Who we are
Governance
Funding
Martti Ahtisaari
Our people
Careers
What we do
Our impact
Regions
Themes
AsiaAfghanistanMyanmarRegional
Middle East
and North AfricaMaghreb-SahelPalestineYemen
EurasiaUkraineSouth CaucasusMoldova
Sub-Saharan AfricaAfrican UnionSahelRed SeaHorn of AfricaGreat LakesSudan
Women in Peacemaking
Youth in Peacemaking
Digital Peacemaking
Policy & Multilateralism
Ahtisaari Days
Donate info
Company
Private
Help Us Keep The Night Silent
Martti Ahtisaari
Nobel Peace Prize
Biography
CV
Career milestones
In Memoriam
Press Photos
About us
Who we are
CMI 25: Rebooting Peace
Governance
Funding
Our people
Vacancies
Martti Ahtisaari
Regions
Asia
Afghanistan MyanmarRegional
Middle East and North Africa
Maghreb-SahelPalestineYemen
Eurasia
South CaucasusUkraineMoldova
Sub-Saharan Africa
African UnionSahelRed SeaHorn of AfricaGreat LakesSudan
Themes
Women in Peacemaking
Youth in Peacemaking
Digital Peacemaking
Artificial Intelligence
Policy & Multilateralism
Ahtisaari Days
Our work
What we do
Regions
Themes
Our impact
Contact
Leadership Team
Asia
Eurasia
Middle East and North Africa
Sub-Saharan Africa
Women in Peacemaking
Youth in Peacemaking
Digital Peacemaking
Strategy Unit
Finance and Administration
Communications and Fundraising
Contact
Contact
CMI's board
Media
Billing & Procurements
Donate
Donate as a Private Person
Donate as a Company
Help Us Keep The Night Silent

Data protection notice – HR

1. Controller and contact information

Controller: CMI – Martti Ahtisaari Peace Foundation (“Foundation”) Address: Eteläranta 12, 00130 HELSINKI, Finland Phone: +358 75 755 1800 E-mail: cmi.helsinki@cmi.fi Contact person for data register issues: Maria Lätti (HR Manager) and Johannes Laaksonen (Security Advisor)

2. Basis and purpose of the processing of personal data

The purpose of the data register is the real-time management of personal data and employment data of the Foundation’s potential, current and previous employees or consultants in recruitment situations, and during and after the contractual relationship. The basis of the processing of personal data is the agreement between the person and the Foundation, and its fulfilment, and the legitimate interest based on the (potential) contractual relationship between the person and the Foundation.

3. Personal data to be processed

The personal data to be processed in the register include the personal data and contact information, and other required data related to the contractual relationship of the Foundation’s potential, current and previous employees or consultants. This data includes, for example, information related to a person’s background and employment history, agreement data, salary data, holiday and absence data, information on tools assigned to the use of the person, any development needs and points of interest related to the work, and any documents related to the termination of the contractual relationship. Sensitive data, such as health information, is only processed within the scope of specific processing situations determined by the law.

4. Regular sources of information

Personal data is collected primarily from the data subject their self, and also obtained from supervisors, persons providing references, HR and payroll administration, and training organizers.

5. Data security and protection of personal data

Personal data is stored locked facilities or in data systems which information security is constantly monitored and developed. The processing of data is restricted only to the persons needing such data. Those persons process data under a confidentiality obligation. 2 (4)

6. Regular disclosure and transfer of personal data

Personal data is disclosed to any third parties only under carefully determined situations in order to fulfil the requirements of the relationship. The Foundation can outsource the processing of personal data to service providers.

7. Transfer of personal data outside the European Union or the European Economic Area

Transfer of personal data outside the EU/EEA is always based on valid legislation on the processing of personal data and implemented in accordance with such legislation. Transfer of personal data outside the EU may be necessary in order to organize the Foundation’s operations or to enable the activities of the service providers.

8. Retention period of personal data

Personal data related to recruitment is stored for a period of two years after submitting of an application or finalising a recruitment. Personal data related to contractual relations is stored during the contractual relationship for as long as it is necessary in order to fulfil the determined purpose of use of the data, and after this, in so far as the Foundation is required to retain the data for compliance with any legal obligations.

9. Rights of the data subject

A person included in a data register has the right, for example:

  •  to access the data concerning them and the right to inspect the data concerning them that has been stored in the data register
    • The controller can, on its own initiative or at the data subject’s request, supplement, rectify or delete any incomplete, inaccurate or outdated personal data.
    • A data subject can also submit a request to the Foundation to inspect or rectify data.
  • to demand the deletion of their personal data or the right to restrict the processing of their personal data in accordance with valid data protection legislation
    • The data subject must submit a request to the Foundation on the implementation of the rights mentioned above. The Foundation can request the data subject to specify their request in writing and to verify their identity prior to processing of the request.
    • The Foundation can deny the implementation of a request on the basis of the provisions set forth in applicable legislation.
  • to submit a complaint to the supervisory authority on issues related to the processing of their personal data.

10. Amendments to this data protection notice

This data protection notice can be updated, for example, in cases of any amendments of the law. This data protection notice was last updated on 16 May 2024.