Privacy policy for the Nion employer branding and recruitment
Date of publication: 07-06-2024
We at Nion manage our employer branding and recruitment process through our career site (the “Career
Site”), and by using a related applicant tracking system.
In this privacy policy, we explain how we process your personal data if:
- You visit our Career Site (you being a “Visitor”)
-
You connect with us via our Career Site, to create a profile with us and
receive
information about current or future vacancies with us (you being a “Connecting
Candidate”)
-
You apply for a position with us, via our Career Site or a third party service
(you
being an ”Applying Candidate”)
-
We collect information about you from other parties, sites and services, since
we
believe your profile is of interest for our current or future vacancies (you
being a
“Sourced Candidate”)
-
We receive information about you from our employees or partners, since they
believe your
profile is of interest for our current or future vacancies (you being a
“Referred
Candidate”)
-
We receive information about you from a Candidate, who lists you as their
reference (you
being a “Reference”).
This privacy policy also describes what rights you have when we process your
personal data,
and how you can exercise these rights.
When we use the term “Candidate” in this privacy policy, we are referring to
each of
Connecting Candidates; Applying Candidates; Sourced Candidates; and Referred
Candidates,
unless it’s stated otherwise.
1. About processing of personal data
Personal data is all information that can be directly or indirectly linked to a
living,
physical person. Examples of personal data are: name, e-mail address, telephone
number and
IP address. Processing of personal data is any automated use of personal data -
such as
collecting, creating, analyzing, sharing, and deleting personal data.
There are laws and regulations on how companies may process personal data,
so-called data
protection laws. Different data protection laws apply to different types of use
of personal
data, and in different parts of the world. An example of a data protection law
that is
relevant for our use of your personal data, as described in this privacy policy,
is the EU
Data Protection Regulation (2016/679, “GDPR”).
Most obligations under the GDPR apply to the so-called data controller. A data
controller is
the entity that decides for which purposes personal data will be processed, and
how the
processing will be executed. The data controller can use a so-called data
processor. A data
processor is an entity that is only allowed to process personal data as
instructed by the
data controller, and may not use the personal data for its own purposes.
We are the data controller when we process your personal data as described in
this Privacy
policy.
2. What personal data do we process?
All individuals
-
Device information - If you visit our Career Site, we will collect
information about
your device, such as IP address, browser type and version, session behaviour,
traffic source,
screen resolution, preferred language, geographic location, operating system
and device settings/usage.
-
Technical and statistical data - If you visit our Career Site, we will
collect technical
and statistical data about your use of the site, such as information about
which URLs you
visit, and your activity on the site.
-
Communications data - We will collect and store your communication with
us, including
the information you provided in the communication. This may include the
content of emails,
video recordings, messages on social media, the information you add to your
account with
us, surveys, etc.
-
Contact details - Such as your name, email address, telephone number
and physical
address.
Candidates
-
Data from interviews, assessments and other information from the
recruitment
process - Such as notes from interviews with you, assessments and tests
made, salary requirements.
-
Information in your application - Such as your CV, cover letter, work
samples, references,
letters of recommendation and education.
-
Information in your public profile - Meaning the information we collect
about you
from public sources related to your professional experience, such as LinkedIn
or the website
of your current employer.
-
Information provided by references - Meaning the information we receive
from our employees
or partners who refer you to us, or by the persons you have listed as your
references.
3. Where do we receive your personal data from?
All individuals
-
From the Career Site. If you visit our Career Site, we collect
technical and statistical
information about how you use the Career Site, and information from your
device.
-
Directly from you. Most of the information we process about you, we
receive directly
from you, for example when you apply for a position with us or connect with
us. You can always
choose not to provide us with certain information. However, some personal data
is necessary
in order for us to process your application or provide you the information you
request to
get from us.
References
-
From the person for whom you are a reference. If a Candidate lists you
as their reference,
we will collect your contact details from the candidate to be able to contact
you.
Candidates
-
From public sources. We may collect personal data about you from public
sources, such
as LinkedIn or the website of your current employer.
-
From our references. We may receive information about you from our
employees or partners
(such as recruitment service providers), when they believe your profile is of
interest for
our current or future vacancies.
-
From your references. If you provide us with references, we may collect
information
about you from them.
-
Data we create ourselves or in cooperation with you. Information about
your application
and profile is usually created by us, or by us in cooperation with you, during
the recruitment
process. This may for example include notes from interviews with you,
assessments and tests
made.
4. For what purposes do we process your personal data?
Protect and enforce our rights, interests and the interests of others, for
example in
connection with legal claims.
Affected individuals: The individual(s) affected by the legal issue - this may
include
persons from all categories of individuals listed above.
Categories of personal data used: All the categories of personal data listed
above can be
used for this purpose.
Share your personal data with other recipients, for the purposes mentioned in
Section 5
below.
