CANDIDATE PRIVACY NOTICE
Latest update: 28 November 2025
Welcome to Patria Plc and Adecco Finland!
Patria Plc and Adecco Finland will be joint controllers (GDPR Art. 26) for the following sections of processing;
- Adecco Finland is competent for the processing stages of (i) publishing open roles for Patria Group, (ii) receiving applications, (iii) initial screening and shortlisting, and (iv) candidate communications and interview scheduling. The processing concerns identification and contact details; CV/resume and application content; education, work history, skills and language information; interview notes; and hiring decision records strictly necessary for these stages.
- Patria Plc is competent for (i) defining role requirements and selection criteria, (ii) participating in screening and interviews, (iii) taking selection decisions, and (iv) issuing offers or rejections. The processing concerns identification and contact details; CV/resume and application content; interview notes and assessments; and hiring decision records strictly necessary for these stages.
For processing outside these sections, each party acts as an independent controller for its own purposes and means. For further information regarding Patria’s processing, please visit Privacy Notices and Request for Inspection | Patria.
This Privacy Notice (“Privacy Notice”) describes what personal information we collect from you, how we collect, use and process it, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. We know it is long, but please read this Privacy Notice carefully.
There is an index below so you can go straight to the relevant sections if you prefer.
INDEX
- Some terms to be clear about
- What personal information does the Company collect and use?
- Why do we process your personal information and how long do we keep it for?
- How do we collect your personal information?
- Do you have to give us the personal information we ask for?
- Do we use artificial intelligence?
- Do we transfer your personal information to third parties?
- Do we transfer your personal information outside your country?
- What are your rights regarding your personal information?
- What about data security when using our systems?
- How do we handle changes to this Privacy Notice?
- Contact
- Some terms to be clear about
In this Privacy Notice, you will be referred to as ‘the Candidate’
or ‘You’.
When we talk about ‘us’, “we” or the ‘Company/Companies’, we mean Patria Plc and/or Adecco Finland.
Patria Group has their registered office at Arkadiankatu 2, 00100 Helsinki, Finland. Patria Plc is a modern and international defence and technology company with over 100 years of experience.
Adecco Finland has our registered office at Vernissakatu 1, 01300 VANTAA, Finland. The Company is part of the Adecco Group AG (Adecco Group), with its headquarters at Bellerivestrasse 30, 8008 Zurich, Switzerland. It is the largest HR services provider in the world. Through its various companies and business lines, the Adecco Group provides several HR (Human Resources) activities.
To carry out our Activities the Companies uses several IT systems. In connection with applications, we provide a Self-Service Portal (‘Portal’) for our candidates and personnel. The Portal allows you to search and apply for jobs that Adecco advertise on behalf of Patria which match’s your interests, skills and/or experience, in the locations where you have expressed an interest in working.
This Privacy Notice is about how we process your information as an individual. This type of information is sometimes called ‘personal data/ information’, ‘personally identifiable information’ or ‘PII’. We use the term ‘personal information’ or ‘data’ in this Privacy Notice.
- What personal information do we collect and use?
We collect and use personal information to provide the best possible employment opportunities tailored to you. We have grouped these as follows:
- Identity Data means your name, username, title, place of birth and documents evidencing your identity.
- Contact Data means your address, email address and telephone number.
- Qualifications and Working Experience Data means any information on your CV, resume or cover letter, including the details of your education, training courses, internships, documents evidencing your right to work, photos and videos as part of the application process, and any relevant information for your application.
- Social Media Data means your profile data on social media such as LinkedIn and other information you make public on or otherwise share with us from social media.
- Technical Data means internet protocol (IP) addresses from which you access the Portal and our products and services, cookies, your login data (such as the time, date and duration), the browser type and version you use, time zone settings of your device and your device location, the browser plug-in types and versions you use, the operating system and platform type of the device you use, and other technology on the devices you use to access the Portal, our apps, websites, products and services.
- Phone Call Data includes the number you used to call us, the time, date and duration of that contact.
- Profile Data means your username and password, your interests, preferences, feedback and survey responses.
- Marketing Communications Data means information about how you respond to email, SMS, phone calls and other marketing campaigns, if applicable.
- Visitor Information means information we may collect when you access our buildings, such as your name, contact details, other identifying information for security purposes, including CCTV images and door-entry systems logs.
- Sensitive Data means, as applicable, details of any disabilities and any accommodations necessary to make for you in the workplace, data about alleged or proven criminal offences, in each case where required or permitted by, and in compliance with, applicable law.
- Conversational Data means the recording and transcription of the conversation (speech to text) and any summaries.
