This statement explains how we will use the personal data we collect from you during your employment with Intrum.
This privacy statement applies to you and your personal data because you are a employee of an entity in the Intrum group. Intrum is an international company, with many different establishments in different countries. For the purposes of this privacy statement, the Intrum entity where you have your employment agreement is responsible for the protection of your personal data (the data controller).
This statement explains how we will use the personal data we collect from you or from third parties during your employment with Intrum. Note that because this statement applies to the entire Intrum group, there may be minor local differences in which exact information is processed for each purpose. Please contact your local data protection lead to find out the exact details (see below).
1. Types of personal data
We process the following information:
- Personal contact details. Such as your name, address, email address, telephone number.
- Professional contact details. Such as your business address, professional email address and telephone number.
- Personal details. Such as gender, marital status, date of birth, nationality and national identification number.
- Contract data. Such as the contents of the employment agreement.
- Information regarding family members and dependents. Such as emergency contact information. Under the Act on Protection of Privacy in Working Life we will only process such data if it is directly necessary for your employment relationship which is connected with managing the rights and obligations of the parties to the relationship or with the benefits provided by us for you or arises from the special nature of the work concerned.
- Payment information. Such as your bank account number and expense reimbursement requests and payments.
- Details about your function. Such as role, department, establishment and responsibilities.
- Information relating to compensation, pension and other benefits. Such as your salary, bonus arrangement, company car and pension plan.
- Details regarding hours worked, vacation and (medical) leave. Such as your work schedule, eligible vacation time, vacation schedule, absence due to medical leave.
- Information related to education, training and career development. Such as your educational and professional background, any courses or trainings you may have followed or certifications you may have attained.
- Performance and reviews. Such as the contents of your performance reviews and numbers relating to your professional performance.
- Assets entrusted to you. Information about company assets you have been given to use, such as a company phone or laptop.
- Correspondence and communications data. Such as email correspondence, internet traffic data and IP address, but only under the strict preconditions and procedures described in the Act on the Protection of Privacy in Working Life.
- Digital access rights. Your rights to access different applications in the Intrum IT infrastructure.
- Security-related information. Such as the number of your access card, information regarding whether you are in the building and CCTV footage. All monitoring activities, which have been agreed on in the cooperation procedure, are carried out on a general level without tracking a single employee. In the event of legal proceedings, it may, in certain situations, be permitted to retrieve monitoring data regarding a certain employee.
We will process your sensitive personal data for reasons strictly relating to the proper performance of our duties as your employer and to the extent allowed or required by applicable law. We will process the following types of sensitive personal data:
- Data relating to your health.
- Trade union membership,
- Credit information
We will only process health data that has been collected from yourself, or elsewhere with your written consent, and the processing is necessary (i) in order to pay sick pay or other comparable health-related benefits or; (ii) to establish whether there is a justifiable reason for absence or if you expressly wish your working capacity to be assessed on the basis of information concerning your state of health; or (iii) if otherwise provided elsewhere in law
We will process sensitive data only if the conditions of Article 9 of the GDPR are met and under the Act on Protection of Privacy in Working life, if processing is directly necessary for the employee’s employment relationship which is connected with managing the rights and obligations of the parties to the relationship or with the benefits provided by us as the employer for you as the employee or which arises from the special nature of the work concerned.
Before entering the employment relationship we will also check your credit information with your consent.
Providing the information listed here is necessary in order for us to comply with our legal obligations as an employer and failure to provide the information listed here may, in come cases, prevent the employment relationship from continuing.
2. Purposes of the processing
Data Controller will process your data for the following purposes:
- HR administration. We maintain personnel records for all our employees. We also make strategic decisions about our HR policies by analyzing our HR records.
- Conduct HR management. We engage in day-to-day management of HR issues, such as ensuring proper staffing.
- Onboarding. We process your personal data when you first come work for us to ensure that you are properly trained and equipped for your role.
- Salary and pension payment and providing other benefits. We process your personal data in order to pay your salary, pension payments and other (performance-related) benefits.
- Taxes and social insurance. We are required to process certain personal data to comply with tax law and other obligations relating to social security and insurance.
- Insuring risks and liabilities. We insure many risks that may occur in our business, such as against any damages relating to accidents during work or travel insurance for employees who travel on behalf of Intrum. We may also provide a collective health insurance plan. Depending on the type of insurance, we may have to process your personal data to e.g. process a liability claim.
- Providing communication and information technology facilities. We provide you with IT equipment and services to perform your responsibilities for Intrum, such as e.g. a company cell phone and an email account. We need to process your personal data to make this possible.
