Oy Medfiles Ltd
Volttikatu 5, 70700 Kuopio
Persons responsible for the filing system
Purpose and grounds for processing personal data
The purpose of the filing system is to receive, handle and store job applicants’ job applications addressed to Oy Medfiles Ltd. The applications can be open applications or applications for a specific open position.
Grounds for processing is a legitimate interest (there is a relevant and appropriate relationship between the data subject and the controller).
The storage period is based on the expiration of the period for claims in the Non-discrimination Act 30.12.2014/1325.
Personal data source
Data content of the filing system
Data in the job application and its appendices sent by the data subject
Data subject group
Personal data storage information
Storage period (years): 2
Beginning of the storage period: Receipt of the data
Specification to personal data storage information
The applications are erased at the end of the calendar year following the application receipt. The storage period is thus 1–2 years depending on the application receipt date.
Format and location of the data Format
Location: M-files system
Access to personal data
Laboratory Director, R&D and Analytical Services
Director, Clinical Research and Safety
Director, Regulatory Affairs, Regulatory Affairs services
Sales and Marketing Assistant
Responsible person mentioned in the recruitment advertisement
Disclosure / transfer of data
Data is not disclosed outside the company
Practices on assessment and maintenance
Applications with an expired storage period are erased from the filing system at the end of the calendar year.
Technical means of protection / data security
Data subject rights
- right to obtain access to personal data
- right to rectify data
- right to erase data
- right to restrict processing
- right to data portability
The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this data protection regulation.