Privacy Policy for Recruitment through Teamtailor
The recruitment service ("the service") is operated by Teamtailor on behalf of Røde Kors - IoP («controller," «we," "us"). Service users must feel secure and informed about how their personal data is handled during the recruitment process. We aim to maintain the highest standards for data protection, managing, using, and safeguarding personal data in compliance with this privacy policy ("privacy policy").
1. General Information
We are the data controller under applicable privacy laws. Personal data is processed to manage and facilitate recruitment for our company.
2. Collection of Personal Data
We are responsible for processing the personal data users contribute to the service or any data we collect about the service.
When and How Do We Collect Personal Data?
We collect personal data from users when they:
- Create an application through the service or otherwise provide personal data, either manually or through third-party sources like Facebook or LinkedIn;
- Use the service to connect with our employees, providing personal data in chats related to the recruitment process;
- Provide identifiable data in the chat that is relevant to the application process.
We collect data from third-party sources, such as Facebook, LinkedIn, and public sources, referred to as "sourcing," manually by our employees or automatically through the service.
In some cases, existing employees may recommend potential candidates by submitting personal data on their behalf. These candidates will be informed of the data processing and treated as users under this privacy policy.
Categories of Personal Data Collected and Processed
Personal data collected through the service may include name, email, photos, videos, social media profiles (Facebook, LinkedIn), responses to recruitment questions, job titles, education, and other relevant information. Only data necessary for the recruitment process will be collected and processed.
Purpose and Legal Basis for Processing
The purpose of collecting and processing personal data is to manage recruitment. The legal basis for processing is our legitimate interest in simplifying and promoting recruitment.
Personal data processed to obtain analytics or market research will always be anonymized and not used to identify a specific user. Therefore, such data is not considered personal data.
User Consent
Users consent to the processing of their personal data for recruitment purposes by the controller. This consent is provided when users:
- Apply for the service, providing personal data directly or through third-party sources like Facebook or LinkedIn, allowing the controller to use external sourcing tools to add further information;
- Use the service to connect with the controller's recruitment department and add personal data manually or through third-party sources like Facebook or LinkedIn.
Users also consent to the controller gathering publicly available information for recruitment purposes.
Users can withdraw their consent at any time by contacting the controller using the contact details provided in section 9. Withdrawing consent may prevent the user from applying for a job or using the service.
3. User Rights
Users have the right to request information about the personal data processed by us. Requests should be made in writing using the contact information provided in section 9. Users are entitled to one free copy of their processed personal data. Additional copies may incur a reasonable fee based on administrative costs.
Users may correct inaccurate personal data by submitting a written request via the contact details provided in section 9.
Users have the right to request the deletion or restriction of processing and the right to object to processing based on legitimate interests in certain circumstances.
Users also have the right to data portability, meaning they can receive their personal data and transfer it to another controller, provided it doesn't affect others' rights and freedoms.
If users believe their data is being processed unlawfully, they have the right to complain to the supervisory authority.
4. Data Security
We prioritize data privacy and implement reasonable measures to ensure that personal data is processed securely and in compliance with these privacy policies and GDPR. However, transmitting information over the internet or mobile networks comes with risks, and users are responsible for keeping their login credentials confidential.
5. Sharing Personal Data with Third Parties
We do not sell or transfer users' personal data to third parties, except in cases where:
- Contractors and subcontractors act as processors and sub-processors according to our instructions;
- Legal advisors or authorities require it due to suspicions of criminal activity or misconduct;
- Required by law or government order.
We only share personal data with trusted third parties, ensuring they process it in compliance with privacy laws. This includes categories such as Teamtailor (service provider), hosting companies, email service providers, video processing companies, and analytics services.
6. Collected Information (Non-Identifiable Personal Data)
We may share collected information with third parties. This information gathered through the service may include statistics on internet traffic or the geographical location of service use. The collected data cannot be used to identify individuals and is, therefore, not considered personal data.
7. Cookies
When users access the service, cookies (passive text files stored in the browser) may be used to improve the user experience and collect usage statistics. Some cookie data may qualify as personal information and is governed by our cookie policy. Users can disable cookies at any time, which may affect service functionality.
8. Changes
We reserve the right to modify this privacy policy at any time. Users will be notified of changes via email or other communication.
9. Contact Information
For questions or inquiries about personal data handling, please get in touch with Røde Kors - IoP at ar@iop.no.
