PRIVACY POLICY

Applicants

1. INFORMATION ON THE PROCESSING OF PERSONAL DATA


Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. In this Privacy Policy you can read how any associated company under itm8 Holding A/S, company number 37621285 (the "Company", "we", "us" or "our") process personal data about you when the Company act as data controller. You can also read about your rights in relation to our processing.

 

Information concerning the data controller

In connection with the operation of our business, we process certain personal data. We do this in order to serve you in the best possible way. We mainly collect and process general (non-sensitive) personal data.

 

2. IN GENERAL

When you apply for a position with us, we receive and process a range of personal data about you, which we will use for the purposes described in this document.

The information processed as part of the recruitment process is required for us to contact you and to determine whether you are the right candidate for the vacant position. Information provided to us will only be used to consider your application and in connection with subsequent employment.

During the recruitment process, we will process general personal data about you, but we may also process sensitive personal data, information about your civil reg. no. and/or information about criminal acts.

Here you can read more about the information we process about you when you apply for a position with us.

  

3. WHAT PERSONAL DATA DO WE COLLECT AND WHY?

We process personal data about you in a number of different situations. Read more about our processing in the different situations below.

 

3.1 When we receive your application

In order to process your application, we will process the information appearing from your application, your CV and any enclosed documents.

This typically includes the following information (the list is non-exhaustive): Name, address, date of birth, gender, phone number, email address, educational background, professional qualifications, career history, language qualifications and other relevant qualifications and written recommendations/references.

Our basis for processing is Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation because it is necessary for us to process such information in order to determine whether you are the right candidate for the position.

 

3.2 When we consider your application

We specifically consider each applicant's qualifications in relation to the open position. This is done manually. Once we have read the applications, we will select candidates for job interviews. The candidates that are not selected for an interview will be notified.

 

3.3 At job interviews

During the recruitment process, we conduct job interviews focusing on both your professional and your personal qualifications, the job content and our business as a workplace. We will make a note of some of the information disclosed during the interview(s) for the purpose of the final evaluation of the applicants for the position. We will only use relevant information when determining whether or not to offer you a job.

Our basis for processing is the agreement with you pursuant to Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation because it is necessary for us to process such information in order to determine whether you are the right candidate for the position.

 

3.4 Information from social media

When recruiting for positions with us, it may be relevant to obtain additional information from the Internet, including social media, e.g. LinkedIn, Facebook, Instagram, Twitter, etc. We do that in order to determine if your profile suits our business and the specific position.

The basis for processing is our legitimate interest in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation. Sensitive data will only be processed if the applicant has made it public in accordance with Article 9(2)(e) of the General Data Protection Regulation.

 

3.5 Personality tests

When recruiting for certain positions, you may be invited to take a personality analysis and/or a logical test. We will always consider whether it is relevant that you take such test in relation to the relevant position. The purpose of the test is to evaluate your qualifications as a potential employee and to consider whether your profile suits our business and the specific position. The test will never stand alone, but will be part of the general basis for selecting the right person for the position.

The basis for processing is our legitimate interest in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation.

 

3.6 Criminal record certificate

When recruiting for certain positions, it is necessary to obtain a criminal record certificate. We will always consider for each position if it is necessary to obtain a criminal record certificate. We will only obtain your criminal record if we believe it is realistic for you to be considered for the position.

The purpose is to ensure that our future employees have a clean criminal record when deemed necessary and relevant. If relevant, we will ask you to obtain the criminal record certificate and present it to us. When we have seen the criminal record certificate, we will delete it immediately. Thus, we do not store information about any criminal acts.

As you are to obtain and submit the criminal record certificate to us, this is considered to be based on your consent in accordance with Article 8(3) of the Danish Data Protection Act. We use Article 6(1)(c) or 6(1)(f) of the General Data Protection Regulation as the basis for our subsequent processing of the information that we have seen your criminal record certificate in order to document that we have complied with our legal obligations and/or our internal security policies in connection with your employment.

 

3.7 Work and residence permit

For employees with another citizenship than Danish it is a requirement for employment that they have a valid work and residence permit. In order to ensure this, we may ask for a copy of your passport in connection with the employment.

