Privacy Notice


How we handle personal data


 1. Personal data processing at Kandidata


It is important for Kandidata (incl. the affiliate Act to Perform) to protect the integrity and personal data about our customers and service providers. We process personal data, and often sensitive personal data, when we provide our services regarding our core businesses Tests, Personal Assessments, Development and Education. Depending on which service we provide, our responsibility of the personal data might differ depending on whether we are considered to be a data controller or a data processor.


This privacy notice has been established in order to explain how we handle personal data according to GDPR.


We would like to emphasize that our clients under some circumstances also can be regarded as data controllers when they enter an agreement with us, for example when we have made and delivered an evaluation of a candidate on behalf of the client.


Personal data is information which, alone or together with other information, can be used to identify, locate or contact a natural person. Name, phone number and IP-addresses are a few examples of personal data. All kinds of uses of personal data are regarded as processing of personal data, such as collection, analyzing, registration and storing.


The data controller is the person who determines the purposes and means of the processing of personal data. The data controller is responsible for making sure that all kinds of processing meet the requirements set out in GDPR and other legislation.


2. Kandidata is the data controller


Kandidata Online Search, and from time to time Act to Perform, down below referred to as Kandidata, is the data controller regarding the processing of your personal data.  


3. The purpose and applicability of this privacy notice


This privacy notice aims to inform you about:


·       how Kandidata process personal data about you


·       when Kandidata process personal data about you


·       the categories of personal data Kandidata process about you and the purposes of the processing, and


·       your rights as a data subject


4. Why we process your personal data


We process personal data about you in order to


·       control your identity


·       enter agreements, either directly with you or with our client/your potential employer/your current employer


·       provide you and deliver our services


·       provide you with invoices and other information about your order


·       respond to incoming questions and inquiries  


·       provide you with existing and new services, and


·       provide you with service at our website and service during and after a purchase


When can only identify your IP-address when you visit the website of Kandidata. Despite this, you will remain anonymous during your visit will unless you decide to provide us with information that enables us to identify you, for example when you send us an e-mail.


5. Personal data regarding our clients


What kind of personal data do we process?


We process categories of personal data such as your surname, name, phone number, title, e-mail address, login details and eventually your IP-address.


Our customer database is protected by an ISO 27001-certified Information Security Management System. All personal data is stored in Europe.


How do we use your information?


·       For direct marketing purposes by e-mail or phone, such as sale- and marketing activities 


·       We invite you to events and inform you about our news


·       We modify the information and deliver offers and other content that might be of interest to you in your profession


·       In our agreement with you in order to provide you with our services


·       Sending you invoices for our services  


·       In our customer service in order to provide you with requested material, test links, registration to educations or otherwise in order to fulfill our obligations against you


To whom do we share your information?


To our service providers in order to fulfill the purposes mentioned above. Except that, we do not share your personal data to third parties.


Which lawful bases are applicable?


We mostly process your personal data in order to enter or fulfill an agreement with you. We rely on your consent when it comes to direct marketing purposes and other marketing activities.


How long do we process/keep your personal data?


We store your personal data as long as you are employed by the registered client in our customer system.


If you are certified in any of our tools we will keep your personal data as long as your certification is valid, even after your employment at our client ends.


6. Personal data regarding our prospects and subscribers of our newsletter


What kind of personal data do we process?


We process the following categories of personal data in order to provide you with our newsletter: surname, name, phone number, title, e-mail address, login details and eventually your IP-address.


When discussing inquiries from you as a potential client, we need to process your personal data such as name, contact details and company information. We collect such information through internal networks or from third parties such as public registers or social media.


Our customer database is protected by an ISO 27001-certified Information Security Management System. All personal data is stored in Europe.


How do we use your information?


We inform you about our news and events through our newsletter.


In other dialogues and inquiries, we inform about our services and provide you with an offer.


To whom do we share your information?


To our service providers in order to fulfill the purposes mentioned above. Except that, we do not share your personal data to third parties.


Which lawful bases are applicable?


