snoobi Analytics website .

    We retain identified data about the user only for as long as necessary in accordance with valid legislation.

    4. Processing and disclosure of data to third parties

    Data processing is carried out by employees of Palkeet according to the legislation regulating the processing of personal data. Palkeet retains the right to partly outsource the processing of personal data to a third party, in which case we ensure with contractual arrangements that personal data is processed according to the legislation regulating the processing of personal data.

    Palkeet does not transfer data outside the EU or EEA.

    We do not sell, rent or disclose the user’s personal data to third parties. However, we may disclose the user’s personal data in the manner required by requests submitted by competent authorities or other parties, based on legislation in force at the time.

    5. Use of cookies

    We use cookies to collect and analyse information on site performance and usage, to provide social media features and to enhance and customise content and advertisements.

    The website sends a cookie to the Snoobi Analytics service to allow the number of users and visits to be identified. The data collected about the use of the website for statistical purposes includes the number of users, the country of use, the time of visit and the browser used.

    6. Right to access data and blocking the use of cookies

    The user has the right to check what personal data has been saved about them. The user can check their personal data by contacting Palkeet (kirjaamo(at)palkeet.fi). This right of access is subject to valid legislation.

    The user may block the use of cookies by changing their browser settings according to the instructions of the browser’s manufacturer and clear any cookies from the browser’s cache. Clearing the cookies does not stop possible collection of data.

    You can contact Palkeet regarding matters related to data protection.

    Contact information on Palkeet website .

    Published 2024-1-2

    Service data protection policy

    Your rights as a data subject

    When personal data is processed in order to comply with a data controller’s statutory obligations, you have the right to:

    Receive information on how your personal data is processed

    In this privacy policy, we explain e.g. what type of personal data, governed by our notification obligation, we process and who processes it.

    Access your data

    The section ‘Right of access by the data subject, in accordance with Article 15’ of this privacy policy describes how you can exercise this right.

    Rectify your data

    The section ‘Right to rectification, in accordance with Article 16’ of this privacy policy describes how you can rectify your data.

    Restrict the processing of your personal data

    The section ‘Right to restriction of processing, in accordance with Article 18’ of this privacy policy describes when and how you can restrict the processing of your data.

    Receive information about notifications regarding a rectification or restricted processing

    This has been described in the section ‘Notification obligation regarding rectification or erasure of personal data or restriction of processing, in accordance with Article 19’ of this privacy policy.

    In addition to this, you have a right to file a complaint to a monitoring authority if you believe that the processing of your personal data breaches data protection legislation.

    Office of the Data Protection Ombudsman

    Visiting address: Lintulahdenkuja 4, 00530 Helsinki
    Postal address: PO Box 800, 00521 Helsinki
    E-mail: tietosuoja(at)om.fi
    Telephone exchange: +358 29 566 6700
    General advice for private individuals: +358 29 566 6777

    When a data controller processes data in order to comply with its legal obligations, you do not have: 1) the right to erasure (‘the right to be forgotten’) because, according to Article 17 of the General Data Protection Regulation, this right is not applicable if processing is required in order to comply with a legal obligation, 2) the right to data portability, 3) the right to object to the processing of your personal data in accordance with Article 21 because processing is required in order to comply with a legal obligation (GDPR 6(1)(c)).

    1 Controller

    The recruiting agency serves as a joint controller of the personal data held in the information system together with the Finnish Government Shared Services Centre for Finance and HR (hereinafter Palkeet). The division of our responsibilities is based on the Act on the Finnish Government Shared Services Centre for Finance and HR. According to the Act: 1) Palkeet is responsible for the technical aspects and related elements, such as useability, data integrity, data protection and data storage, of information systems required to carry out duties and provide services. 2) The other responsibilities of a controller, such as passing on information to a data subject, lie with the recruiting agency, which will serve as a contact point if a data subject wants to exercise their rights, e.g. to rectify their personal data or receive information on their personal data that is being processed.

