Recruitment Privacy Policy

Updated 27.9.2022

This Privacy Policy is in place to inform you about how we process your personal data when you apply for a volunteer position in our organization.

1. Who is the controller and how can I contact it?

The official controller of this data is Legal Design Summit Finland ry, 3017417-5, Espoo Finland (LDS).

This non-profit association “owns” and operates the Legal Design Summit.

If you want to contact us regarding privacy and data protection, please contact us via

2. Why do we process your personal data?

If you apply for a volunteer position in the organization (this means any position, we are all volunteers), we need to know you a little bit first. In order for us to do that we need to process your personal data. The purpose of this processing is to be able to recruit you to our team.

We use Google Forms as our tool. This tool will process only such personal data necessary for the purpose of the recruitment, such as your contact details and wishes regarding what you would like to do as a volunteer that we need to recruit you.

We do not disclose any personal data to third parties.

3. What data do we collect?

All data we collect in the recruitment process is provided by you. On a rare occasion that we would ask for references we will always ask your consent to contact them before we do so. As a rule of thumb we do not conduct any background checks – if there is an exception to this, we always ask for consent from you.

Information that we need is your basic information: name and contact details. We also need to know a little bit about you and what you would like to do. This process also includes open fields where you can decide yourself what you would like to tell us. We also might ask you to provide your LinkedIn profile and this is, of course, completely voluntary. If so, we will collect personal data from your LinkedIn profile as well.

We also ask you to tell us where you are based. The reason for this is for us to be able to plan how the team will work together in different locations but also to assess if there are any legal (such as privacy legal) factors that will trigger some requirements that we need to be aware of.

Any data collected is used solely for recruitment purposes, including statistical purposes, e.g. demographic analyses of applicants, unless otherwise explicitly stated. Such statistical data is processed in aggregated and non-identifiable form whenever possible.

4. Who has access to your personal data?

We may share your application with those team members that are involved in the recruitment process. We will always keep the number of people working on applications as small as possible so that only those who need to be involved will be involved.

5. How and based on what do we process your data in the volunteer recruitment process?

Your personal data is processed in a conventional and regular recruitment manner. This is necessary so we can facilitate the recruitment process, which is our legitimate interest. As mentioned, in some cases we may ask for your consent.

6. How long do we keep your personal data?

Your application will be automatically deleted after 24 months after submitting it unless otherwise requested by you.

Candidate data is kept for 24 months after registration date for the following purposes:

- To be able to match candidates with volunteer tasks.

- To be able to evaluate how we are doing.

- Discrimination: In cases where we need to be able to show that the employment procedure was non-discriminatory.

7. Transferring data outside of EEA/EU

Where Legal Design Summit is the data controller and uses data processors that are located outside of the EU/EEA, we do this only in cases where

- the transfer location and recipient is judged to be adequate under rules established under the GDPR, or

- The transfer takes place under the standard contractual clauses as defined by the EU Commission to regulate such transfers under the GDPR and necessary supplementary safeguards have been implemented.

8. Your rights and how to use them

As the data subject, you have the following rights:

- You have the right to obtain information on the processing of their personal data – in other words, ask what we are doing with your personal data. We hope this privacy policy answers most of the questions but if not, please ask us!

- You have the right of access to your personal data. Meaning that you have the right to ask us to provide you with a report that includes what personal data we are processing of you. Please note, however, that there are some exceptions to this rule: we can not, as an example, disclose your data that also reveals other people’s personal data.

- You have the right to ask for a rectification regarding your personal data: meaning that if something is not right in the personal data – in your application or we have got something wrong, you can always contact us and ask us to rectify the incorrect personal data.

- You have the right to the erasure of your data and to be forgotten: meaning that you can ask us anytime you want to delete your personal data. There are, again, some exceptions to this rule: sometimes we have a legal obligation or other legal basis to keep some personal data even if you ask us to delete everything.

You also have a right to restrict the processing of your data in certain situations, a right to data portability, and in some cases to object to the processing of their data as well as the right not to be subject to a decision based solely on automated processing.

If you want to use any of your rights, please do so by contacting and we will help you

You also have the right to file a complaint with the supervisory authority, the Data Protection Ombudsman of Finland: