PRIVACY POLICY

Last updated in October 2024

ManpowerGroup Oy, with the registered office in Mannerheimintie 4, 00100 Helsinki, is a Data Controller who determines which personal data must be collected from the Data Subjects and the purposes and means of collecting personal data. Additionally, personal data may be processed or jointly controlled by affiliates of the Data Controller, ManpowerGroup Solutions Oy and Manpower Inclusive Oy (also jointly referred to as “(“ManpowerGroup” or “we”).

Scope of Applicability

This Privacy Notice applieswhen ManpowerGroup processes personal data of following data subject categories: 
Users of the webpages: https://www.manpowergroup.fi/ https://www.manpower.fi/ https://www.experis.fi/   https://www.mpgtalentsolutions.com/fi.

  • Representatives of potential and existing business partners, clients, and vendors. 

  • Job candidates to whom we provide employment-related opportunities and services.

  • Individuals to whom we provide outplacement or career transition services.

This Privacy Notice does not apply: 

  • to our headquarters and country-based staff employees, who are individuals employed by ManpowerGroup and who work directly for ManpowerGroup and not directly with a ManpowerGroup client.

  • to our associates, who are people we source or place on assignment with one of our clients. 

1. What Do We Mean by ‘Personal Information’ or ‘Personal Data’?

The General Data Protection Regulation (hereinafter “Regulation”) defines personal data as follows:

Any information relating to an identified or identifiable natural person; ‘identifiable natural person’ means a natural person who can be identified, directly or indirectly, by reference to an identifier, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person..

When this Privacy Notice refers to Personal Data, it refers to the definition in the Regulation.

Special categories of personal data

The processing of special categories of personal data meansthe processing of personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

We only process special categories of Personal Data where this is necessary to comply with our legal obligations.

2. What Personal Information We Collect, On What Purpose and On What Legal Grounds?

​We may collect Personal Data about you in variety of ways, such as through our Siteshttps://www.manpowergroup.fi/ https://www.manpower.fi/ https://www.experis.fi/   https://www.mpgtalentsolutions.com/fi and social media channels; at our events; through phone; through job applications; in connection with recruitment processes or in connection with our interactions with clients and vendors, whereas categories of personal data collected depend on the nature of the relationship.

2.1. If you visit our Sites, following types of Personal Data may be collected:

  • Cookie data collected via any non-strictly necessary cookies, if you have provided your consent via the cookie banner on the platform.

  • Information you may provide to us through the "Contact Us" feature on our Sites or via email

Legal basis is consent. 

Purpose of data collection is to reply to your queries or provide you enhanced functionality and personalization on your visit to the Sites. Please find out more in our  Cookie Notice.

2.2. If you are a representative of potential or existing business partners, client or vendor, Personal Data collected may include:

  • contact information such as name, postal address, email address and telephone number, job title, company name or any other information which could be on your business card or on your social media profile.

  • Any other information you provide to us through the "Contact Us" feature on our Sites, in surveys or in other form of communication.

Legal basis for such data processing is legitimate interest of a data controller (Please find out more here link to legitimate interest section in this Privacy Notice) or since the processing is necessary for performance of a contract or to take steps at the request of a data subject prior to entering a contract.

Purpose of data collection is to introduce or deliver our services, respond to your queries or to provide information you have requested.

Based on your consent, we may use your personal data for example for customer references.

2.3 If you create an account by registering on our Site, Personal Data collected may include:

  • username and password.

  • information you upload to your account, for example your curriculum vitae which include your employment and education history, language proficiencies and other work-related skills.

  • information you provide about your referees you would like us to contact (the Controller assumes that the provided referee has given an authorization for such communication).

  • Any other information you may provide to us, such as in surveys or in any form of communication (for example via email or phone call).

Legal basis for such data processing is consent from you, for example, when you tick a box to give permission based on your understanding of the nature of the processing.

Purpose of data collection is to create, provide access and manage your candidate or Partner account, to be able to assist you in your job search, offer you employment-related opportunities and services if you are a candidate or contractual opportunities if you are a Partner and present you with potential job matches or assignments. You can edit your profile and adjust the optional information you have disclosed to us at any time.

2.4. If you apply for a position or are a recipient of a career service, following types of Personal Data may be collected:

  • Employment and education history.

  • Language proficiencies and other work-related skills.

  • Information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment.

  • Social Security number, national identifier, or other government-issued identification number.

  • Date of birth.

  • Citizenship and work authorization status.

  • Information provided by references.

  • Information you provide to us directly in any form (such as an interview or uploading the information to your profile).

Legal basis for such data processing is legal obligation, where we must Process the Data because it is required by law, contract or legitimate interest of a data controller for which we have analysed and concluded that our legitimate interest does not pose a high risk to the data subject. Please find out more  about legitimate interest in the next section, "The Use of Legitimate Interest".

Purpose of data collection is to assess your suitability for job opportunities, facilitate the recruitment process, contract preparation or fulfillment of controller’s legal obligation to process data.