    2 Name of the register

    The name of the register is Valtiolle.fi recruitment system’s personal data file.

    3 Purpose of data processing

    Processing applicants’ applications and managing the user rights of the applicants and the recruitment system users. The processing of personal data has a legal basis (e.g. Act on Public Officials in Central Government 19 August 1994/750, Administrative Procedure Act 6 June 2003/434, Act on the Protection of Privacy in Working Life 13 August 2004/759). Palkeet processes personal data as a joint data controller when providing services to clients, in order to comply with its legal obligations (Act on the Finnish Government Shared Services Centre for Finance and HR, 179/2019). Any security clearances will be conducted in accordance with the Security Clearance Act (726/2014). The Act on Information Management in Public Administration (906/2019) and the Archives Act (831/1994) are taken into account in the processing of materials formed in conjunction with recruitment.

    The data in the register will not be used for profiling purposes, and neither will it be subject to automated decision-making.

    4 Description of the groups of data subjects and personal data

    Data subject groups:
    The recruiting agency’s employees, persons who have applied to the recruiting agency and applicants who have submitted an open application.

    Personal data groups:
    Data related to the applicant’s registration: first name, last name and email address.
    Data related to the applicant’s user profile: first name*, last name*, legal gender, date of birth and email address (*mandatory information).
    The applicant’s mandatory identification data related to the applications: first name, last name, legal gender, mobile phone number, home address, postal code, city/town, email address, permission for electronic communication, information related to education (educational institution, degree title, field of education, education level, period, degree completed/unfinished), information related to work experience (employer, job title, job description, period). Date of birth and native tongue may be required in addition to the data above. An applicant’s nationality must be stated whenever Section 7 of the Act on Public Officials in Central Government applies to a recruiting process.
    Voluntary information related to applications: the information presented by the applicant in the application (e.g. other education and work experience information), other information presented by the applicant to support the application (e.g. employee records/CV, school and study certificates, reference letters, people listed by the applicant for reference), other necessary information related to the terms of the application for the job and filling the position.

    5 Groups of recipients of personal data to whom personal data has been or will be disclosed

    Data linked to applications submitted via Valtiolle.fi may be disclosed upon request in accordance with the Act on the Openness of Government Activities. In principle, application documents are public; any data that is subject to secrecy under the aforementioned Act, such as data concerning private life, annual income, net worth, political convictions, a social welfare client relationship or state of health, will be covered up in documents to be disclosed, if necessary. The applicant’s contact information is subject to secrecy if the applicant has requested it and they have a justified reason to believe that their own health or safety or that of their family are in jeopardy. The types of data that are to be kept secret are specified in section 24 of the Act on the Openness of Government Activities. Secret information is only displayed or disclosed 1) with consent of the person in question, 2) to the person in question, or 3) based on a statutory right. Information is disclosed to Grade Solutions Oy for the provision of support and maintenance services for the Valtiolle.fi system.

    6 Transferring personal data to third countries or international organisations

    Information is not transferred outside the EU/EEA or to international organisations.

    7 Due dates planned for the deletion of data groups

    Recruitment applications are stored in the system for two years after the recruitment process, after which they are anonymised and their information will only be available as numbers in reporting data. Regarding open applications, the applicant themself can determine the storage period, which is a maximum of two years. The applicant’s user ID and the information saved in it, as well as any open applications, are removed automatically when the user ID has been inactive for a year. The applicant will be notified before the user account’s erasure. The applicant can also remove their user account at any time via their user profile. When the user profile is removed, the open applications will also be removed. Applications sent in for recruitment processes and their information will remain in the system in the corresponding recruitment projects until anonymised as described above.

    The recruitment information is stored in the recruiting agency. The storage periods are determined according to the Archives Act (831/1994), the National Archives Service’s Decree (AL 16465/07.01.01.03.02/2016) and an agency-specific records creation plan.

    8 Description of the technical and organisational protective measures

    A. Materials processed manually

    Materials processed manually are only handled by trained personnel in locked facilities, in accordance with the protection level required by specific data. At least a basic security check is carried out by the Security Police on all the employees of Palkeet.

