Privacy notice - Job applicants

In our privacy notice below, you can find information about how we collect, process and use the data which you provide us when you apply for a job within Fortum. As for our employees, the Privacy notice is published in our internal channels.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the EU General Data Protection Regulation 2016 (GDPR), the data controller is Fortum Corporation and its subsidiaries (“Fortum”).  

How does Fortum process your personal data?

How does Fortum process your personal data?

We need to treat your personal data for many different purposes and in several ways. Common for all our personal data processing is that it is carried out with appropriate safeguards taken into account and in accordance with the fundamental principles in data protection legislation.

In this information, we have compiled the different data types, purposes and legal bases on which we rely for our data processing. In case of significant changes, we will inform you appropriately, see below at the end of the information text.

What kind of data does Fortum collect?

Fortum collects and process personal data in various categories, including :

  • Contact data - such as your address, phone number;
  • HR data - such as job applicant evaluation data, CV, job applicant background clearance;
  • Identifying data - such as name, national ID/social security number;
  • Medical and health data - such as health checks medical and health data, drug test results;
  • Behavioral data - such as log in details

Fortum collects data that is necessary for the relationship you have with us and the purposes for which the data are used. All our data processing of personal data has legal basis.

What sources are the personal data obtained from?

The personal data which we process about you comes from different sources:

  • We receive information from yourself, when you apply for a job, or when you send in your personal data to us.
  • We receive information, as part of our relationship with you as a job applicant, such as background clearance, health data or behavioral information.
  • Based on your consent, we may collect information from third parties, such as national security authorities, health service. 

What are the purposes for processing personal data?

We process personal data only for predefined purposes. The purposes for which we process personal data are:

  • Employee recruitment
    To be able to manage a professional recruitment process with our job applicants, we need your personal data. We review the personal data which you share with us, such as CV and references; and we assess and select applicants in the process. Furthermore, we collect health data, background clearance and references. From the recruitment until the termination of the employment, the records are stored in our HR protected systems and network drives, with restricted access only for authorized personnel.
  • Management of employee information  
    We need a contract with all our employees to fulfil our contractual obligations. Therefore, we  collect personal data to create and manage contracts with our job applicants. We also manage our employee information as part of our employer role. 


On what legal basis do we process your personal data?

We rely on several legal bases when processing your personal information:

  • Your specific and freely given consent. If we rely on your consent as the legal basis for processing your data, you may withdraw your consent at any time,
  • The processing is necessary to fulfill an agreement between us and you or necessary to conclude such an agreement,
  • The processing is necessary to fulfill a legal obligation that is owed to us (for example, we are required by law to store certain data for a certain period of time) and / or to determine, enforce or defend Fortum against legal claims or claims,
  • The processing is necessary for purposes pertaining to the legitimate interests of our or third parties, which consider the registrant's interests and fundamental rights and freedoms (ie, balance of interests). Our legitimate interest in such treatments is employee recruitment, e.g. planning, interviewing.


Does Fortum use your personal data in automated decision-making?

We do not make decisions about you through automated decision making in recruitment.

How long do we store the personal data?

Fortum seeks to limit the period for which the personal data are stored to a minimum. Thus, Fortum processes your personal data only to the extent and as long as is necessary to meet the purposes of the data processing.

The specific retention periods may be different depending on the categories of data. Fortum sets out and regularly re-evaluates data type specific retention periods for the personal data it holds. Once personal data is no longer necessary, Fortum will delete it or anonymise it as soon as possible.

Who process your personal data?

Principally, we do not sell, trade or license any personal data to third parties. Companies belonging to the Fortum group of companies may process personal data in accordance with existing privacy laws. Personal data may be disclosed to our authorized employees or affiliates to the extent necessary for the purpose of processing. The data will never be available to all employees but to a limited number of authorized persons.

We also use third parties as our data processors to help process personal data on our behalf. When a third party processes personal data on our behalf, we always ensure via contractual arrangements that the processing of personal data is always conducted safely and in accordance with privacy laws and data processing best practices.

