Privacy Notice for recruitment
The service for handling recruitments and simplifying the hiring process (the "Service") is provided by Bisnode as Controller (see Controllership below) and using Teamtailor as a service-provider and Processor. It is important that the persons using the Service ("Users”) feel safe with, and are informed about, how we handle User's personal data in the recruitment process. We strive to maintain the highest possible standard regarding the protection of personal data. We process, manage, use, and protect User's Personal Data in accordance with this Privacy Notice.
Bisnode acts as a Group of companies where the Parties are part of the same Group, owned by Bisnode AB in Sweden. The Parties have a close cooperation in product development as well as Group Functions. Since the Parties will jointly determine the purposes and means of the processing of personal data in Group Products and other Group activities (including but not limited to Group Functions), the Parties has agreed to enter into a joint controllership agreement meaning that Parties, jointly are considered responsible for the processing of personal data.
1. Lawfulness of processing
Bisnode D&B Switzerland collects and relies on FADP Art. 4 and OR Art. 328b necessary for the performance of a contract (precontractual requirement) for all processing of personal data related to the application of a specific post. Where there is a requirement under employment and discrimination laws to retain Personal Data used in the recruitment process, Bisnode D&B Switzerland will rely on FADP Art. 4 and OR Art. 328b compliance of legal obligation. Bisnode D&B Switzerland collects and relies on FADP Art. 4, Art 13a and OR Art. 328b Consent where candidates submit their CV and cover letter for Bisnode to consider in future posts. Some entities within Bisnode Group adheres to GDPR. Please see our Data & Privacy section here (LINK).
2. Collection of personal data
Bisnode is responsible for the processing of the personal data that the Users contribute to the Service and for the personal data that we in other ways collect with regards to the Service.
When and how we collect personal data
We collect personal data about Users from Users when Users;
- Submit an application for a specific job posting through the Service or otherwise, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn; and
- Use the Service to connect with us so that we may consider the applicant in a future relevant application, adding personal data about themselves either personally or by using a third-party source such as Facebook or LinkedIn.
- Provides identifiable personal data in the chat (provided through the website that uses the Service) and such data is of relevance to the application procedure;
- Bisnode can generate aggregated analysis of the usage of our recruitment tool. The information collected for aggregated analysis statistical (unidentifiable). We may collect data from third parties, such as Facebook, Linkedin and through other public sources. “Sourcing” through these channels can be done manually by our employees or automatically in the Service.
In some cases, existing employees can make recommendations about potential applicants. Employees will be able to provide personal data about such potential applicants. In such a case, the potential applicant is considered a User in the context of this Privacy Notice and will be informed about the processing.
The types of personal data collected and processed
The categories of personal data that may be collected include: names, address, telephone number, civil status, e-mails, pictures and videos, information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, titles, education and other information that the User or others have provided through the Service. Only data that is relevant for the recruitment process is collected and processed. We ask candidates not to share with us Special Categories of Personal Data, including: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation.
Purpose and lawfulness of processing
The purpose of the collecting and processing of personal data is to manage recruitment. A review of candidate’s suitability is necessary before Bisnode can enter into an employment contract with a prospect candidate
A precontractual requirement
Bisnode D&B Switzerland will collect and process applicant’s personal data based on FADP Art. 4 and OR Art. 328b necessary for the performance of a contract (precontractual requirement) when candidates apply for a specific post. You may ask to have your application retracted if we have not commenced the processing of your application. If your application has been reviewed, we may be required by employment and discrimination law to retain your personal data in order to prove that we have handled your application according to applicable employment and discrimination laws. Where we are required to retain your data by law, Bisnode D&B Switzerland will rely on FADP Art. 4, Art 13 and OR Art. 328b compliance of legal obligation. Your personal data will be automatically deleted according to employment and discrimination laws. Some entities within Bisnode Group adheres to GDPR. Please see our Data & Privacy section here https://career.bisnode.com/data_privacy.
Bisnode D&B Switzerland collects and relies on FADP Art. 4, OR Art. 328b Consent where candidates submit their CV and cover letter for purpose of matching it against future job opportunities and offerings with in Bisnode company that we believe match your profile.
You have the right to contact Bisnode D&B Switzerland to withdraw your consent at any time and request Bisnode to remove the data here: https://careerswitzerland.bisnode.com/data_privacy. Using this right may however, mean that the User can not apply for a specific job or otherwise use this part of the Service. You may also ask Bisnode D&B Switzerland to correct any faulty information or to give you a copy of the data. Some entities within Bisnode Group adheres to GDPR. Please see our Data & Privacy section here https://career.bisnode.com/data_privacy.
Please Note that if we consider your application for a specific role, then the legal basis for processing your data changes to pre contractual as notes above. The User consents to the personal data being collected in accordance with the a) above and b) will be processed according to the below sections Storage and transfer and How long the personal data will be processed.
Storage and transfers
The personal data collected through the Service may be transferred, stored and processed outside Switzerland to the countries of the European Union (subject to the EU General Data Protection Regulation) or to other countries. When we transfer your personal data to countries without an equivalent level of data protection to that of the EU or Switzerland, we make sure to obtain the guarantees required to adequately protect your personal data. Specifically, we apply the guidelines of the Swiss Federal Data Protection and Information Commissioner.
How long will Bisnode process and keep your data for
Where data is used in a recruitment process, the data is retained for as long as it is legally required by relevant employment and discrimination laws. Where we process your Personal Data based on Consent, we will renew this Consent according to the table below. We will delete your Personal Data if you object to the renewal of your Consent.
