Privacy Policy for Applicants
1. INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how NorthQ Solutions ApS (hereinafter NorthQ, "we", "us" or "our ") process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.
2. NORTHQ’S ROLE AS A DATA CONTROLLER
When you apply for a position with us, we receive and process a range of personal data about you, which we will use for the purposes described in this document.
​
The information processed as part of the recruitment process is required for us to contact you and to determine whether you are the right candidate for the vacant position. Information provided to us will only be used to consider your application and in connection with subsequent employment.
​
During the recruitment process, we will process general personal data about you, but we may also process sensitive personal data, information about your civil reg. no. and/or information about criminal acts.
​
Here you can read more about the information we process about you when you apply for a position with us.
If you have any questions regarding our processing of your personal data, please contact NorthQ here:
​
NorthQ Solutions ApS
Tørringvej 7, 2610 Rødovre, Denmark
CVR: 43629816
​
Contact information: dpo@northq.com or by or by regular mail.
​
3. WHAT PERSONAL INFORMATION WE COLLECT AND THE PURPOSE
We process personal data about you in a number of different situations. Read more about the processing below.
3.1. When we receive your application
In order to process your application, we will process the information appearing from your application, your CV and any enclosed documents.
​
This typically includes the following information (the list is non-exhaustive): Name, address, date of birth, gender, phone number, email address, marital status, educational background, professional qualifications, career history, language qualifications and other relevant qualifications and written recommendations/references.
​
The legal basis for processing is Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation as the legal basis for processing, because we need to process this information in order to determine whether you are the right candidate for the position.
3.2. When we consider your application
We specifically consider each applicant's qualifications in relation to the open position. This is done manually. Once we have read the applications, we will select candidates for job interviews. The candidates that are not selected for an interview will be notified.
3.3. At job interviews
During the recruitment process, we conduct job interviews focusing on both your professional and your personal qualifications, the job content and our business as a workplace. We will make a note of some of the information disclosed during the interview(s) for the purpose of the final evaluation of the applicants for the position. We will only use relevant information when determining whether to offer you a job.
​
The legal basis for processing is Article 6(1)(b) and Article 6(1)(f) of the General Data Processing. It is necessary for us to process such information in order to determine whether you are the right candidate for the position.
3.4. Information from Social Media
When recruiting for positions with us, it may be relevant to obtain additional information from the Internet, including social media, e.g. LinkedIn, Facebook, Instagram, Twitter, etc. We do that in order to determine if your profile suits our business and the specific position.
We use Article 6(1)(f) or Article 9(2)(e) of the General Data Protection Regulation as the legal basis for processing when we obtain information about applicants from social media. We have legitimate interests as it is necessary for us to process such information in order to determine whether you are the right candidate for the position. We will only process sensitive data if the data are made public by the applicant.
3.5. Personality Tests
When recruiting for certain positions, you may be invited to take a personality analysis and/or a logical test. We will always consider whether it is relevant that you take such a test in relation to the relevant position. The purpose of the test is to evaluate your qualifications as a potential employee and to consider whether your profile suits our business and the specific position. The test will never stand alone, but will be part of the general basis for selecting the right person for the position.
​
The legal basis for processing is our legitimate interests in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation. We may also, depending on the circumstances, use your consent, cf. Article 6(1)(a) and Article (9)(2)(a) of the General Data Protection Regulation. If so, you will be asked to give your consent before such a test is made.
​
3.6. Criminal Record Certificate
When recruiting for certain positions, it is necessary to obtain a criminal record certificate. We will always consider for each position if it is necessary to obtain a criminal record certificate.
If relevant, we will ask you to obtain the criminal record certificate and present it to us. When we have seen the criminal record certificate, we will delete it immediately. Thus, we do not store information about any criminal acts.
​
As you are to obtain and submit the criminal record certificate to us, our processing of your personal data is based on your consent in accordance with Section 8(3) of the Danish Data Protection Act. We use Article 6(1)(c) or Article 6(1)(f) of the General Data Protection Regulation as the legal basis for our subsequent processing of the information that we have seen in your criminal record certificate. We do that in order to document that we have complied with our legal obligations and/or internal security policies in connection with your employment.
​
3.7. Work and Residence Permit
For employees with another citizenship than Danish it is a requirement for the employment that they have a valid work and residence permit. In order to ensure this, we may ask for a copy of your passport in connection with the employment.
​
If your citizenship requires you to have a valid work and residence permit in order to work legally in Denmark, we will also request a copy of your work and residence permit from you. We will obtain it both when you are employed and when it is to be extended.
​
Our processing of information in connection with our checking of your work and residence permit is based on Article 6(1)(c) of the General Data Protection Regulation and Section 11(2)(1) of the Danish Data Protection Act, cf. Section 59(5) of the Danish Aliens Act, as we are obliged to ensure that you have a valid work and residence permit.
