Effective Date: 11/09/2018
Personal data manager
The person responsible for personal data is Estranged AB with registered office in Sweden.
The personal data collected is checked and processed by the Data Controller. In addition, personal data may be processed or jointly controlled by the personal data controller’s partners.
This policy regarding the processing of personal data applies to (1) our candidates and recipients of our career management services, (2) our partners, to whom we assign one of our candidates, (3) users of our website (“Site”), and (4) representatives of our business partners, customers and suppliers. This policy regarding the processing of personal data does not apply to our internal employees or consultants.
This policy regarding the processing of personal data sets out the types of personal data or personal information we collect, how we use such data, how we process and protect the data we collect, how long we store it, with whom we share it, to whom we transfer these and the rights that individuals may exercise with respect to our use of their personal data. We also state how you can contact us regarding our procedures regarding the processing of personal data and the exercise of your rights. Our procedures regarding the processing of personal data may differ between the countries in which we operate. In order to reflect domestic practices and legal requirements, you may have to review specific domestic regulations by visiting local websites.
Information we collect
We may collect personal information about you in several different ways, for example through our sites and social media channels; at our events; over the phone; through job applications; in connection with recruitment; or in connection with our collaboration with customers / sellers and suppliers. We may collect a selection of personal data depending on the nature of the relationship, which includes but is not limited to (which is permitted in accordance with Swedish law):
· Contact details (such as name, postal address, e-mail address and telephone number);
· Username and password when you register our site;
· Information you provide about people you would like us to contact. (Personal data controller assumes that this person has previously consented to such communication); and
· Other information you provide to us, such as in surveys or through the “Contact us” section of our sites.
If you are a job candidate and are applying for a job or creating an account to apply for a job, we may, after approved consent, collect the following types of personal information (as permitted in accordance with Swedish law):
· Employment and training history
· Language skills and other work-related skills;
· Social security number, national identification or other state-issued identification number;
· Date of birth;
· Bank account information;
· Citizenship and work permit status
· Information regarding benefits;
· Tax-related information;
· Information provided by references; and
· Information covered by your curriculum vitae or CV, information you provide regarding your professional interests, and other information relating to your employment skills
· And possibly sensitive personal data in the event that express consent to this has been provided by you as required by law:
· Disability and health-related information;
· Results of drug tests, check of criminal records and other background checks.
In addition, we may collect information that you provide to us regarding other persons, such as information to relatives for emergencies.
How we use the information we collect
The personal data controller collects and uses the data collected for the following purposes:
a) find workforce solutions and match candidates with our clients in order to get people into work;
b) create and manage accounts online;
c) process payments;
d) manage our relationships with customers / sellers and suppliers;
f) where this is permitted by law to announce and manage participation in, special events, advertising, programs, offers, surveys, competitions and market research;
g) respond to individual requests and demands;
h) conduct, evaluate and improve our business operations (which includes the development, reinforcement, review and improvement of our services; the management of our communications; the performance of data analytics; and the performance of accounting, auditing and other internal tasks);
i) protect against, identify, and try to prevent fraud and other illegal activities, claims and other liability; and
j) comply with and enforce applicable legal requirements, relevant industry practices, contractual obligations and our policies.
All processing will be performed based on legal grounds as follows:
a) consent or special consent (in obtaining sensitive personal data) from the data subject, where required by applicable law;
If you are a job candidate, we will ask for consent for the following processing of personal data for the following purposes:
o provide you with job offers and work;
o provide you with HR services, including benefit program management, payroll, performance management and disciplinary action;
o provide you with additional services, such as education, vocational guidance and career transition services;
o assess your suitability as a job candidate and your associated qualifications for job positions; and
o perform data analyzes, such as (i) analysis of our job candidate and consultant database; (ii) assessment of individual performance and skills, including scoring of work-related abilities; (iii) identification of knowledge gaps; (iv) use of information to match individuals with potential opportunities, and (v) analysis of pipeline data (employment practice trends).
We may also use information in other ways when we send a special message in connection with or before the time of collection.
b) to ensure our compliance with a legal or contractual requirement, or a requirement that is necessary to enter into an agreement, for example with our customers and suppliers.
c) it is essential and necessary based on the legitimate interest of the Data Controller.
