Data controller

Momentous Oy, Business ID 2443137-4
Mannerheiminaukio 1 A, 3rd floor
FI-00100 Helsinki, Finland

Name of the register

Register that contains data on job applicants and the contact persons of client organisations

Momentous Oy (hereinafter Momentous) processes personal data in accordance with the relevant national and international provisions and the provisions and principles of the European Union’s General Data Protection Regulation. Momentous is part of Barona Group Oy.

This privacy statement describes how Momentous processes personal data in its operations.

The objectives of processing personal data

By collecting and processing personal data, Momentous enables effective matching of job applicants with client companies’ vacancies. For this purpose, Momentous collects data on suitable candidates and persons registered as job applicants, the collected data serving their appointment to vacancies at Momentous’s client companies.

Data subjects have the right to the protection of their personal data. Their personal data is processed only in accordance with legal processing criteria and in a transparent manner.

The purpose of the register

Personal data is processed to carry out executive search assignments given by Momentous’s client companies and to manage, maintain and develop client relationships; to develop the business activities and services of Momentous; and to carry out market research and candidate communication, candidate and client feedback surveys and the compilation of statistics.

We collect personal data only for the above-mentioned purposes. Personal data is collected principally for an ongoing recruitment assignment given by a client company. Personal data are used and stored in connection with other assignments only with the consent of the data subject.

What data do we process?

The data processed in the register include the following information necessary for the purpose of the register:

  • basic personal details, such as the candidate’s name, contact details (address, email address, telephone number), gender and date of birth
  • specific information related to the candidate necessary for evaluating his/her suitability for the vacancy, such as education, profession and specialist knowledge
  • information concerning personal assessments and suitability tests of the candidate
  • information related to the candidate’s previous or current employment, such as his/her employers, the start date and duration of employment and job descriptions
  • information concerning the candidate’s job search, such as job preferences, desired salary, preferred location of the job and possible commencement and termination information regarding the job
  • the name, title and contact details (address, email address, telephone number) of the contact persons of the client organisation
  • information on the client organisation required for the client relationship, such as order details, information on meetings, possible direct marketing permissions and prohibitions as well as other communication between the parties and possible recordings of telephone conversations and meetings
  • information related to the service, such as information on which client companies the controller has sent an overview of the candidate.

What are the sources of the data?

The personal data in the register is collected mainly from the data subjects themselves by telephone, by email, in meetings or in client events. Data can also be collected from applications and CVs submitted by the candidate or from the references provided by the candidate. Based on a legitimate interest, personal data can also be collected from information sources maintained by third parties, such as public data sources and registers maintained by companies or authorities. In these cases, data subjects will be informed of this within a reasonable time to guarantee their consent.

Personal data retention period

Data subjects’ personal data are retained for two (2) years from submitting the application or from the date of obtaining the subject’s permission to continue retaining the data. With the consent of the data subject, data may also be processed in connection with other possible recruitment assignments conducted for client companies. If necessary, data can be retained for a longer period than mentioned above to ensure or verify equality of treatment as necessary for compliance with a legal obligation. If a client company recruits a candidate, his/her data can be retained for a longer period of time.

The personal data of the client organisation and its contact persons are retained for as long as is necessary for the purpose of their collection. Personal data are erased when the data necessary for managing the client relationship or marketing measures have become obsolete.

Disclosure of data

In connection with an executive search process, candidates’ personal data stored in the register are disclosed to Momentous’s client organisations with the data subject’s consent. Data on candidates are always stored confidentially and the information provided by the candidates in their applications is never disclosed to parties outside of the executive search process.

In accordance with and as obligated by the legislation in force, personal data stored in the register can also be disclosed to authorities who have a legal right to obtain information from the register. Momentous does not disclose personal data stored in the register to other than the above-mentioned parties without the data subject’s separate consent.

Personal data is mainly stored on our service providers’ servers located in EU and EEA countries and protected in accordance with the general practices of the field. Momentous’s service providers that operate outside of the European Union or the European Economic Area adhere to Privacy Shield principles when transferring personal data from the EEA countries.

Protection of the register

Electronic data is collected into databases that are protected by firewalls, passwords, user authentication and other means of data security. Possible manual databases are located in locked and guarded premises and unnecessary manual data is disposed of in accordance with data security regulations and provisions on data storage. Only employees with the right to process the data as part of their duties and with a personal user ID and password to the system are entitled to use the system containing personal data.

Rights of the data subject

Data subjects have a legal right to

  • request access to their personal data from the controller
  • request the rectification, erasure or restriction of processing of their data
  • object, in certain cases, to the processing of their personal data
  • transmit, in certain cases, the data to another system and
  • cancel their consent at any time without this having any effect on the legality of the processing carried out before the consent was cancelled if it was based on the data subject’s consent.

If you want to request access to your data, rectification of incorrect information or erasure of your data, or you have any questions about your rights or this privacy statement, please contact us personally or in writing at

In addition, the data subjects have the right to make a complaint to the European Data Protection Supervisor (the data protection agency) if they consider that their legal rights have been violated.