- Screening Data refers to checks conducted to verify sanctions lists provided by governmental institutions, such as the European Commission, to ensure that you are not subject to sanctions. In this context, we may also process your Identity Data, such as your name, surname, and date of birth. The information obtained during a screening check is used solely to fulfil our compliance obligations.
- Background Data means background checks with your professional contacts (e.g., former employers) to verify the accuracy of the experience listed on your resume and to check the various skills highlighted. The information requested during a reference check relates solely to professional skills.
Depending on the relevant circumstances and applicable local laws and requirements, we may collect some of the information listed above to enable Patria Plc to offer you employment opportunities which are tailored to your circumstances and your interests.
- Why do we process your personal information and how long do we keep it for?
Purposes of the processing
Type of data
Legal basis to process your personal information
Retention period
To provide you with our services by assessing and selecting or rejecting your job application, including, for example, arranging and conducting interviews.
To provide you with our services by evaluating the results thereof and as otherwise required in the recruitment processes, including the final recruitment.
This includes sending your CV to Patria Group for their consideration.
a) Identity Data
b) Contact Data
c) Qualifications and Working Experience Data
d) Social Media Data
g) Profile Data
Performance of a contract or taking steps prior to entering into a contract
Up to 2 years from your last activity (last job application, interview, phone call or assessment) in the Portal.
To make any adjustments that you may need in the workplace.
a) Identity Data
i) Sensitive Data
- Performance of a contract.
- Compliance with legal obligations
Up to 2 years from your last activity (last job application, interview, phone call or assessment) in the Portal.
To troubleshoot technical call problems on our networks.
a) Identity Data
b) Contact Data
e) Technical Data
f) Phone Call Data
Legitimate interests to deal with technical issues affecting our business
Up to 2 years after the issue has been fixed.
To perform studies, statistical and analytical research, and to further develop, test and improve our website/Portal, or other existing or new systems/processes to better serve you.
e) Technical Data
g) Profile Data
h) Marketing Communications Data
Legitimate interests to improve and develop our business and improve our systems
Up to 2 years from your last activity (last job application, interview, phone call or assessment) in the Portal.
To transfer data to third parties
Any category of data listed above, as necessary
- Legitimate interests to provide services
- Performance of a contract
- Consent
Up to 2 years from your last activity (last job application, interview, phone call or assessment) in the Portal and any additional period required under applicable local legal obligations.
To comply with our legal obligations, Group Policies and procedures, and investigate or respond to incidents and complaints.
Any category of data listed above, as necessary
Compliance with legal obligations such as labour law or providing information to a public body or law enforcement agency.
Up to 2 years from your last activity (last job application, interview, phone call or assessment) in the Portal and any additional period required under applicable local legal obligations.
To ensure security.
a) Identity Data
e) Technical Data
i) Sensitive Data
Legitimate interests to ensure that our business and the people who work in it are kept secure and safe
Period required under applicable legal obligations (up to 1 year).
To transcribe the oral conversation between a recruiter and the Candidate and generate a summary.
k) Conversational Data
- Legitimate interests to provide improved services
- Performance of a contract
- Consent
Up to 2 years from the conversation
- How do we collect your personal information?
The personal information we collect about you comes from the application forms, the transcribed conversations we have with you, or other materials you submit to us, and your interactions with us and others as part of your application.
We will also collect personal information directly from third parties, such as reference checks from former employers, or indirectly from publicly available sources such as LinkedIn and X (Twitter) in accordance with applicable law.
- Do you have to give us the personal information we ask for?
You are not obliged to provide your personal information to us, but it would not be possible for us to work with you, or provide our services to you, if you do not provide us with the minimum required in order to assess your suitability for a position with Patria.
- Do we use artificial intelligence?
As part of our commitment to delivering innovative and efficient solutions, we utilize machine learning and deep learning artificial intelligence (AI) technologies, such as generative AI, in our relationship with Candidates. These technologies enable us to digitize, automate and enhance a wide range of processes associated with staff recruitment. We use AI Agents to write transcripts of interviews and generate a candidate presentation based on the interview.
Third party management
In most cases, we use AI solutions or Large Language Models such as Llama and GPT provided by third parties, such as Microsoft, Google or OpenAI. In order to ensure the security, confidentiality, and proper handling of information, we carefully assess such providers prior to their selection, verifying that they comply with applicable legal, ethical and security standards to protect your personal data. Likewise, we enter into specific contractual clauses regarding liability, aimed at protecting your personal data and data rights and ensuring compliance with current AI, data protection and consumer regulations.