- Communication/IT monitoring. We will monitor communications and network use in order to secure our IT environment and network infrastructure and to ensure that our employees use those facilities in a way that complies with applicable laws and internal policies. Such monitoring will only be carried out under the strict preconditions and procedures described in the Act on the Protection of Privacy in Working Life
- Performance management and learning management. In order to ensure that you continue to perform adequately, we perform performance reviews. In addition, we also try to foster growth in our employees by providing or suggesting courses.
- Creating a healthy and safe workspace. We want our employees to be healthy and safe. We may therefore process personal data of our employees to analyze how we can improve the quality of their work and reduce any potential unhealthy effects. We also employ security measures such as CCTV cameras, to ensure that our employees, visitors and property are safe.
- Recruitment. We process your information when you apply for a role within Intrum. We may also go through our employee records to determine whether we have people within our organization who are suitable to fill a job opening. Please review our recruitment privacy statement for more detailed information.
- Dispute resolution and investigation of wrongdoing. We may process personal data for the purposes of resolving disputes, complaints or legal procedures or if we have a suspicion of wrongdoing which we would like to further investigate.
- To comply with the law. We may have to process your personal data to comply with the law (e.g. the matching of your name with names on so-called designated party lists and to comply with anti money laundering law) or a judicial order.
3. Parties who may have access to your data
Data Controller may share your personal data with third parties in the following circumstances:
- We may share your personal data with other third parties acting on our behalf, such as a service provider. In such cases, these other third parties may only use your personal data for the purposes described above and only in accordance with our instructions;
- Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described above and only if the employee is bound by an obligation of confidentiality;
- We may disclose your personal data to other establishments within the Intrum Group for recruitment and reporting purposes but only to employees who are bound by an obligation of confidentiality.
- We may share your personal data if required to do so by law or court order, for example with our suppliers or clients, tax authorities, , social security agencies, enforcement agencies or other governmental agencies.
4. Location of your personal data
Your personal data will be accessed by staff within the European Economic Area while it is in our care. Your data may also be accessed in Switzerland, which has laws which safeguards a level of data protection similar to the European Union.
Intrum uses third-party service providers to store your data, which may be located outside of the European Economic Area, including the United States. These countries generally do not have laws which protect your personal data to the same extent as is the case in the European Union. For that reason, Intrum will ensure that there is a contract in place with that third party which safeguards the protection of your personal data. If you would like to obtain a copy of such a contract, please use the contact details below to get in touch with us. We may also rely on the Privacy Shield program, which is a program where US companies can commit to a higher level of privacy protection than is required by US law. Please use the contact information below if you’d like to know more.
5. Retention of personal data
We retain your personal data for a limited amount of time and will delete your personal data after it is no longer necessary for the purposes of the processing. In most cases, this means we will retain your data for the duration of your employment. Where possible, we will delete data during your employment as soon as it is no longer necessary. In any event, we will delete your personnel record no later than two years after termination of your employment. , unless we have to retain your data to comply with local statutory retention requirements such as fill the requirement to provide a work certificate for ten years after the termination of the employment relationship.
We may also process your personal data for a longer period after your employment has ended, if there is a pending legal dispute or if you have given us permission to keep your personal data on record for a longer period of time.
6. Legal basis for processing your data
In most cases, we process your personal data on the ground that the processing is necessary for purposes of legitimate interest pursued by us. Our legitimate interest in this case is to engage in HR processing for the purposes set out above. In many cases, we will also be required to process your personal data due to a legal obligation. We will also be required to process personal to perform our contractual obligations to you, such as in the case of salary payment. Finally, we may ask for your consent in limited cases. In such a case, you are always free to withdraw your consent.
Moreover, in some cases local legislation may require us to acquire your consent for processing of certain type of personal data of for conducting of certain processing activities. In these cases, processing of the personal data is based on Intrum and your legitimate interest, and only personal data relevant for fulfilling of such reasonable legitimate interest shall be collected.
7. Your rights under data protection law
You have certain rights under European Union data protection law.
Right of access
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
Your personal data will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
Right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
Right to erasure
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.
Right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
Right to data portability
In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.
Right to object
You have the right to object to processing which is based on our legitimate interests, which is the case here in most of the processing activities described in this privacy statement. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection. Note however, that we may not be able to provide certain services or benefits if we are unable to process the necessary personal data for that purpose.
Rights relating to automated decision-making
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. Intrum generally does not use automated decision-making or profiling in the employment context, but if you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.
Right to withdraw consent
In most cases, we do not base the processing of your personal data on your consent. However, it may happen that we ask for your consent in specific cases. Where we do this, you have the right to withdraw your consent to further use of your personal information.
Right to logde a complaint
If you consider that we do not follow the applicable data protection legislation, you are entitled to lodge a complaint with Data Protection Ombudsman. You can find further information about Data Protection Ombudsman and their complaints procedure in www.tietosuoja.fi
8. Contact details
If you would like to contact our Data Protection Officer in regard to the processing of your personal data, please send an e-mail to email@example.com.