General Data Protection Regulation (GDPR)

1) Generally

We are responsible for Personal Data in accordance with current personal data legislation. Users’ personal data is processed for the purpose of managing and facilitating the recruitment of employees to our business.

2) Collection of personal data

We are responsible for the processing of the personal data that the Users contribute to the Service, or for the personal data that we collect in other ways with regard to the Service.

When and how we collect personal data
We collect personal data about Users from Users, when Users;

• makes an application via the Service or in any other way adds personal information about himself personally or by using a third party, e.g. Facebook or LinkedIn;
• uses the Service to connect with our staff, by adding personal information about itself personally or by using a third party, such as Facebook or LinkedIn.
• provides identifiable information in the chat (provided through the website using the Service) and such information as is relevant to the application process.
We collect data from third parties, such as Facebook, LinkedIn and through other public sources. This is called “Sourcing” and is performed manually by our employees or automatically in the Service.

In some cases, existing employees may make recommendations about potential jobseekers. Such employees will add personal information about potential jobseekers. In cases where this is done, the potential jobseeker is considered a User within the framework of this privacy policy and will be informed about the processing.

Categories of personal data that are collected and processed
The categories of personal data that can be collected via the Service can be used to identify natural persons from names, e-mails, photos and videos, information from Facebook and LinkedIn accounts, answers to questions asked through recruitment, titles, training and other information provided by the User or others through the Service. Only personal data that is relevant to the recruitment process is collected and processed.

The purpose and legality of the processing
The purpose of the collection and processing of personal data is to handle recruitment. The legality of the processing of personal data is our legitimate interest in simplifying and facilitating recruitment.

Personal data that is processed for the purpose of aggregate analysis or market research is always made unidentifiable. Such personal data cannot be used to identify a specific user. Such personal data is therefore not considered personal data.

Consent from the registered
User agrees to the processing of personal data with the purpose of the Personal Data Controller to handle recruitment. The User agrees that personal data is collected via the Service, when the User;

• make an application via the Service, and add personal information about himself personally or by using a third party such as Facebook or LinkedIn, and that the Personal Data Controller may use external sourcing tools to add additional information; and
• uses the Service to connect to the Personal Data Officer’s recruitment department, and adds personal information about himself personally or by using a third-party source such as Facebook or LinkedIn.
The User also agrees that the Data Controller collects publicly available information about the User and compiles them for use in recruitment purposes.

The user agrees that personal data collected in accordance with the above a) and b) is processed in accordance with the following sections Storage and transfer and How long the personal data is processed.

The User has the right to revoke his consent at any time by contacting the Personal Data Controller using the contact information specified under 9. The exercise of this right may, however, mean that the User can not apply for a certain job or otherwise use the Service.

Storage and transfer
The personal data collected via the Service is stored and processed within the EU / EEA, a third country considered by the European Commission to have an adequate level of protection or processed by such suppliers who have entered into binding agreements that fully comply with the legality of transfers to third countries. (such as Privacy Shield) or to other providers where adequate safeguards are in place to ensure the rights of data subjects. To obtain documentation on such protective measures, contact us using the contact details provided in section 9.

How long the personal data is processed
As long as a User does not object in writing to the processing of his personal data, the personal data will be stored and processed by us for as long as we deem it necessary with regard to the above stated purposes. Please note that a jobseeker (User) may be of interest for future recruitment and for this purpose we may store Users’ personal data as long as they are deemed interesting for potential recruitment. If you as a User wish that your personal data is not processed for this purpose (future recruitment), contact us using the contact information in point 9.

3) User rights

Users have the right to request information about the personal data processed by us by notifying us in writing by using the contact information in accordance with point 9 below. Users have the right to one (1) copy of the processed personal data belonging to them free of charge. For additional copies, the data controller has the right to charge a reasonable fee on the basis of administrative costs for such demand.

Users have the right, if necessary, to correct incorrect personal data about that User, by requesting such correction in writing using the contact information in section 9 below.

The user has the right to demand deletion or limitation of treatment, and the right to object to treatment based on legitimate interest in certain circumstances.

The User has the right to revoke a consent to processing that has been given by the User to the Person responsible for Personal Data. However, exercising this right may mean that the user may not apply for a specific job or otherwise use the Service.

The user has in certain circumstances the right to transfer his personal data (data portability), which means the right to obtain his personal data and transfer these to another personal data controller, as long as this does not negatively affect the freedoms and rights of others.

The User has the right to submit a complaint to the supervisory authority regarding the processing of his personal data, if the User considers that the processing of the personal data is contrary to current personal data legislation.

4) Security

We prioritize personal privacy and therefore work actively to ensure that Users’ personal data is treated with the utmost care. We take the measures that may reasonably be required to ensure that Users’ personal data is processed securely and in accordance with this Privacy Policy and GDPR.

Transmission of information via the Internet and mobile networks, however, can never be done completely risk-free, which is why all transmission takes place at your own risk. It is important that Users also take responsibility for ensuring that their data is protected. It is the User’s responsibility to ensure that his login details are kept secret.

5) Transfer of personal data to third parties

We will not sell or transfer Users’ personal information to third parties.

However, we may transfer personal data to;

• our suppliers and subcontractors, in their role as personal data assistants and sub-assistants, in accordance with our instructions, for the provision of the Service;
• authorities or legal advisers in case of suspected crime or misconduct; and
• authorities, legal advisers or other actors, if required by us by law or the authority’s decision.
We only transfer Users’ personal data to third parties in whom we trust. We carefully select partners to ensure that the User’s personal data is processed in accordance with applicable personal data legislation.

6) Aggregated data (non-identifiable personal data)

We may share aggregated information with third parties. In such a case, the aggregated information has been compiled from information collected through the Service and may, for example, consist of statistics on Internet traffic or the geographical location of the use of the Service. Aggregate information does not contain any information that can be traced to a specific individual and thus does not constitute personal data.

7) Cookies

When Users use the Service, information about the use will be stored through cookies. Cookies are passive text files that are stored by the browser in the User’s device, such as his computer, mobile or tablet, when connecting to the Service. We use cookies to facilitate the User’s use of the Service and to collect information such as statistics about the User’s use of the Service. This is done for the purpose of securing, maintaining and improving the Service. The information obtained from cookies may also constitute personal data and in such a case the processing is covered by our Cookie Policy .

Users can at any time deny the use of cookies by changing settings in their device. If this happens, however, the User’s experience of the Service may deteriorate, for example because certain functions in the Service are no longer available.

8) Changes

We have the right to make changes or additions to the privacy policy at any time. The latest version of the privacy policy will always be available via the Service. A new version is considered to have been communicated to the Users when the User has either received an e-mail informing the User of the new version (with the e-mail address provided by the User in connection with the use of the Service) or when the User is otherwise informed by the new privacy policy.

9) Contact

For questions, further information about our handling of personal data or to contact us with other questions, use the following contact information; 

Needefy AB