If your citizenship requires you to have a valid work and residence permit in order to work legally in Denmark, we will also request a copy of your work and residence permit from you. We will obtain it both when you are employed and when it is to be extended.

Our processing of information in connection with our checking of your work and residence permit is based on Article 6(1)(c) of the General Data Protection Regulation and Section 11(2)(i) of the Danish Data Protection Act, cf. Section 59(5) of the Danish Aliens Act, as we are obliged to ensure that you have a valid work and residence permit.

 

3.8 Health information

In very special circumstances, we may request to obtain information about your health. This may be relevant in situations where illness may have a significant impact on your ability to handle the job.

If health information is specifically required, we will specify which illnesses and symptoms of illnesses we specifically request information on. Obviously, we respect the framework and limits provided by the Danish Health Information Act in this regard. We will ask for your consent before such information is obtained.

Our basis for processing is your consent, cf. Article 9(2)(a) of the General Data Protection Regulation. In these special circumstances, it will be necessary for us to process such information in order to determine whether you are the right candidate for the position.

 

3.9 Credit information

To the extent where you are to undertake a position of trust, including if you are to undertake a position as a manager with financial responsibility or accounting and bookkeeping tasks, we may obtain information about your credit rating from a credit rating agency. If, during the recruitment process, information is obtained about your credit rating, we will notify you separately.

The basis for processing is our legitimate interest in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation.

 

3.10 References

For some positions, it is necessary to obtain references from former employers. We do that in order to check that the information you have provided to us during the employment process is correct and true. If we obtain references from one or several of your former employers, we will register that we have talked with a referee.

If we would like to collect information about you from your former employer, we will inform you before we collect the information.

The basis for processing is our legitimate interest in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation.

 

4. STORAGE AND ERASURE OF INFORMATION PROCESSED DURING THE RECRUITMENT PROCESS

If you are not offered the position you applied for, we will delete any information registered about you within six months. The purpose of the storage is to document the recruitment process and the reason for not offering you the position.

If you are employed with us, we will retain the information from the recruitment process as part of your employee portfolio during your employment in order to document your employment history. You will receive separate information in this regard in connection with your employment with us.

 

5. STORAGE FOR THE PURPOSE OF RECRUITMENT AT A LATER TIME

In certain situations, we would like to keep your application even though it has been turned down for the purpose of recruitment at a later time. If we want to keep your application, we will ask for your consent.

We will keep your application for six months for this purpose.

Our basis for processing is your consent, cf. Article 6(1)(a) of the General Data Protection Regulation.

 

6. DISCLOSURE OF YOUR PERSONAL DATA TO OTHERS

During the recruitment process, other parties may process your personal data. It may for instance be necessary to disclose information about you to our group companies.

itm8 may disclose your personal data to other suppliers and/or service providers in the ordinary course of our business and to our affiliated companies.

itm8 may also disclose your personal data to a public authority in situations where we are specifically obliged to disclose your personal data pursuant to legislation and notification obligations to which we are subject.

We will not disclose your personal data to other recipients unless required.

We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.

itm8 also makes available your personal data to data processors. Our data processors only process your personal data for our purposes and on our instructions.

 

7. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU/EEA

In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).

Your personal data may be transferred to countries where the EU Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).

We may also transfer your personal data to insecure third countries. The transfer of your personal data to insecure third countries will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission, which have been specifically designed to ensure an adequate level of protection. We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission's website.

If you require additional information regarding our transfer of personal data to countries outside the EU/EEA, please contact us.

 

8. STORAGE, DATA INTEGRITY AND SECURITY

When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.

It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

 

9. YOUR RIGHTS

As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email address above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when it is based on our legitimate interests.

Your rights also include the following:

  • Right of access: You have the right to access the personal data we process about you.
  • Right to rectification: You have the right to obtain rectification of any inaccurate personal data about you and to have incomplete personal data completed.
  • Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
  • Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.
  • Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
  • Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another.
  • Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at datatilsynet.dk, where you can also find further information on your rights as a data subject.


10. UPDATES TO OUR PRIVACY POLICY

From time to time it will be necessary for us to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing of personal data. We will publish new versions of the policy on our website.

This policy is version no. 1 and is valid from 1 September 2023.