3. The Use of Legitimate Interest

The Data Controller may process Personal Data for certain legitimate business purposes, which includes all the following:

  • to identify and prevent fraud.

  • to enhance security of our network and information systems.

  • for marketing purposes.

  • to enhance, modify, personalize, or otherwise improve our services.

  • for investigations and dispute resolution.

Whenever we process Personal Data for these purposes, we will ensure that we keep your rights in high regard and take account of these rights. You have the right to object to such processing, and if you wish to do so, please submit your request here.

4. How Do We Protect Your Personal Data?

We maintain technical and organisational measures designed to protect the Personal Data we collect against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.

Such measures are designed to provide an appropriate level of security taking account, on one hand, the technical state of the art and, on the other hand, the sensitivity of the personal data and the evaluation of potential risks. To provide the appropriate security and confidentiality of Personal Data, we apply to the following non-exhaustive list of measures:

  • Encryption of data at rest and in transit using industry standard encryption algorithms with appropriate key lengths.

  • Strong user authentication and role-based access controls.

  • Network monitoring solutions with events logging.

  • Hardened network infrastructure.

  • Measures for ensuring physical security of locations at which personal data are processed.

  • Business continuity and disaster recovery plans with periodic testing.

  • Incident management policy and processes.

  • Periodic vulnerability and penetration testing.

  • Certification/assurance of processes and products.

  • Periodic employee privacy and security training and awareness program.

  • Third party privacy and security assessments.

  • Robust data processing and confidentiality agreements.

  • Organizational measures for ensuring data minimization, purpose limitation, retention, data quality and accountability.

5. International Data Transfers

As we cooperate with natural and legal persons in many different jurisdictions, we may need to transfer your Personal Data to countries outside of the country in which the information was originally collected. Some of these countries may not have the same data protection laws as the country in which you initially provided the Personal Data. When such transfers take place, we will protect that data as described in this Privacy Notice. 

If you are in the European Economic Area, Switzerland, or the United Kingdom, we ensure transfers to countries not currently granted adequacy agreements take place only based on:

  1. Standard Contractual Clauses (SCCs) adopted by the European Commission, along with the mandatory adoption provisions required for the UK and Switzerland to the extent the processing involves UK or Swiss residents.

  2. A legally binding and enforceable instrumaent between public authorities or bodies.

  3. Binding corporate rules (BCR).

Where transfers rely on SCCs, transfers will only take place after a transfer impact assessment is conducted of:

  1. The legal practices of the recipient country relating to access to data;

  2. The technical and organizational measures adopted to protect the data; and

  3. The nature of the processing to ensure purpose limitation and data minimization.

Data Privacy Framework

ManpowerGroup (including ManpowerGroup Global Inc. and Right Management Inc.) complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. ManpowerGroup has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-US DPF. ManpowerGroup has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

ManpowerGroup is responsible for the processing of personal data it receives, under the EU-US DPF, the UK Extension to the EU-US DPF, and Swiss-US DPF and subsequently transfers to a third party acting as an agent on its behalf. ManpowerGroup complies with the EU-US DPF Principles and the Swiss-US DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over ManpowerGroup’s compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF. In certain situations, ManpowerGroup may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, ManpowerGroup commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

In the context of the employment relationship, in compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, ManpowerGroup commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF.

For complaints regarding EU-US DPF, the UK Extension to the EU-US DPF, and Swiss-US DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Subject to applicable law, you may obtain a copy of these safeguards by contacting us as indicated in the How to Contact Us section below.

6. Links to External Tools and Resources

We may provide links to external third-party websites operated by organizations not affiliated with ManpowerGroup. We do not disclose your personal information to organizations operating such linked third-party websites and we do not review or endorse, and are not responsible for, the privacy practices of these organizations. We encourage you to read the privacy policy of each website that you visit. This privacy notice applies solely to information collected by ManpowerGroup and its subsidiaries and affiliates through the services.

7. What Information Do We Disclose?

We do not disclose Personal Data that we collect about you, except as described in this Privacy Notice or in separate notices provided in connection with activities.

  • Your Personal Data will be shared internally with our team of recruiters, and where applicable, with our clients involved in the recruitment process.

  • We may also disclose a portion of your Personal Data with our subsidiaries and affiliated ManpowerGroup companies for administrative, legal or compliance purposes.

  • If youcreate an account by registering on our Site,apply for a position or are a recipient of a career service, we share your Personal Data with clients who have job opportunities available or interest in placing our job candidates.

  • With others with whom we work, such as job placement consultants and subcontractors, to find you a job.

In addition, we may disclose Personal Data about you on the following basis:

  • To law enforcement authorities or other government officials based on a lawful disclosure request.

  • If we are required to do so by law or legal process.

  • When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; and.

We will disclose a portion of your Personal Data with vendors who perform services on our behalf based on our instructions to make our services available to you. We ensure this data is minimized to what is necessary to perform the specific services instructed. We ensure vendor due diligence takes place to assess their privacy and security measures for protecting your data. We also ensure that data processing agreements are in place with vendors, with robust requirements stipulating the technical and organizational measure we require them to comply with when handling your personal data.