Affected individuals: Varies depending on the purpose of the sharing, see
Section 5 below.
Categories of personal data used: All the categories of personal data listed
above may be
used for this purpose.
Collect information about your use of the Career Site, using cookies and other
tracking
technologies, as described in our Cookie
Policy.
Affected individuals: Visitors.
Categories of personal data used: Device information.
Maintain, develop, test, and otherwise ensure the security of the Career Site.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical
data.
Analyse how the Career Site and its content is being used and is performing, to
get
statistics and to improve operational performance.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical
data.
Provide you with updates about vacancies with us.
Affected individuals: Connecting Candidates.
Categories of personal data used: Contact details; Communications data.
Review profiles and applications sent to us. This also includes communicating
with you about
your application and profile.
Affected individuals: Connecting Candidates; Applying Candidates.
Categories of personal data used: All the categories of personal data listed
above may be
used for this purpose.
Collect and evaluate your professional profile on our own initiative. This also
includes
communicating with you regarding your profile.
Affected individuals: Sourced Candidates; Referred Candidates.
Categories of personal data used: All the categories of personal data listed
above may be
used for this purpose.
Contact you directly about specific, future vacancies with us.
Affected individuals: Candidates.
Categories of personal data used: All the categories of personal data listed
above may be
used for this purpose.
Record the interview(s) with you.
Affected individuals: Candidates.
Categories of personal data used: Communications data.
Contact you to ask for your participation in surveys
Affected individuals: Candidates.
Categories of personal data used: All the categories of personal data listed above
may be used for
this purpose.
Contact you to ask you to provide information about a Candidate, and evaluate
the
information you provide.
Affected individuals: References.
Categories of personal data used: Contact details; Communications data.
5. Whom do we share your personal data with?
Our service providers. We share your personal data with our suppliers who
provide services
and functionality in our employer branding- and recruitment process. For
example, this includes
recruitment service providers and the supplier of our Career Site and related
applicant tracking
system.
Our group companies. We share your personal data with our group
companies, when they provide
us services and functionality to our employer branding- and recruitment process,
such as access
to particular systems and software.
Companies providing cookies on the Career Site. If you consent to it,
cookies are set
by other companies than us, who will use the data collected by these cookies in
accordance
with their own privacy policy. You can find information about which cookies this
applies to
in our
Cookie
Policy.
To authorities and other public actors - when we are ordered to do so. We
will share your
personal data with authorities and other public actors when we have a legal
obligation to do
so.
To parties involved in legal proceedings. If needed to protect or defend
our rights, we
share your personal data with public authorities or with other parties involved
in a potential
or existing legal proceeding. This can for example be in case of discrimination
claims.
Mergers and acquisitions etc. In connection with a potential merger, sale
of company assets,
financing, or acquisition of all or part of our business to another company, we
may share your
personal data to other parties involved in the process.
6. On what legal bases do we process your personal data?
To be able to process your personal data, we need to have a so-called legal
basis. A legal
basis is a reason for processing the personal data that is justified under the
GDPR.
When we process your personal data for the purposes described in this Privacy
Policy, the
legal basis we rely on is normally that the processing is necessary for our
legitimate interest in being able to recruit talent with the relevant
competence for us. We have concluded that
we have a legitimate interest in being able to perform the personal data
processing for this
purpose; that the processing is necessary to achieve that purpose; and that our
interest outweighs
your right not to have your data processed for this purpose.
You can contact us for more information about how this assessment was made. See
Section 9
and 10 below for our contact information.
There may be specific circumstances when the processing is only performed if and
when you
provide your consent to the processing. This is for example the case if
we propose to
record an interview with you. Please see Section 9 below for more information
about your right
to withdraw your consent.
7. When do we transfer your personal data outside of the EU/EEA, and how do we
protect it
then?
We always strive to process your personal data within the EU/EEA area.
However, some of our service providers process your personal data outside of the
EU/EEA. We
also use suppliers whose parent company, or whose subcontractor’s parent
company, is based
outside the EU/EEA. In these cases, we have taken into account the risk that the
personal
data may be disclosed to countries outside the EU/EEA, for example because of an
authority
request.
In cases where another recipient of your personal data (as described in Section
5 above) is
based outside the EU/EEA, this will also mean that your personal data is
transferred outside
the EU/EEA.
When we, or one of our suppliers, transfer your personal data outside the
EU/EEA, we will
ensure that a safeguard recognized by the GDPR is used to enable the transfer.
We use the
following safeguards:
When your personal data is transferred outside the EU/EEA, we also implement
appropriate
technical and organizational safeguards, to protect the personal data in case of
a
disclosure. Exactly which protective measures we implement depends on what is
technically
feasible, and sufficiently effective, for the particular transfer.