The data controller may process personal data for specific legitimate business purposes, which includes any of the following:
· Where the processing enables us to strengthen, modify, tailor or otherwise improve our services / communications for the benefit of our customers, candidates and suppliers;
· To identify and prevent fraud;
· To strengthen the security of our network and information systems;
· To better understand how people interact with our websites;
· For direct marketing purposes;
· To send you postal items that we believe would be of interest to you;
· To determine the effectiveness of marketing campaigns and advertising
In cases where we process data for these purposes, we ensure that your rights are protected and take such rights into account. You have the right to object to such treatment. Contact us if you wish to do so. Please note that the exercise of your right to object may affect our ability to assist you in the provision of our services and services.
How we process and protect personal information
Our processing of collected personal data takes place for the purposes stated above and for a specific period of time, which is in line with our internal deletion routines, in order to ensure that personal data is not stored longer than necessary and no longer than is permitted under the GDPR.
We maintain administrative, technical, and physical security measures designed to protect the personal data you provide against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure or use. To ensure appropriate security and confidentiality regarding personal data, we take the following security measures:
· Encryption of data in transmission;
· Accurate checks regarding user authentication;
· Reinforced network infrastructure;
· Solutions for IT security
How long we store the information we collect
We store the personal data that we collect in our systems in a way that only makes it possible to identify the data subjects for the time deemed necessary in the light of the purposes for which the data was collected, or for which data is further processed.
We determine this time by considering:
· The need to preserve collected personal data stored for the purpose of providing services established with the user;
· In order to ensure the legitimate interest of the Data Controller as stated in the purposes;
· The existence of specific legal obligations that make processing and attributable storage necessary for specific time periods.
Information we share
We only share personal data that we collect about you in the ways set out in this policy regarding the processing of personal data or in separate messages provided in connection with special activities. We may share personal information with providers who perform services on our behalf based on our instructions. We do not authorize these providers to use or share the data except where necessary for the performance of services on our behalf or for compliance with legal requirements. We may also share your personal information with (i) our subsidiaries and partners; (ii) with others we work with, such as consultants and subcontractors,
In addition, we may share your personal information (i) if we are required to do so by law or legal process; (ii) to law enforcement agencies or other government officials based on a lawful request to share; and (iii) when we believe that sharing is necessary or appropriate for the purpose of preventing physical harm or financial loss, or in connection with an investigation of suspected or actually fraudulent or unlawful activity. We also reserve the right to transfer personal information we hold about you in the event that we sell or transfer all or part of our business or assets (which includes cases where reorganization, dissolution or liquidation takes place).
Transfers of personal data
We may also transfer the personal information we collect about you to countries outside the country where the information was originally collected. Such countries may lack the privacy laws of the country where you originally provided the personal information. When we transfer your data to other countries, we protect the data set out in this policy regarding the processing of personal data and such transfers take place in compliance with applicable law.
Where permitted by applicable law, the data subject may exercise the following special rights in accordance with Articles 15 to 22 of the Data Protection Regulation:
a) Right of access: The data subject has the right to access his personal data for the purpose of checking that such personal data is processed in accordance with law.
b) Right of rectification: The data subject has the right to request rectification of all inaccurate or incomplete data stored concerning him or her, in order to ensure the accuracy of such data and adapt it to the processing of personal data.
c) Right of deletion: The data subject has the right to request that the Data Controller delete data about him or her and no longer process such data.
d) Right to limit the processing: The data subject has the right to request that the Data Controller restricts the processing of his or her data.
e) Right to data portability: The data subject has the right to request data portability, which means that the data subject can obtain the originally provided personal data in a structured and commonly used format or that the data subject can request the transfer of data to another Personal Data Controller.
f) Right to object: The data subject who provides personal data to the Personal Data Controller has the right, at any time, to object to the processing of personal data on several grounds as set out in the Data Protection Regulation without having to justify his decision.
g) Right not to be subject to automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, which includes profiling, if such profiling causes a legal effect affecting the data subject or in the same way substantially affects him or her.
h) Right to lodge a complaint with a supervisory authority: All data subjects have the right to lodge a complaint with a supervisory authority, in particular in the EU country where he or she has his or her permanent residence, place of work or where the alleged infringement took place if the data subject considers processing of personal data relating to him or her violates the Data Protection Regulation.
When processing is based on consent as under Article 7 of the Data Protection Regulation, the data subject may at any time withdraw his consent.
Please see the Contact Us section below if you need more information about the processing of your personal data.
Updates to our policy regarding the processing of personal data
This policy regarding the processing of personal data (including any additions) may be regularly updated to reflect changes in our privacy practices and legal updates. Regarding significant changes, we will notify you of this by publishing a prominent notice on our sites with information at the top of each notice when it was last updated.
How to contact us