This website uses cookies to ensure you get the best experience on our website.

Staria and selected partners use cookies and similar technologies to ensure you get the best experience on this website. If you consent to it, we will use cookies for analytics and marketing purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking "Manage cookies" at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor

These cookies are used to make advertising messages more relevant to you. In some cases, they also deliver additional functions on the site.

Vendors Youtube, Google
Staria career site

STARIA’S RECRUITMENT PERSONAL DATA PRIVACY POLICY

This privacy policy has been modified latest on: 15 December 2024

1 DATA CONTROLLER(S)

Staria Oyj, Business ID 0696081-1 (“Staria”)

Address: Mikonkatu 7, 00100 Helsinki

2 DATA PROTECTION OFFICER

Jani Jääskeläinen, CTO

Mobile: + 358 40 502 8790 | jani.jaaskelainen@staria.com

3 NAME AND PURPOSE OF REGISTER

3.1 This policy applies to persons who apply for employment or CEO or CEO’s deputy position at Staria. Each such person is defined in this policy as a “person”.

3.2 If the person declines to provide to Staria the personal data that is required for the purpose of recruitment, Staria might not be able to take the person into account in the recruitment process. Provision of personal data to Staria for the purpose of recruitment is voluntary.

4 PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING

4.1 The purposes of the processing and the legal basis for the processing of personal data are the following:

a) Recruitment process, and the review of qualifications for the purpose of the recruitment. Personal data is processed for these purposes based on the person’s consent.

b) Compliance with recruitment related legal obligations and the exercise of recruitment related legal rights. Personal data is processed for these purposes because of Staria’s legal obligations or rights.

c) Security, and monitoring the access to premises and systems. Personal data is processed for these purposes because of Staria’s legal obligations.

4.2 If consent is the legal basis for the processing of personal data

a) If the person’s consent is the legal basis for the processing and if the person withdraws the given consent, the withdrawal of the consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

5 CATEGORIES OF PERSONAL DATA

The following personal data can be processed by Staria:

(a) contact details and identifying information:

(i) first name(s) and last name(s);

(ii) preferred name;

(iii) personal title as defined by the person (Mr/Mrs/Miss/Ms);

(iv) address;

(v) telephone number; and

(vi) email address.

(b) career and identification information:

(i) curriculum vitae;

(ii) job applications;

(iii) education details;

(iv) employment certificates;

(v) expertise;

(vi) previous employers;

(vii) performance reviews by previous employer(s) or other referees, if the person consents that previous employer(s) or other referees may be contacted;

(viii) degree certificates, education diplomas and transcripts of studies;

(ix) security clearance information;

(x) data concerning equal opportunities or gender equality related matters;

(xi) recordings, transcripts and notes on job interviews; and

(xii) reports on suitability tests and evaluations.

(xiii) In addition to the categories of personal data already mentioned, for positions where the individual will have significant financial responsibility and will be handling money without supervision, Staria may also collect and process credit information to assess the reliability of the candidate. This is to ensure the security and integrity of our financial operations and is conducted in compliance with applicable laws and regulations regarding the use of such information for employment purposes, and with person’s consent.

6 SOURCES OF PERSONAL DATA

The source of personal data is the person.

Previous employer(s) or other referees, if the person consents that previous employer(s) or other referees may be contacted.

In some cases, existing employees can make recommendations about potential applicants. Such employees will add personal data about such potential applicants. In the cases where this is made, the potential applicant will be informed about the processing.

7 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data may be processed by Staria’s sub-processors who process the personal data on Staria’s behalf to provide services to Staria. The current processors are:

(i) Sympa UK Limited, a provider of Sympa HR -software;

(ii) Teamtailor AB, Sweden, 556936-6668, a provider of a recruitment platform; and

(iii) Microsoft, collaboration and communication services, such as Teams, Office 365 and Active Directory.

(iv) Clevry Oy, a provider of recruitment and assessment services

7.2 In addition, the processors might have sub-processors.

8 TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

8.1 Staria does not itself transfer the personal data to countries outside the European Economic Area (EEA) or the European Union (EU) (“Third Country”), without having the legal right to do so (such as the UK adequacy decision of the European Commission).

8.2 Staria’s sub-processors meant in Section 7 could transfer the personal data to Third Countries. The legal basis for the transfer of the personal data to Third Countries is the Binding Corporate Rules, the European Commission’s Standard Contractual Clauses for the transfer of personal data to processors established in third countries (“Standard Contractual Clauses”), the EU-U.S. Privacy Shield Framework, alternative data export mechanisms for the lawful transfer of personal data (as recognized under EU data protection laws) or another legal basis.

8.3 For example, please see Microsoft’s data protection addendum: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addend....

9 PERIOD FOR WHICH PERSONAL DATA WILL BE STORED

9.1 Personal data is processed for the time required and permitted under applicable legislation.

9.2 Staria retains personal data collected from applicants during the recruitment process for a period of 12 months following the conclusion of the process. This retention period is in accordance with Article 17(3)(e) of the General Data Protection Regulation (GDPR), which allows for the retention of personal data where necessary for the establishment, exercise, or defense of legal claims. With regard to hired persons, Staria retains the collected data in accordance with Staria’s employee privacy policy. In certain circumstances, a shorter or longer retention period may apply if required by applicable local laws. At the end of the applicable retention period, your personal data will be securely deleted.

