Privacy Policy


Wilma Consulting Oy (later the “Company”)
VAT number FI21826178

Registrar contact person: Maija Talvinen,, +358 400 883 966

Name of the register

Wilma Consulting’s database for recruitments and personal assessments.

The purpose, reason and retaining of personal data

The purpose of handling personal data is to manage the recruiting and personal assessment client relationships, to manage the contractual relationship between the Company and its clients with regard to recruitment and personal assessment assignments, and maintenance, development, analysis and statistics. Recruitment involves public searches and executive searches.

Collecting personal data is based on the applicant’s consent (open or designated job applications) or a legitimate interest. The business of companies providing executive search, is based on searching for suitable candidates from the market and presenting them to the client, having an open position and willing to offer that position to candidates that match the criteria, but for one reason or another not willing to post the open position for public search. Executive search companies thus regard having a legitimate interest to handle personal data, based on the relevant and appropriate relationship between the candidates and the executive search companies.

The purpose of the personal data acquired in personal assessments, is to support the assessment of the candidate’s qualifications for the job and his/her development in the job.

In recruitment assignments, the candidate’s application and personal data are retained for 5 years from the application date or a renewal date by the applicant. The applicant has the option to leave his/her personal data retained for longer than 5 years, for future recruitment assignments. The applicant is always asked for a permission to do this.

Personal data acquired in personal assessment assignments are retained for 2 years.

Personal data collected for marketing purposes are retained for as long as necessary with regard to the purpose of usage. Personal data is deleted when they are identified as outdated or not reachable for marketing purposes.

The content of the register

In open and public recruitments, we primarily collect personal data from the person himself/herself, in conjunction with the usage of our services, or when the person voluntarily provides us with his/her CV.

In executive search assignments, the personal data acquired also includes personal data relevant to the position in question, collected from publicly or commercially available sources. Such sources include e.g. corporate public websites, press releases, appointment publications, the LinkedIn service and various company and industry data registers.

With the person’s specific consent, we can also collect personal data from recommenders.

The personal data collected in recruitment assignments are usually as follows:

  • Name and contact information, such as name, address, email address and phone number (for identification and communication)
  • Sex and date of birth (for statistics to develop the recruitment)
  • Personal data used for assessing the candidate’s aptitude (e.g. job experience, education, language skills and other proficiency)
  • Attachments (e.g. CV, job application, exhibit of work, picture), the URL to the LinkedIn profile
  • Data related to professional interests and employment expectations
  • Data constructed during the recruitment process, e.g. email communication, SMS messages and saved files
  • Data acquired in interviews and possible personal assessments
  • Possible notes and classifications made by the employer
  • Data related to the progress of the recruitment assignment, e.g. log files of communication and meetings

Additionally, the following instances may incur personal data collection:

  • recipient’s email address, if a link of the job posting is sent with a “Tell a friend” action
  • recipient’s email address and search parameters, if a user subscribes to automatic notifications of open positions with a “Search watch” action

The following personal data is collected in personal assessment assignments: the personal data form filled for the assignment, or CV, answers to the assessment questionnaire, and the summary reports prepared based on the questionnaire and/or interviews.

Users of the data in the register

The database for recruitments and personal assessments is used on the internet. We use the TalentAdore VRA recruitment system. The data is used by the Company consultants and third parties, when subcontracting parts of assignments.

Any filled forms, prepared reports, and additional information for the assignments, like attachments submitted by the registered person, are also provided to the client of the specific recruitment or assessment. We advise our clients and subcontractors to always handle any applicant personal data in a confidential manner, and to delete them when obsolete.

The personal assessment report is also provided to the assessed person himself/herself.

Any personal data is not handed over to third parties, nor used in any other assignments, without the specific permission of the data provider, unless required by law or regulatory requirements.

Detailed information of personal data recipients can be enquired from the registrars contact person, when needed.

Transferring personal data outside EU or EEA

No personal data is transferred outside of the EU or the EEA, nor to any international organisations. An exemption is, when either the decision-making body of the client organisation or an applicant in the recruitment process resides outside of the EU or the EEA. In this case, data security is ensured by using encrypted data communications.

Data protection principles

We handle all personal data in a manner that strives to ensure the appropriate security of the data, including unauthorised use and accidental loss, destruction, or damage.

All personal data are retained as confidential. Only people that have a position-based authority to handle personal data, have access to it. Each user has an individual username and password to the register.

The personal data is secured by means of firewalls, passwords, and other technical means. The personal data and any copies thereof reside in locked and secured premises and can be accessed only by pre-designated persons.

The Company primarily retains all personal data in electronic format. Data is printed out only when necessary, and any printouts are securely destroyed after usage. This privacy policy entitles the Company to outsource personal data handling to service providers and subcontractors, but the Company will make sure by means of adequate contractual obligations, the appropriate and lawful handling of the personal data. All personnel and subcontractors have specifically been advised not to unnecessarily include the personal identification number in any documents.

The clients are advised to obey the regulations and guidelines of the data privacy legislation.

Rights of the registered

The registered person has a lawful right to examine the data retained of him or her in the register. The request to examine the data (including the request to delete the data) must be provided in written and sent with an authorised signature to the registrar in the address mentioned above.

The registered person also has the right to require correction of any erroneous data. The request to correct must be provided in written.

The registered person has the right to refuse his or her personal data to be used for direct marketing, marketing surveys or opinion polls. This refusal can be provided to the registrar any time, to the address mentioned above, or by unsubscribing from a mailing list in a manner explained in the marketing message.

Automated profiling or decision making

No automated decision making is used in the service. The analytics tool (Google Analytics) is used to provide statistics and analysis of the usage of the web site and to develop the service.


The web service and the analytics tool use cookies. The usage of cookies may be restricted with browser settings. Preventing cookies may however result in inoperative services.

Protecting forms

The forms on the web site are protected against spam submissions by Google’s reCAPTCHA version 3 technology. Google’s Privacy Policy and Terms of Service apply.