Local country (legal entity/entities) – time we will keep your data
Austria (Bisnode D&B Austria GmbH, Bisnode Austria GmbH) 6 months
Belgium (Bisnode Belgium NV/SA, Swan Insights NV) 24 months
Croatia (Bisnode d.o.o. Croatia) 3 months
Czech Republic (Bisnode Česká republika, a.s.) 3 months
Denmark (Bisnode Danmark A/S) 6 months
Estonia (Bisnode Estonia AS) 12 months
Finland (Bisnode Finland OY) 24 months
Germany (Bisnode Deutschland GmbH, Bisnode D&B Deutschland GmbH) 12 months
Hungary (Bisnode Magyarország Kft., Bisnode D&B Magyarország Kft.) 12 months
Latvia (SIA Datu Serviss) 36 months
Norway (Bisnode Norge AS) 12 months
Poland (Bisnode Polska Sp z.o.o) 3 months
Serbia (Bisnode d.o.o. Serbia) 3 months
Slovakia (Bisnode Slovensko s.r.o) 6 months
Slovenia (Bisnode Slovenia d.o.o) 1 month
Sweden (Bisnode Sverige AB, Bisnode AB) 24 months
Switzerland (Bisnode D&B Schweiz AG) 6 months
3. Users’ rights
The legal frameworks provides you with the following’s rights enlisted below. In accordance with the Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), your request will be processed within 30 days of us receiving the necessary information.
1. Right of access
You have the right to know when your personal data is processed by us. You should be notified when your data is collected or used for the first time. You also have an ongoing right of access which means you can request information about the processing of your data whenever you want to. We will also inform you about the categories of recipients we shared your data with.
Also, in certain cases, like for example if a data breach (or similar) occurs on our end, you can expect to receive special information from us.
The information we provide to you is free of charge and in written or electronical format. It is our obligation to explain why we process your data and on what legal basis.
2. Right to rectification
You have the right to ask us to correct all inaccurate information about you. You also have the right to add any missing data that is relevant for us to have. We are responsible for keeping the data correct and up to date.
3. Right to erasure
You have the right to request that your data are completely removed from our database in the cases listed below:
- Data is no longer needed for our purpose
- The consent for processing the data has been withdrawn by you
- Your data is used illegally
- The erasure of data is needed to meet a legal obligation
If you request your data to be deleted, we will have to inform the recipients of this data about this deletion, where applicable. You also have the right to know who we have shared your data with.
There are some exceptions to the right to erasure and the right to inform others; when it is important to protect other fundamental rights such as the freedom of speech, to meet a legal obligation, to perform a task within the public interest or in exercise of authority.
4. Right to restriction of processing
You have the right to request that the processing of your personal data is restricted for certain purposes. This means that, going forward, we will no longer use your data for the restricted purposes.
Right to restriction is valid, for example, when you find records that are incorrect, and you have asked us to correct these. In such cases, you have the right to require that we do not process the data while its quality is being verified.
When the data has been corrected and validated, you will be informed, and the restriction can be removed.
5. Right to data portability
In certain situations, your data has been provided by you directly. For this kind of data, you have the right to extract this data from our databases. At Bisnode, we very seldom collect data directly from you.
6. Right to object
You have the right to object to certain types of data processing. If you do so, we will not be allowed to process your data unless it is required for reasons such as legal claim or tasks of public interest.
7. Automated decision-making, including profiling
You have the right to request not to be a part of automated decision making, including profiling. Automated decision making can be allowed if it is necessary for fulfilling an agreement between yourself and a company (our customers).
Automated decisions can be made with or without profiling. Profiling can be used without it leading to an automated decision. Profiling refers to every form of automated processing of personal data for the purpose of providing information about personal characteristics. The aim is to analyze or predict a person's work performance, reliability, behavior, city of residence or movements.
If you think that we are processing your data without the right to do so, you can send an e-mail to email@example.com.
We prioritize the personal integrity and therefore works actively so that the personal data of the Users are processed with utmost care. We take the measures that can be reasonably expected to the make sure that the personal data of Users and others are processed safely and in accordance to this Privacy Information and the Swiss Data Protection law. Some entities within Bisnode Group adheres to GDPR. Please see our Data & Privacy section here https://career.bisnode.com/data_privacy.
However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that Users also take responsibility to ensure that their data is protected. It is the responsibility of the User that their login information is kept secret.
5. Transfer of personal data to third party
We will not sell or otherwise transfer Users’ personal data to third parties. We may transfer Users’ Personal Data to;
- our contractors and sub-contractors, acting as our Processors and Sub-Processors in accordance with our instructions, for the provision of the Service (for example the Teamtailor platform and their sup-processor and recruitment firms);
- authorities or legal advisors in case criminal or improper behavior is suspected; and
- authorities, legal advisors or other actors, if required by us according to law or authority’s injunction.
We will only transfer Users’ personal data to third parties that we have confidence in. We carefully choose partners to ensure that the User’s personal data is processed in accordance to current privacy legislations. We cooperate with the following categories of processors of personal data; Teamtailor, who supplies the Service, server and hosting companies, e-mail reference companies, video processing companies, information-sourcing companies, analytical service companies and other companies with regards to suppling the Service.
6. Aggregated data (non-identifiable personal data)
We may share aggregated data with third parties. The aggregated data has in such instances been compiled from information that has been collected through the Service and can, for example, consist of statistics of internet traffic or the geological location from the use of the Service. The aggregated data does not contain any information that can be used to identify individual persons and is thus not personal data.
Only strictly necessary cookies are set by default.
We have the right to, at any time, make changes or additions to the Privacy Notice. The latest version of the Privacy Notice will always be available through the Service. A new version is considered communicated to the Users when the User has either received an email informing the User of the new version (using the e-mail stated by the User in connection to the use of the Service).
For questions, further information about our handling of personal data or for contact with us in other matters, please use the forms in Teamtailor (LINK), read more here (LINK) or contact firstname.lastname@example.org.