10 METHODS HOW REGISTER IS SECURED

The personal data processed by Staria is secured by using the following methods and principles:

(a) locks at Staria’s premises;

(b) firewall, anti-malware and spam filtering systems of Staria’s communication networks and other software and hardware that protect the security of communication networks;

(c) restricted user rights to HR systems;

(d) restricted rights to process health data;

(e) health data is stored separately from other personal data;

(f) mandatorily required high quality passwords;

(g) personal user rights that can be traced in the systems;

(h) limited number of superusers;

(i) professional knowledge of Staria’s personnel;

(j) training of Staria’s personnel;

(k) the content of the register is in electronic form except for temporary special occasions; and

(l) Staria’s policies and guidelines relating to personal data matters.

11 RIGHT OF ACCESS

11.1 The person has the right to get information on which personal data on the person is being processed by Staria, or information that no such personal data is being processed.

11.2 Where such personal data is being processed by Staria, Staria shall provide the person with a copy of the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipients to whom the personal data is to be or has been disclosed;

(d) the period for which the personal data will be stored;

(e) the existence of the right to request from Staria rectification or erasure of personal data or restriction of processing of personal data concerning the person or to object to the processing of such personal data;

(f) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;

(g) communication of the personal data undergoing processing and of any available information as to its source; and

(h) the significance and envisaged consequences of such processing, at least in the case of measures which produce legal effects concerning the person or significantly affects this person and which are based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour.

11.3 For any further copies requested by the person, Staria may charge a reasonable fee based on administrative costs.

12 RIGHT TO DATA PORTABILITY

At the person’s request, if Staria processes the personal data based on the person’s consent or based on a contract with the person and if the processing is carried out by automated means:

(a) Staria shall provide the person with the personal data which he or she has provided to Staria, in a structured, commonly used and machine-readable format;

(b) On the person’s request and if technically feasible, Staria must transmit the personal data in the same format directly to another controller.

13 RECTIFICATION AND RIGHT TO LODGE COMPLAINT WITH SUPERVISORY AUTHORITY

13.1 Staria shall, at the person’s request, without undue delay correct, erase or supplement the personal data in case of erroneous, unnecessary, incomplete or obsolete personal data taking into account the purpose of the processing, including by way of supplementing a corrective statement.

13.2 If Staria does not take such action on the person’s request, Staria shall inform the person without delay and at the latest within one (1) month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. Please note that the person may bring the matter to be handled by the local supervisory authority.

13.3 The person has the right to lodge complaints to the local supervisory authority. The contact details of the Finnish supervisory authority are:

https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman

14 RIGHT TO OBJECT PROCESSING

The person has the right to object, on grounds relating to the person’s particular situation, to the processing of the person’s personal data which is based on either of the following legal basis for processing: (i) when the processing has been found necessary for the purposes of the legitimate interests of Staria or (ii) when the processing has been found necessary in order to protect the person’s vital interests. The person however does not have the right to object, if Staria demonstrates compelling legitimate grounds for the processing which override the person’s interests or fundamental rights and freedoms, or for the establishment, exercise or defence of legal claims.

15 RIGHT TO RESTRICTION OF PROCESSING

15.1 ‘Restriction of processing’ means the marking of the stored personal data with the aim of limiting its use in the future.

15.2 If the person requests, Staria must restrict the processing in the following situations:

(a) the accuracy of the personal data is contested by the person, for a period enabling Staria to verify the accuracy of the personal data;

(b) the processing is unlawful and the person opposes the erasure of the personal data and requests the restriction of its use instead;

(c) Staria no longer needs the personal data for the purposes of the processing, but it is required by the person for the establishment, exercise or defence of legal claims; or

(d) the person has objected to the processing, but verification whether the legitimate grounds of Staria override those of the person is still ongoing.

15.3 In the situations listed above, Staria can only process the personal data:

(a) with the person’s consent or for the establishment, exercise or defence of legal claims;

(b) for the protection of the rights of another natural or legal person;

(c) for reasons of important public interest of the European Union or of a European Union Member State; and

(d) to store the personal data.

16 RIGHT TO BE FORGOTTEN

16.1 The person has the right to have his/her personal data erased at his/her request if one of the following grounds applies:

(a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

(b) the person withdraws the consent on which the processing is based and where there is no other legal ground for the processing;

(c) the person objects to the processing in accordance with Section 14;

(d) the personal data has been processed unlawfully; or

(e) the personal data has to be erased for compliance with a legal obligation in the European Union law or in a European Union Member State law to which Staria is subject.

16.1.2 However, Staria does not have to erase the personal data to the extent Staria still needs to process the personal data:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by the European Union law or by a European Union Member State law to which Staria is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Staria,

(c) for reasons of public interest in the area of public health in accordance with legal requirements;

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with legal requirements; or

(e) for the establishment, exercise or defence of legal claims.

17 AUTOMATED DECISION-MAKING AND PROFILING

Automated decision-making or profiling is not used by Staria to process the persons’ personal data at the moment.

About Staria

Staria is a Finnish-founded financial services company and the leading NetSuite partner in the Nordics, providing international financial services to growth companies in over 40 countries. In our unique ONE STOP concept, a centralized team based in the Nordics coordinates the financial services for international clients through a network of partners located in over 40 countries. Other services include information system, HR, and payroll services, as well as NetSuite and SaaS product business. Currently, we have over 500 colleagues in seven countries - and the growth continues! 🚀

Already working at Staria?

Let’s recruit together and find your next colleague.