We provide you with our newsletter if you give us your consent.

We process your personal data with our legitimate interest when you contact us about inquiries and for other purposes.


How long do we process/keep your personal data?


We keep your personal data as long as you want to receive our newsletter. You are able to unsubscribe from our newsletter at any time.  


Regarding service inquiries and other incoming inquiries, we erase the information as soon as our legitimate interest ends.


7. Personal data regarding job seekers


What kind of personal data do we process?


We process your personal data that you provide us when you send us your application, such as name, LinkedIn name, contact details, position, history, relevant work experience, interests, knowledge, education, grades, e-mail address, CV, personal letter, photo and eventually IP-address.


How do we use your information?


We use it in order to take a decision regarding employment, internship or practical service for psychologists (in Swedish PTP).


To whom do we share your personal data?


We do not share your personal data with third parties.  


Which legal basis is applicable?


Consent.


How long do we process/keep your personal data?


We keep your personal data until the position is filled and an additional time of 12 months. We will keep your documents until you withdraw your consent when you apply for any of our open positions.


8. Personal data regarding candidates


What kind of personal data do we process?  


You are regarded as a candidate when you apply for a position at company of one of our clients. Our client will after you have submitted your application provide us with your personal data. Our client has appointed us in order to make a personal assessment / second opinion of you. Your personal data will therefore be processed both by us and the company you have submitted your job application to. We only process the same information as you have provided to your potential employer when you applied for the position. That means we might process information about you such as name, phone number, contact details, position, information about previous positions, interests, skills, education, grades, CV, personal letters, photo and eventually IP-address.


Based upon information that have been made public, such as information on LinkedIn, we might supplement your information with branch of industry, further contact details, information about previous employers or title.


How do we use your information?


When we do a personal assessment of you, we use your information in order to send you the tests you will make and as a basis for upcoming interviews. We take notes about the information you provide us, and we compile that information into a test report that we provide to our client. This information is the basis of the recruiting decision of the client.


We might, after request from client, process test reports, other information from performed personal assessment and test results for purposes of evaluation and analysis. The aim of the evaluation and analysis is to measure the recruiting customer´s approximated and experienced success of the candidate´s accomplishments.



To whom do we share your information?


We only share your contact details when we tell our service providers to send you a link to make the test. We also share our opinion of you as a candidate to the company that you have submitted your application to. We might do that in a written report and/or an oral review to the client.


Which lawful basis is applicable?


We will base our processing on your consent, which you will be able to provide us with when we start to fulfill our service.


How long do we process/keep your personal data?


We keep your information until we have fulfilled our obligations to our client. We will erase your personal data after 12 months from the time of fulfilment of our obligations. 


9. Personal data about education participants and other course participants


What kind of personal data do we process? 


In order to provide you or someone else in your organization with an education or development efforts, we will need information about your e-mail address, name, phone number, login details to test portal, company name and department and eventually IP-address.


We need the information mentioned above when you make a registration to any of our open courses or when participating in a customized education for your company (such as development for management teams, leader development, coaching and traineeships etc.)


How do we use your information?


We use your personal data in order to send you tests that you will fulfil and also in order to administrate your test account if you decide to certify yourself through us. In education about development we might take notes about you that we find relevant. We do so in order to create the best possibilities for your development


To whom do we share your personal data?


To service providers of the tests for the purposes mentioned above.


Which lawful basis is applicable?


We process your personal data in order to enter or fulfil an agreement.


How long do we process/keep your personal data?


We keep your personal data as long as we need the information in order to provide you with the service that has been purchased, or until we have fulfilled our obligations to our client. We erase your information 12 months after the fulfilment of the agreement with our client. If you as a client is certified in any of our systems, we will keep your information as long as you are certified, even when your employment at our client has ended.

10. When do we share your personal data?


Your personal data will only be accessible to a few people at Kandidata, most often your contact person or the person responsible for providing you our services. We might from time to time share your information with our service providers, which might be necessary for us in order to provide you with our services. We collaborate with service providers that cares about your personal data, and they have taken technical and organizational security messures to follow the rules set out in GDPR.

