PRIVACY POLICY – HUMAN RESOURCES AND RECRUITMENT DATA


ABOUT THIS POLICY
At Hyperion Robotics Ltd (Company), we take data protection seriously.We process the personal data of our employees to meet our legal and contractual obligations as an employer. Personal data of job applicants is processed for recruitment purposes.Please note that this Privacy Policy only applies to the processing of personal data carried out by Company as a data controller and only in a human resources context.Occupational health care data is controlled by your occupational health care provider.This Privacy Policy may be updated from time to time. We will not make substantial changes without prior notice.

CONTACT DETAILS OF CONTROLLER

Name: Hyperion Robotics Ltd

Business ID: 3133430-2
Correspondence address: Karamalmintie 2, 02630 Espoo, Finland
Contact: hanna@hyperionrobotics.com
Website: https://www.hyperionrobotics.com/
contact@hyperionrobotics.com.

PERSONAL DATA COLLECTED
Job applicantsFor job applicants we may process the following information:

● full name
● address and contact details
● application and curriculum vitae
● educational and professional background
● work permit or visa information (where necessary for confirming applicant is eligible to work in Finland)
● qualifications and skills (for example language skills)
● results of any tests or evaluations carried out in connection with recruitment
● possible consent given by the applicant for storing the data for future recruitment
● possible non-disclosure agreement made in connection to recruitment process
● any other information provided by applicant during recruitment process and communication with usEmployeesFor employees we also process the following information:
● identification information, such as name and title, social security number and photograph
● information needed for salary payment, such as bank account and tax information
● information collected during recruitment stage (please see above)
● responsibilities, qualifications, assignments, and professional development
● start and (if applicable) end date of employment
● content of your employment contract
● content of any other employment-related contracts (e.g. non-disclosure agreements or agreements made in connection to the termination of employment)
● Copy of visa or work permit (foreign employees)
● information on stock options, shares, and related agreements
● information regarding tracking of working hours and absences
● incidental video recordings of identifiable employees working with specific customer cases for maintenance or system update purposes on the customer’s site
● incidental video and audio recordings of identifiable employees on Hyperion’s site as part of recording the operations of Hyperion’s systems
● incidental video recordings and pictures of non-identifiable employees on Hyperion’s site as part of Hyperion’s marketing efforts, i.e., social media, website etc. If individual employees are identifiable a separate consent will be required
● information concerning the employee’s state of health, family or trade union membership when necessary for us to fulfil our legal obligations (e.g. to coordinate sick leaves or parental leaves) and
● IT information, such as user credentials, emails, access information, device information and associated data.We only collect information that is either relevant for filling in the position in question or necessary for the rights and obligations of either party in the context of establishing or managing an employment relationship.

SOURCES OF PERSONAL DATA
Primarily we receive personal data directly from you.
During the employment relationship we may collect information about you generated through our data systems and from Company’s other employees such as your supervisor (e.g., relating to performance reviews) as well as feedback from Company’s customers and stakeholders.
When legally permitted or required, we may also acquire certain information from relevant authorities or public registers.
During a recruitment process we may, with your consent, contact a reference you have provided us with, such as your former employer. In this case we may get some information about you from such reference.Employee data is processed to meet our legal obligations as an employer, such as the arrangement of occupational health care, as well as to fulfil our contractual obligations based on your employment contract, such as salary payment.Applicant data is processed based on a pre-contractual relationship at your request and for our legitimate interests for us to assess the potential grounds for entering into an employment contract with you.We also store both applicant and employee data for a certain period based on our legitimate interests in case of litigation, claims or regulatory investigations.Note that Hyperion does not process employee data for any tracking purposes (i.e., location data) nor for automated decision-making purposes.

THE PURPOSE AND LEGITIMATE GROUNDS OF PROCESSING
Employee data is processed to meet our legal obligations as an employer, such as the arrangement of occupational health care, as well as to fulfil our contractual obligations based on your employment contract, such as salary payment.
Applicant data is processed based on a pre-contractual relationship at your request and for our legitimate interests for us to assess the potential grounds for entering into an employment contract with you.
We also store both applicant and employee data for a certain period based on our legitimate interests in case of litigation, claims or regulatory investigations.
Note that Hyperion does not process employee data for any tracking purposes (i.e., location data) nor for automated decision-making purposes.

STORAGE PERIOD
We store the data concerning employees for as long as it is necessary to meet the employer’s legal obligations or for other legitimate reasons, such as litigation or regulatory investigations. For example, we are required to provide you with a certificate of employment on request during 10 years of termination of the employment relationship.
Job applicant data is stored for recruiting purposes for the duration of the recruitment process, and after that for as long as required for legitimate reasons, such as regulatory investigation and litigation purposes. With your consent we may also store your information for future recruitment purposes for up to 12 months.

INTERNATIONAL DATA TRANSFERS
Employee and job applicant data is primarily stored within the European Economic Area.However, in certain cases we may transfer or access personal data outside the European Economic Area. In such cases we provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Data Privacy Framework.

PERSONAL DATA RECIPIENTS
We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:
For legal reasons
We may share personal data with third parties outside our organization if access to the personal data is reasonably necessary to: (i) meet taxation, any applicable law, regulation, and/or court order (ii) detect, prevent, or otherwise address crime and/or security issues.
To authorized service providers
We may share personal data to authorized service providers who perform services for us. Such service providers are for example our accounting and payroll service providers and data storage service providers. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
For other legitimate reasons
If Company is involved in a merger or acquisition, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all those concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.
With your explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have a right to withdraw such consent at any time.
Please note that some of the personal data recipients, such as occupational health care providers, may process personal data made available to them under the capacity of an independent data controller and not as data processor for the Company’s purposes. In these cases, we urge you to refer to the applicable privacy policies of such data controllers.

YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us and to request a copy of your personal data undergoing processing.
Right to withdraw consentIn case the processing is based on a consent granted by you, you may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that during the term of employment personal data is processed primarily due to legal obligations and therefore we may not be able to delete it.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.
Right to object
You may object to the processing of personal data on grounds relating to your particular situation if such data are processed for our legitimate interest. In case we do not have compelling legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to data portability
You have the right to receive some of the personal data you have provided us with in a structured and commonly used format.
How to use your rights
If you want to use your rights, please send us an e-mail to the address mentioned above.We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.
How to use your rights
If you want to use your rights, please send us an e-mail to the address mentioned above.We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

INFORMATION SECURITY
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality and integrity.
The personal data stored under this Privacy Policy shall only be processed on a need-to-know basis. The use of personal data is protected by appropriate user rights and passwords.

LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right to lodge a complaint with the local supervisory authority for data protection.
In Finland, the competent authority is the Data Protection Ombudsman (www.tietosuoja.fi).
This Privacy Policy was updated on 04.01.2024.

Back to home-page