List of categories of the third parties processing data (=data processors):

  • Recruitment and head hunting companies
  • Personnel assessment companies
  • Authorities responsible for security/background clearance
  • Debt collection service providers
  • Health service companies (health certificates, possible drug tests)

 In addition, personal data may be disclosed to authorities when we are required to do so by law, based on demands made by competent authorities in accordance with existing privacy laws.

Does Fortum transfer personal data to third countries?

Principally, Fortum does not transfer personal data outside the European Union or the European Economic Area (EEA). However, if personal data is transferred outside the EU or the EEA, Fortum uses appropriate safeguards in accordance with existing privacy legislation, such as the standard contractual clauses provided by the European Commission.

How does Fortum protect the personal data?

Fortum fulfils the necessary technical and organizational measures, which ensure and demonstrate that privacy laws are being followed in the processing of personal data.

These measures include the monitoring of access rights so that only the authorized persons have access to the personal data, using firewalls, pseudonymisation of data, detailed instructions and training for personnel on protection of personal data and careful consideration when selecting our service providers that are involved  in the processing of personal data on our behalf.

About cookies and your rights when it comes to personal data

Cookies used on web sites

When you use our services or visit our websites, Fortum can collect data about your devices through cookies and other tracking techniques.

Cookies are a small text file that we use to Identify and count the browsers and devices that visit our websites. This information may then be used by us or third parties for marketing purposes.

Our use of cookies differs depending on which of Fortum's websites you visit. You can get more information about which cookies we use on a particular website by reading the specific information about cookies on the current site.

Click here to read more about cookies and how to manage them on our site

What are your rights when it comes to your personal data?

You have as registered a number of rights by law:

  • Right of access - You have the right to access your personal data, which means that you have the right to confirm whether your personal data are processed and, if so, also receive a copy of the personal data that is processed by Fortum (so-called registry extracts) and further information about the processing carried out by Fortum.
  • Data Portability Right - You are entitled to data transfer, which means that you may, under certain circumstances, have the right to have the personal data transmitted to another controller.  
  • Right to rectification- You are entitled to receive incorrect information about you corrected or supplemented.
  • Right to erasure - You have the right to have your data erased, if
    - the data are no longer necessary for the purposes for which they are processed;
  • - you revoke your consent for some treatment and thereafter there is no legal basis for Fortum to process the data,
    - your data has been processed illegally, or
    - the processing of your data is not necessary to comply with applicable legal requirements in order to determine, enforce or defend legal claims and / or for archival, research or statistical purposes.
  • Right to revoke consent - If you have given special consent to certain treatment, you are always entitled to withdraw your consent.
  • Right to object to processing of personal data – When processing is carried out on the basis of the legitimate interests pursued by Fortum or by a third party, you have the right to object at any time to processing of personal data concerning you. Unless Fortum can demonstrate compelling legitimate grounds for the processing, Fortum shall no longer process the personal data.
  • Right to object to direct marketing - You are entitled to object to the processing of personal data pertaining to you for direct marketing at any time. Then we will no longer process personal data for such purposes.
  • Right to restriction - You are entitled to limit your data during the time we investigate and check your request.
  • Right not to be subject to automated decision - If we have made a decision about you based entirely on an automated process and the decision has legal consequences or otherwise significantly affects you, you may request that the decision be reviewed by us through renewed and individual assessment. This applies if we cannot prove that an automated decision is necessary to conclude or implement an agreement between you and us.
  • Right to complain to the supervisory authority - You are entitled to complain to the Data Inspection Authority or other competent regulatory authority if you believe that we treat your personal data in violation of applicable data protection legislation.

Changes to our notice and contact information

Changes to our privacy notice

Fortum reserves the right to amend this Privacy Notice. Possible amendments to the Privacy Notice will be notified about on our website.

Amendments may be necessary due to the development of our services or, for example, changes in the relevant laws.

Contact information

Questions and comments  regarding this privacy notice can be addressed to our dedicated privacy team by using the contact form or to the address below.
Send your questions with this form

Fortum Corporation
Keilalahdentie 2-4
02150 Espoo

Please, note that requests for exercising your rights regarding your personal data (such as accessing your personal data) will not be handled through email, but through request forms online or via customer services in our local markets. See links to our local web sites below.