We might, under certain circumstances, disclose your personal data if it is necessary to establish, exercise or defence legal claims. We can do se when there are reasons to believe that your personal data is necessary to identify, contact or bring action against someone who has intruded on our website and/or infringed our common terms and conditions, or otherwise infringed property or rights of Kandidata.

We might also share your information when legislation so requires or when it is necessary for Kandidata in order to fulful obligations due to legislation or contract.


We can guarantee you that we do not sell your personal data to third parties for direct marketing purposes.


11. Security and report of personal data breaches


We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, the level of integrity of the personal data and the costs.


We handle your personal data according to the safety measures set out in the GDPR. All information is protected by confidentiality and our staff only has access to the systems and the information that is strictly necessary in order for them to perform their duties.


Your particularly sensitive information, such as test results, are stored in very secure systems and are only available to very few persons. Our aim is to process only a minimum of personal data about you.


Kandidata has taken security measures in order to protect your personal data from unauthorized access or other forms of unauthorized and unlawful processing. We have, for example, implemented routines for access control to our systems and your personal data.


We have made sure that our service providers and other legal entities that process personal data has taken technical and organizational securtity messures. All Kandidatas data traffic is made in safe systems with firewalls.


Personal data breaches


If we notice that your personal data has been destroyed, get stolen or otherwise got lost we will make a report to the Data Protection Officer within 72 hours after have being made aware of the breach. In case of a personal data breach, we will also inform you hereabout, and also make sure to improve our security measures even further when necessary to protect your rights and your security.


12. Your rights


You have several rights as a data subject according to the GDPR. You have, at any time, the right to contact Kandidata in order to exercise your rights. The most easy way to do so is to write us at info@kandidata.se.

Kandidata might take safety measurements in order to control your identity. If you can not show your identity in a trustable way, we might reuse to perform according to your request. Down below you can read about your rights and what Kandidata does to ensure them.

Kandidata might require a reasonable fee in order to cover administrative costs related to your request. However, such a requirement will only be applicable when your request is unreasonable or apparently substantiated.


Right to access


You have the right to obtain a confirmation about if we handle personal data of you or not. If so, you have the right to access to that data in a written form.


Right of rectification and to erasure


If you think that the personal data we process about you is inaccurate, you have, under certain circumstances, the right to obtain rectification, provide us with a supplementary statement or get your personal data erased. Depending on which data that gets erased, it is not certain that we can provide all of our services to you.


Right to data portability


You have the right to receive your personal data, which you have provided us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller. This right is only applicable when the processing is based upon your consent or on a contract with us.


Right of restriction of processing


You have, under certain circumstances, the right to obtain a restriction of the processing of your personal data. If the processing has been restricted, the personal data shall with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person. or for reasons of important public interest of the Union or of a Member State. Please note that if we restrict the processing of your personal data it is not certain that we can provide all of our services to you.


Right to object


You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on necessary processing for the performance of a task carried out in the public interest or when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. We do process personal data about you after a legitimate interest. We do that when you take contact with us on the instructions from our clients or otherwise when you take contact with us. If you object to such processing, we will only continue to process your personal data if our interest of doing so is considered to be of bigger importance than your right to not get our personal data processed by us or if we need to process your personal data in order to establish, exercise or defence our legal claims


Right to lodge a complaint


You have the right to lodge a complaint to the supervisory authority if you think that we process your personal data in an unlawful way, please read more at the website of Datainspektionen, www.datainspektionen.se


13. Contact information and information about the data controller


Kandidata Online Search with corporate identification number 556557-9843 and Act to Perform with corporate identification number 556781-7480 are data controllers regarding the personal data that the companies process about you. Please take contact with us if you have any questions about our processing or if you want to exercise your rights. You find our contact details below.

Kandidata Online Search (incl. Act to Perform)
Kungsgatan 50
11135 Stockholm
info@kandidata.se
Telephone: + 46(8)545 85 010


 






 bästa utvecklingen för dig/er.