If you want more information about the cases in which your personal data is
transferred
outside the EU/EEA you can contact us using the contact details in Section 9 and
10 below.
8. For how long do we keep your personal data?
All individuals
If we process your personal data for the purpose of being able to protect and
enforce our
rights, we will keep your personal data until the relevant legal issue has been
fully and
finally resolved.
Visitors
We keep your personal data for one (1) year for security purposes. The retention
periods for
cookies are set out in our Cookie Policy. We keep your personal data to analyse the
performance of the Career Site for as long as
we keep personal data about you for other purposes.
Candidates
If you are a Connecting Candidate (only), we keep your personal data for as long
as you
remain connected with us.
For other types of Candidates, we keep your personal data to decide if you are a
suitable
candidate for the relevant vacancy(ies) with us.
If you don’t succeed in the initial recruitment process, we keep your personal
data for as
long as needed to consider, and potentially contact you, for relevant future job
openings.
If you are hired, we will keep your personal data during your employment, for
other purposes
than those stated above, which you will be informed of.
References
We keep your personal data for as long as we keep the personal data of the
Candidate for
whom you acted as a reference.
9. What rights do you have, and how can you exercise them?
In this section, you will find information about the rights you have when we
process your
personal data. As described below, some of the rights only come into play when
we process
your personal data under a particular legal basis.
If you want to exercise any of the rights listed here, we suggest that you:
-
Visit the Data & Privacy page on our Career Site, where we
offer features to let you exercise your rights;
-
Log in
to your account
with us, where you can use the settings in the account to exercise your
rights; or
- Contact us directly at mila.nedelkovska@nionit.com.
Right to be informed
You have the right to be informed about how we process your personal data. You
also have the
right to be informed if we plan to process your personal data for any purpose
other than
that for which it was originally collected.
We provide you with such information through this privacy policy, through
updates on our
Career Site (see also Section 11 below), and by answering any questions you may
have for us.
Right to access your personal data.
You have the right to know if we process personal data about you, and to receive
a copy of
the data we process about you. In connection with receiving the copy of your
data, you will
also receive information about how we process your personal data.
Right to access and to request a transfer of your personal data to another
recipient (“data
portability”).
You can request a copy of the personal data relating to you that we process for
the
performance of a contract with you, or based on your consent, in a structured,
commonly
used, machine-readable format. This will allow you to use this data somewhere
else, for
example to transfer it to another recipient. If technically feasible, you also
have the
right to request that we transfer your data directly to another recipient.
Right to have your personal data deleted (“right to be forgotten”).
In some cases, you have the right to have us delete personal data about you.
This is for
example the case if it’s no longer necessary for us to process the data for the
purpose for
which we collected it; if you withdraw your consent; if you have objected to the
processing
and there are no legitimate, overriding justifications for the processing. (For
the separate
right to object, see below.)
Right to object against our processing of your personal data.
You have the right to object to processing of your personal data which is based
on our
legitimate interest, by referencing your personal circumstances.
Right to restrict processing.
If you believe that the personal data we process about you is inaccurate, that
our
processing is unlawful, or that we don’t need the information for a specific
purpose, you
have the right to request that we restrict the processing of such personal data.
If you
object to our processing, as described just above, you can also request us to
restrict
processing of that personal data while we make our assessment of your request.
When our processing of your personal data is restricted, we will (with the
exception of
storage) only process the data with your consent or for the establishment,
exercise or
defence of legal claims, to protect the rights of another natural or legal
person, or for
reasons relating to an important public interest.
Right to rectification.
You have the right to request that we rectify inaccurate information, and that
we complete
information about you that you consider incomplete.
Right to withdraw your consent.
When we process your personal data based on your consent, you have the right to
withdraw
that consent at any time. If you do so, we will stop processing your data for
the purposes
you’ve withdrawn your consent for. However, it doesn’t affect the lawfulness of
processing
that was based on your consent before it was withdrawn.
Right to raise a complaint.
If you have complaints about our processing of your personal data, you can raise
a complaint
with the data protection authority in Sweden. You can find their contact details
here.
You can also lodge a complaint with your national data protection authority,
which you can
find listed here
if you are based in the EU. If you are based in the UK, you can lodge a
complaint with the Information
Commissioner’s Office,
here.
10. Where can you turn with comments or questions?
If you want to get in touch with us to exercise your rights, or if you have any
questions,
comments or concerns about how we handle your personal data, you can reach us by
sending an
email to mila.nedelkovska@nionit.com.
11. Updates to this Privacy policy
We update this privacy policy when necessary - for example, because we start
processing your
personal data in a new way, because we want to make the information even clearer
to you, or
if it’s necessary to do so in order to comply with applicable data protection
laws.
We encourage you to regularly check this page for any changes. You can always
check the top
of this page to see when this privacy policy was last updated.
