Privacy Policy for Applicants

Last updated: 13 May 2022

This Privacy Policy for Applicants (“Privacy Policy”) stipulates how Milrem AS as the controller of personal data processes the personal data provided by job applicants as prospective employees, as well as privacy rights available to job applicants.

This Privacy Policy applies to all our job applicants. If appropriate, this Privacy Policy shall also apply to internship applicants.

1. Controller of personal data

The controller of your personal data is Milrem AS (“Milrem”, “we”, “us” or “our”). Milrem is responsible for ensuring that your personal data is processed in accordance with this Privacy Policy and applicable personal data protection laws, in particular with the General Data Protection Regulation (EU) 2016/679.

Contact details of the controller:

Milrem AS

Registry code: 12494266

Address: Betooni 1, Tallinn 13619, Estonia

Phone number: +372 662 0865

E-mail: info@milrem.com

2. Collection of personal data

As your prospective employer, we collect your personal data in a variety of ways. In particular, we collect personal data provided directly by you during the recruitment process. We may also receive your personal data from recruitment agencies. To the extent permitted by applicable law, we may also collect your personal data from third parties, such as public databases and recruitment portals, and also by contacting your educational institution and/or previous employers for information about your qualification, skills or professional qualities.

We may collect certain personal data necessary for the recruitment process, including:

  • general personal data, such as your name, personal identification code, home address, e-mail address, phone number, citizenship, gender, date and place of birth;
  • information contained in your application, such as your level of education, educational institution, previous work experience, qualifications, language skills and reference letters (including the data on person making the reference);
  • data collected and processed during the recruitment process, such as information on the status of the recruitment process, comments on your application, recruitment interviews and details of suitability tests and assignments, if applicable; and
  • if applicable, information about your background check, such as information about your right of access to classified information;
  • data collected through video surveillance, if you visit our premises, but only to the extent needed to protect our legitimate interest to maintain security and establish, exercise or defend legal claims. Please note that this policy applies to the video surveillance which is installed in the common areas of our premises.

We may also collect other personal information about you that you voluntarily provide to us by submitting the application or in the course of your recruitment process. You can provide us with other personal data if you wish, but this is not required for the recruitment process.

3. Purpose and legal basis of data processing

We process your personal data for purposes related to the recruitment process in order to select committed and experienced individuals most suitable for a particular position, process applications, inform you about the status of the recruitment process, verify the provided data and carry out reference checks, conduct background checks and job interviews and if necessary, make an offer to conclude an employment contract.

The legal basis for the processing of personal data is the need to take steps at the request of the prospective employee to enter into negotiations with us for the purpose of establishing an employment relationship, and our legitimate interest to hire the applicants best suited for the position at hand.

We may also process your personal data in cases of disputes, in which case the legal basis for the processing of your personal data is our legitimate interest to establish, exercise or defend legal claims.

We may also process your personal data to contact you in case of future job openings. In such a case, the legal basis for the processing of personal data is your consent.

4. Recipients of your personal data

We may disclose your personal data to other companies in Milrem Group https://milremrobotics.com/). Your personal data may also be processed on our behalf by other companies in the Milrem Group, e.g., training, insurance, pension and salary data may be processed in a central database. The processing is based on our legitimate interest in transferring personal data to other affiliated companies for administrative purposes, for example in connection with the use of central personnel databases and central IT support and management.

Only authorised employees of Milrem, such as management team members and human resources staff have access to your personal data. We put our best efforts to keep your data safe and always require the high level of security and confidentiality from our employees and partners.

We may also disclose your personal data to third parties:

  • if permitted or required by applicable law;
  • if our trusted service providers (such as recruitment, IT and suitability testing service providers) provide services to us or on our behalf in accordance with our instructions. In these cases, we will control and remain responsible for the use of your personal data at all times;
  • statistical browsing data may be accessible to our partners, who provide us with tools for analytics;
  • in connection with our merger, takeover or sale of all or part of our business; and
  • if we, in good faith, believe that disclosure of relevant data is necessary to protect your rights, to protect your or others’ safety, for investigations, legal disputes, or to respond to authorities’ inquiries.

As a rule, we do not transfer personal data outside of the European Economic Area. If we do so, we take all measures to ensure that transfers outside the European Economic Area are adequately protected as required by applicable law. With respect to transfers to countries not providing an adequate level of data protection, Milrem bases the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to receive more information about data transfers and the safeguards that we apply to them, please contact us at the contact details provided above in section 1.

5. Retention of personal data

We process and retain your personal data as long as necessary to achieve the purposes described in this Privacy Policy, and to comply with legal requirements applicable to us.

Most of your personal data will be retained until the recruitment process is completed. Certain personal data may be retained after the completion of recruitment process, if required or permitted by applicable law.

In some cases, personal data may be retained for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute.

If you are not selected, but you wish us to retain your information for future job openings, we will retain your data based on your consent for the period specified in the consent form.

If you are selected and conclude an employment contract with us, we will retain the selection data in the manner and for the period applicable to the processing of Milrem’s employees’ data. The Privacy Notice will be presented to you at the time of conclusion of the employment contract.

We will delete or anonymise your personal data when processing is no longer necessary for intended purposes.

6. Your rights

Subject to the restrictions and conditions set out in law, you have the following rights as a data subject:

  • to request access to your personal data. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Policy and may also be required by law. Thus, you may not remove such personal data;
  • to request rectification of your personal data;
  • to request erasure of your personal data. If personal data is erased under your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us;
  • to withdraw consent regarding processing of personal data. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out on the basis of consent before withdrawal;
  • to data portability (insofar as it does not infringe our legitimate interests to protect our trade secrets or any other confidential information);

In some cases you may have a right to request restriction of processing of your personal data or to object to processing of your personal data.

If you think there is a problem with the way we are handling your personal data, you have a right to lodge a complaint to your national data protection authority in the European Union/European Economic Area, or seek judicial remedy. In Estonia, the competent supervisory authority is the Estonian Data Protection Inspectorate. You can find contact details of the Estonian Data Protection Inspectorate here: www.aki.ee. However, we encourage you to first contact us with any concerns that you may have, although you have no obligation to do so.

7. Security measures

We use reasonable security measures (including physical, electronic and administrative) to protect your personal data from loss, destruction, misuse and unauthorised access or disclosure. For example, we only grant access to your personal data to authorised employees and contractors who need it to perform their duties.

Please note that while we take reasonable steps to protect the security of your personal information, no system completely eliminates all potential security risks.

8. Updates

From time to time, we may update this Privacy Policy in order to adapt it to any updates that might arise. In such a case, we will notify you via the e-mail that you have provided us when submitting the job application. This Privacy Policy was last updated as of the “Last updated” date shown above.

9. Our contacts

If you have any questions regarding this Privacy Policy or the personal data we process about you, please contact us at the contact details provided above in section 1.