Responsibility Commitment
Adecco Finland is committed to responsible use of innovative HR technologies. Read our Responsible AI Principles here. We do not use these technologies as a substitute for people or for human interaction at any stage of our processes. Our use of these technologies is intended to facilitate interactions with our candidates in a manner that is more convenient and efficient.
While we do use AI systems, all decisions that may affect you are made by our trained recruiters. If, in exceptional cases, we were to make such decisions based on a fully automated process (that is, without human involvement), we would only do so where permitted by law and after notifying you in advance.
- Do we transfer your personal information to third parties?
To facilitate our efficient use of your information and to provide you with the content, resources and services, we disclose your information to third parties. We do this in the following circumstances:
- To our suppliers. We will, for example, engage suppliers to carry out administrative and operational work, IT suppliers to host or support our IT systems, IT technology services and solutions that provide video interview and skills assessment tools, premises management companies to look after physical security at our buildings, and back-office finance and accounting management providers in order to process accounts payable and receivable.
The suppliers will be subject to contractual and other legal obligations to preserve the confidentiality of your data and to respect your privacy and will only have access to the data they need to perform their functions.
- To Patria. We will share your data with Patria who are offering jobs you may be interested in. If the agreement between Patria and Adecco is terminated prior to the expiration of the aforementioned retention periods, all data will be transferred to Patria for further processing.
- To government or law enforcement authorities. We will share your data with government, police, regulators or law enforcement authorities if, at our sole discretion, we consider that we are legally obliged or authorised to do so, or if it would be prudent to do so.
- Do we transfer your personal information outside your country?
If we share personal information outside your country, we ensure that we conduct a transfer risk assessment and put in place appropriate safeguards (such as signing the EU Standard Contractual Clauses or the UK International Data Transfer Agreement) and/or An Adequacy Decision from the European Commission to ensure a high level of data protection in the country to which we transfer your personal information.
- What are your rights regarding your personal information?
Under applicable data protection laws, you have the following rights:
- Right to access your personal information
You are entitled to request confirmation of whether we process any of your personal information. Where this is the case, you have the right to access your personal information. In some cases, you can ask us to provide you with an electronic copy of your information.
- Right to data portability
In some circumstances, you have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to a third party.
- Right to correct your personal information
If you can demonstrate that personal information, we hold about you is not correct, you can request that this information is updated or otherwise corrected. We would encourage you to access the self-service Portal where possible and update your personal information directly.
- Right to be forgotten or to delete personal information
In certain circumstances, you have the right to request that your personal information is deleted. This right is subject to any legal rights or obligations where we need to retain data. For situations where, in accordance with the law, we determine that your request to have your personal information deleted must be granted, we will do so without undue delay. Please bear in mind that once your data is deleted, we might no longer be able to serve you. If you want to register with us again, you will need to re-enter your data.
- Right to restrict or object to the processing of your personal information
In certain circumstances, you have the right to obtain restriction of the processing of your personal information, or to object to certain processing thereof on grounds relating to your situation.
- Right to withdraw consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to exercise any of your rights, please use the functionalities made available for this in the self-service portal or send an email to privacy@adecco.fi as the primary contact for candidates and the lead for coordinating responses to data subject requests for the joint processing sections.
Finally, you also have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your personal information has arisen. However, we encourage you to contact us first so that we can address your concerns directly and seek to resolve any issues you may have.
- How do we handle changes to this Privacy Notice?
The terms of this Privacy Notice may change from time to time to reflect changes in our practices, legal requirements or for other operational reasons. If the changes are significant, we will provide appropriate notices either on our Portal and/or website or by contacting you using other communication channels.
- Contact
If you have any questions or concerns regarding this Privacy Notice, or you want to contact The Adecco Group’s Data Protection Officer (DPO) or the local Privacy Lead, please email The Adecco Group’s DPO at globalprivacy@adeccogroup.com or the local Privacy Lead at privacy@adecco.fi
To exercise any of your rights related to your personal information, please use the functionalities made available for this in the self-service portal or send an email to privacy@adecco.fi as the primary contact for candidates and the lead for coordinating responses to data subject requests for the joint processing sections.
As we work together with Patria Plc as joint controllers under Article 26 of the GDPR this means that we jointly determine the purposes and essential means of processing personal data during the early recruitment stages, such as job advertising, application management and candidate pre-screening.
You may exercise your data protection rights with either Adecco Finland at privacy@adecco.fi or Patria Plc at security@patriagroup.com. The essence of our joint controller arrangement, including how responsibilities are allocated between the parties, is available upon request.
We both remain responsible for ensuring compliance with applicable data protection law, including the GDPR and relevant national laws.