    B. Materials processed digitally

    The data in the register is protected against unauthorised viewing, alterations and erasure. The protection measures include user authorisation control, technical protection of databases and servers, physical protection of the facilities, access control, protection of telecommunications, and backup copies of the data. A right to access and process the data is granted if required by a work role. Access to the system is based on personal user identification. Administrative controls are used in order to ensure that the operations are carried out appropriately.

    9 Data sources when the data is not received from the data subject

    With an applicant’s permission, information relevant to the recruitment process may be acquired from other sources and recorded in the Valtiolle.fi system.

    The user information of a recruitment system user is recorded in the system during the user’s registration or when another person creates a user account for them. Professional access rights are granted based on a separate access request.

    10 The data subject’s right to access the information in accordance with Article 15

    A data subject is entitled to the data controller’s confirmation on whether their personal data is processed, and, if the data is processed, to access their personal data.

    A data subject is entitled to the data controller’s confirmation on whether their personal data is processed, and, if the data is processed, to access their personal data.

    The data subject has access to their application information through the Valtiolle.fi system. The data subject can print out the data in their use profile as a JSON file. For personal data inaccessible to the data subject through the Valtiolle.fi system, the data subject may submit a validation request to the agency to which they sent their application. As regards open applications, the validation request must be directed to the Finnish Government Shared Services Centre for Finance and HR at the address hakijapalvelu@palkeet.fi

    11 The right to correct data, in accordance with Article 16

    A data subject may request that the data controller rectify, without undue delay, any inaccuracies or errors in the data subject’s personal data. A data subject may update their user information via a user interface of the system by logging in to their user profile. If the data subject does not have a user ID for the system, they may update their personal data by sending a written personal data notification to the recruiting agency.

    12 Right to restriction of processing, in accordance with Article 18

    A data subject has a right to have the data controller restrict the processing, if: 1) the data subject denies the accuracy of their personal data, in which case its processing will be restricted until the data controller has verified the accuracy of the data; 2) the processing violates legislation, and the data subject objects to the erasure of their personal data and instead demands that the use of the data be restricted; 3) the data controller no longer requires said personal data for processing purposes, but the data subject needs the data to establish, file or defend a legal claim.

    If a data subject denies the accuracy of their personal data, the processing of said data is restricted until the data controller is able to verify its accuracy. The data subject must submit a request, accompanied by the grounds based on which the request is made, to the controller’s representative (see section 1 of this form), after which the controller will restrict the processing of the personal data in question within the information system. The processing is restricted by limiting access to the data, in order to prevent its use. The data controller must request that access rights be restricted.

    13 Notification obligation regarding rectification or erasure of personal data or restriction of processing, in accordance with Article 19

    The data controller must submit notifications of all rectifications, erasures and processing restrictions concerning personal data, based on Articles 16 and 18, to all recipients to whom personal data has been disclosed, unless this proves to be impossible or requires unreasonable effort. The data controller must notify a data subject of these recipients, if the data subject requests this information. If a data subject requests information about the recipients, they must submit this request to the controller’s representative (see section 1 of this privacy policy).

    Updated 24 September, 2024.

    Open jobs
    Latest jobs
    The deadline is approaching

    Jobs in English
    Jobs in Swedish
    Remote Work Opportunity

    Applicants´s Help
    Get to know employers
    News and events

    Nordic Council of Ministers
    Job vacancies in the EU
    NATO`s Open Positions
    Valtiolle

    Valtiolle.fi is the job search service of the Finnish government. Our service is a showcase for working in the state and an application channel for open jobs and internships in the state. Our service constantly has hundreds of positions open for versatile work tasks in Finland and abroad.

    Open cookie settings

    Our online service uses cookies to improve the user experience.By using the service, you accept the use of cookies. See the service's data protection policies  and accessibility policy .

    Give feedback about the site .
    Give feedback on accessibility .