We do not authorise vendors to use or disclose the information, except as necessary to perform services on our behalf or comply with legal requirements. Your Personal Data will never be sold, rented, distributed, or made available to vendors for their own commercial purposes, including for their direct marketing purposes.

We also reserve the right to transfer Personal Data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).

8. How Long is Your Personal Data Processed?

We retain collected Personal Data in our systems in a way that enables data subjects to be identified for no longer than is necessary for the purpose for which the data were collected or for which data are additionally processed. We determine the specific period considering the following:

  • The need to retain collected Personal Data to provide the services requested by the data subject.

  • The need to protect the legitimate interests described under the objectives of the controller.

  • The existence of specific legal obligations that make the processing and retention of Personal Data necessary for specific periods.

To comply with applicable statutory retention laws, the data will be kept as follows:                                                                                                                                        

  • If you have created an account by registering on our Site, have applied for a position or a recipient of a career service, the data will be stored until the account owner deletes the information on the account or 2 years after the latest consent date.

  • If you visit our Sites, your data will be kept as long as stated in the Cookie Notice.

  • If you are a representative of a vendor, we will keep information for maximum 6 years after the end of the relationship of the legal entities.

  • If we are providing any type of services to your company, we will keep information for maximum 6 years after the end of the relationship of the legal entities.

Personal Data may be kept for longer than stated above only if it is required to meet our legal or regulatory responsibilities, for example, establishing, exercising, or defending legal claims or compliance cases.  

9. What Are Your Privacy Rights and Choices and How to Exercise Them?

When permitted by applicable law, a data subject can exercise under Articles 15 to 22 of the GDPR the following specific rights:

  • Right of access

    You have the right to know if we process personal data about you, and to receive a copy of the data we process about you.

  • Right to rectification 

    You have the right to request that we rectify inaccurate or incomplete data held about you to protect the accuracy of such information. 

  • Right to erasure

    In some cases, you have the right to ask us to delete personal data about you. For example, if it’s no longer necessary for ManpowerGroup to process the data for the purpose for which we collected it; if you withdraw your consent; if you have objected to the processing and there are no legitimate, overriding justifications for the processing; or if the processing relates to direct marketing and you object to the direct marketing.

  • Right to restriction of processing

    You have the right to request that the data controller restricts the processing of your data.

  • Right to data portability

    You can request a copy of the personal data relating to you that we process for the performance of a contract with you, or based on your consent, in a structured, commonly used, machine-readable format. This will allow you to use this data somewhere else, for example to transfer it to another recipient. If technically feasible, you also have the right to request that ManpowerGroup transfers the data directly to the other recipient. 

  • Right to object 

    You have the right, at any time, to object to processing of your personal data which is based on our legitimate interest, by referencing your personal circumstances. 

  • Right not to be subject of automated individual decision-making 

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you, unless it is necessary for entering into contract, is based on your explicit consent, or is authorized by law. 

  • Right to lodge a complaint with a supervisory authority 

    You have a right to lodge a complaint with a supervisory authority, in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes GDPR.

Whenever the processing is based on consent, as under art.7 of the GDPR, you may withdraw your consent at any time. 

If you require more information about the processing of your Personal Data, please refer to the How to Contact Us section below. You can exercise your data subject rights, by submitting your request here.

10. Privacy Rights Requests by Authorized Parties

You may designate an authorized representative to exercise your rights on your behalf. If an authorized representative submits a request on your behalf, they must also submit a document signed by you that authorizes your representative to submit the request on your behalf.

In addition, we may ask that both you, and your representative, follow the applicable process described above for identity verification.

11. Data Processing related to Minors

We respect the privacy of children. Our Sites and services are not typically designed for, or targeted to, children. If you are under the age of 13, you should not send any information about yourself or your contact details through our Sites.

If you are a parent or guardian, please contact us if you believe we may have collected information from your child, and we will review and take appropriate action.

12. ManpowerGroup’s Non-Discrimination Policy

Users of our Sites and services will not be subject to discriminatory treatment for exercising their privacy rights.

Please bear in mind that exercising some rights, like erasure, consent withdrawal or your right to object, may affect our ability to carry out and deliver some, or all, of the services you are eligible for.

13. Updates To Our Privacy Notice

This Privacy Notice (including any addenda) may be updated periodically to reflect changes in our privacy practices, to comply with applicable legal updates or to make the information clearer to you.

We encourage you to frequently check this page for any changes. You can always check the top of this page to see when this privacy policy was last updated. 

If we make changes that have a substantial impact on how we process your personal data, we will communicate this on our websites.

14. How To Contact Us

If you have any questions or comments about this Privacy Notice, or if you would like to exercise your data subject rights, please fill in this form.

Data Protection Officer Nordics
ManpowerGroup Oy
Mannerheimintie 4
00100 Helsinki

Change your cookie settings on this site