Valid as of 25 May 2018

Personal Data Protection Notice

In accordance with the General Data Protection Regulation of the European Union, the following notice provides an overview of the principles of personal data processing in Manpower OÜ (hereafter referred to as the Controller).


The Controller is Manpower OÜ, whose registered office is in Estonia.

Collected personal data are processed by the Controller. Furthermore, personal data may be processed or jointly processed by the Controller and its affiliates.

This notice is intended for (1) candidates for jobs and users of our career services, (2) employees we hire or send to a client’s premises to perform a task and individuals we provide with services related to finding a new job or changing jobs after the termination of their employment relationship, (3) users of the websites and apps (hereafter referred to as the Site) listed here and (4) our business partners, clients and suppliers’ representatives. The notice does not concern our main office and local statutory staff who are employees of and work directly for ManpowerGroup, not its clients.

The notice shall describe the type of personal data or personal information collected, how the information is used, processed and protected, how long it is retained, who receives it and the rights that a natural person can exercise in relation to their personal data. It will also describe how you can contact us in relation to personal data protection and exercise your rights. Our data protection activities may vary between countries, as they reflect local practices and legal requirements. Local requirements can be found on the respective local websites.

Information we collect

We may collect your personal data in various ways, such as via our website and social media channels, at our events, over the phone, via job applications, in connection with recruitment or in the course of communicating with clients and suppliers. We may collect a variety of personal data depending on the nature of our relationship with you, including (if permitted by local law) the following:

If you are an employee or candidate, applying for a job or creating an account for that purpose, we may collect the following personal data (if permitted by local law):

How collected data are used

The Controller compiles and uses data that have been collected in order to:

  1. offer workforce-related solutions and help people find work;
  2. create and manage online accounts;
  3. process payments;
  4. manage client and supplier relationships;
  5. send advertising material and notices concerning job vacancies and other matters in accordance with the Controller’s notice concerning cookies and advertisements (which forms part of this notice via a reference);
  6. send notices concerning special events, sales promotions, programmes, tenders, surveys, competitions and market research and manage participation in these, if permitted by applicable law;
  7. respond to the queries and demands of individuals;
  8. manage, assess and improve our company (including developing, analysing and improving our services; managing our communication; and performing accounting, auditing and other internal operations);
  9. establish, prevent and defend against fraud and other illegal activities, claims and other obligations;
  10. comply with and apply valid legal requirements, field standards, contractual obligations and our policies.

Personal data are always processed on an appropriate legal, basis which may include one of the following:

  1. the consent of the data subject or explicit consent if the applicable law requires it;
  2. ensuring that we comply with a legal or contractual requirement or with a requirement that is needed for signing a contract (for instance, we may process your personal data in order for your salary and taxes to be paid);
  3. it is important and necessary in the legitimate interests of the Controller (for instance, to manage users’ website access permissions as offered in relation to the services provided).

If you are an employee or candidate and you are applying for a job or creating an account for that reason, we will use the information described in this notice for the following purposes in addition to the aforementioned activities:

  1. to offer job opportunities and positions;
  2. to provide you with personnel services, including the management of employee benefits programmes, payroll preparation, results and disciplinary proceedings;
  3. to offer you additional services concerning such areas as training, careers counselling and career change;
  4. to assess the suitability of a candidate and the qualifications of an employee;
  5. to analyse data, for example (I) to analyse the database of candidates and employees; (II) to assess the results and capabilities of an individual, including their work-related skills; (III) to determine where their skills shortages lie; (IV) to use information to link individuals and job opportunities; and (V) to analyse general data (related to recruitment trends).

We may also use the information for other purposes, in which case we will inform you separately before or while collecting the data.

Legitimate interest

The Controller may process personal data for a legitimate business purpose that partly or fully includes the following:

We respect and take into account your rights when processing data for these purposes. You have the right to object to this processing. If you wish to do so, please contact us (see ‘How to contact us’). Please note that if you exercise this right, it may affect our ability to provide services for your benefit.

Ways of processing and protecting personal data

Amongst other things, we process collected data automatically for the aforementioned purposes over a period that accords with our data retention rules so as to guarantee that personal data are not retained for any longer than is necessary.

We implement organisational, technical and physical security measures to guard your personal data against accidental, illegal or unauthorised loss, destruction, modification, access, publication or use. In order to ensure the adequate security and confidentiality of your personal data, we implement the following security measures:

Retention period of collected data

We retain collected data in our systems in a way that enables data subjects to be identified for no longer than is necessary for the purpose for which the data were collected or for which data are additionally processed.

We determine the specific period taking into account the following:

Information we share

We do not share collected data except in the cases set out in this notice, if you have agreed to a certain activity or if it is required by law. We may share personal data with our suppliers who provide services on our behalf and based on the instructions given by us. We do not give such suppliers permission to use or disclose such information unless this is necessary for providing services on our behalf or for complying with legal requirements. We may share your personal data with (I) our subsidiaries and affiliates, (II) clients who may offer job opportunities or are interested in hiring our candidates and (II) others we cooperate with to find you a job, such as consultants and subcontractors.

We may also transmit your personal data if (I) it is required by law, (II) it is legally requested by a law enforcement authority or other government official and (III) we find it necessary or appropriate in order to avoid physical or financial losses or in relation to fraud or illegal activities or their investigation. In addition, we have the right to transmit your personal data if we sell or transfer our entire business or assets or part thereof (including in the event of transformation, dissolution or liquidation).

Transmission of data

We may transmit your personal data to countries in which the data were not originally collected. These countries may not have data protection acts that offer the same protection as the country in which you originally submitted the data. If we transmit your data to other countries, we will protect it in accordance with the methods described in this notice and follow the applicable law.

The countries to which we may transfer your data are:

If we transmit you personal data to countries outside of the European Union or to international organisations, the basis for transmission is:

  1. the adequacy decision of the European Commission;
  2. in its absence, another permitted legal basis, such as a) a legally binding and enforceable document between public authorities or public bodies; b) binding intragroup rules; or c) standard data protection clauses adopted by the Commission (formerly known as standard contractual clauses).

Rights of data subject

The data subject can exercise the following special rights under articles 15-22 of the General Data Protection Regulation (GDPR):

  1. Right of access. The data subject has the right of access to their data and the right to verify whether the data are being processed in accordance with the law.
    1. Right to rectification. The data subject has the right to demand the rectification of inaccurate or incomplete personal data related to them so as to ensure the accuracy of said data and to adapt them for the processing of personal data.
    1. Right to erasure. In some cases, the data subject has the right to demand that the Controller erase personal data concerning them and that their data no longer be processed.
    1. Right to restriction of processing. In some cases, the data subject has the right to demand that the Controller restrict processing.
    1. Right to data portability. The data subject has the right to obtain the personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format and the right to request that the Controller transmit said data to another controller.
    1. Right to object. A data subject who submits their personal data to the Controller has the right to object to the processing of the data at any time without having to justify their decision on different grounds provided for in the GDPR.
    1. Right to prohibit individual decisions based on automated processing, including profiling. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them.
    1. Right to lodge a complaint with a supervisory authority. Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their permanent residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.

If the processing of personal data is based on consent in accordance with article 7 of the GDPR, the data subject may withdraw their consent at any time.

If you need more information on how your personal data are processed, click on ‘How to contact us’ and scroll down.

Notice update

This notice (including its annexes) may be updated to reflect any changes in our personal data protection practices and applicable law. In the case of significant changes, we will notify you via a notice on our Site, indicating in the header of each personal data notice when it was last amended.

How to contact us

If you have any questions or comments regarding the personal data protection notice or if you wish to exercise your rights, fill in our application form.