​
3.8. Health Information
In very special situations, we may request to obtain information about your health. This may be relevant in situations where illness may have a significant impact on your ability to handle the job.
​
If health information is specifically required, we will specify which illnesses and symptoms of illnesses we specifically request information on. Obviously, we respect the framework and limits provided by the Danish Health Information Act in this regard. We will ask for your consent before such information is obtained.
​
The legal basis for processing is your consent, cf. Article 9(2)(a) of the General Data Protection Regulation. In these special situations, it will be necessary for us to process such information in order to determine whether you are the right candidate for the position.
3.9. Credit Information
To the extent where you are to undertake a position of trust, including if you are to undertake a position as a manager with financial responsibility or accounting and bookkeeping tasks, we may obtain information about your credit rating from a credit rating agency. If, during the recruitment process, information is obtained about your credit rating, we will notify you separately.
​
The legal basis for processing is our legitimate interests in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation.
​
3.10. References
For some positions, it is necessary to obtain references from former employers. We do that in order to check that the information you have provided to us during the employment process is correct and true. If we obtain references from one or several of your former employers, we will register that we have talked with a referee.
If we want to obtain information about you from your current or former employer, we will ask for your consent before obtaining such information. If you do not give your consent, we will not obtain such information.
The legal basis for processing is our legitimate interests in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the General Data Protection Regulation.
4. STORAGE AND ERASURE OF INFORMATION PROCESSED DURING THE RECRUITMENT PROCESS
If you are not offered the position you applied for, we will delete any information registered about you within 6 months. The purpose of the storage is to document the recruitment process and the reason for not offering you the position.
​
If you are employed with us, we will retain the information from the recruitment process as part of your employee portfolio during your employment in order to document your employment history. You will receive separate information in this regard in connection with your employment with us.
​
5. STORAGE FOR THE PURPOSE OF RECRUITMENT AT A LATER TIME (CV-DATABASE)
In certain situations, we would like to keep your application even though it has been turned down for the purpose of recruitment at a later time. If we want to keep your application, we will ask for your consent.
​
We will keep your application for 6 months for this purpose.
​
The legal basis for processing is your consent, cf. Article 6(1)(a) of the General Data Protection Regulation.
​
6. DISCLOSURE OF YOUR PERSONAL DATA TO OTHERS
In the recruitment process, other parties may process your personal data. It may for instance be necessary to disclose information about you to the following recipients:
​
-
BambooHR - Our HR and Recruitment system
NorthQ can also transfer your personal information to a public authority in situations where we are specifically obliged to disclose your personal information pursuant to legislation and notification obligations to which we are subject.
​
We will not disclose your personal data to other recipients unless required.
​
We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.
​
NorthQ also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.
​
7. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU/EEA
In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA (third countries).
​
Your personal data may be transferred to countries where the EU Commission has determined that the level of data protection is equivalent to that in the EU/EEA (secure third countries).
​
We may also transfer your personal data to unsecure third countries. The transfer of your personal data to the unsecure third countries will be based on the Standard Contractual Clauses (SCC) drawn up by the European Commission, which have been specifically designed to ensure an adequate level of protection. We assess the adequacy of the transfer basis and adopt additional measures if necessary to ensure an adequate level of protection for the transfer.
​
You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission’s website.
​
If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.
​
8. STORAGE, DATA INTEGRITY AND SECURITY
When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.
It is our policy to protect personal data by taking adequate technical and organizational security measures.
We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.
9. YOUR RIGHTS
As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.
​
You may - unconditionally and at any time - withdraw your consent. You can do so by sending us an email (see email above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.
You can also - unconditionally and at any time - object to our processing when such processing is based on our legitimate interests.
​
Your rights also include the following:
-
Right of access: You have a right to access the personal data we process about you.
-
Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.
-
Right to erasure (right to be forgotten): In exceptional cases, you have the right to obtain erasure of information about you before the time when we would normally delete your personal data.
-
Right to restriction of processing: In certain situations, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future - apart from storage - with your consent, or for the establishment, exercise of defense of legal claims, or to protect an individual or important public interests.
-
Right to object: In certain situations, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes.
-
Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used and machine readable format and to have those personal data transferred from one data controller to another.
-
Right to lodge a complaint: You can lodge a complaint at any time with the Danish Data Protection Authority about our processing of personal data. See more at www.datatilsynet.dk, where you can also find further information on your rights as a data subject.
​
10. UPDATES OF OUR PRIVACY POLICY
From time to time it will be necessary to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing of personal data. We will publish new versions of the policy on our website.
​
This policy has version no. 2 and is valid from 24 April 2024.