Personal Data Policy

This Personal Data Policy applies to Level Recruitment, 556766-4312 and to Level Executive, subsidiary of Level Recruitment with the same organization number. Level Recruitment AB, Skeppsbron 26, SE-111 30 Stockholm, corp. ID No. 556766-4312 is the Personal Data Controller for the data that you provide Level Executive.

 

Purpose

Level Recruitment AB is a recruitment company that offers companies recruitment services for the purpose of recruiting new employees. As part of this, job seekers can search for jobs on our website and/or create a personal profile in our CV database that lets them receive job vacancies from Level Recruitment. We conduct entire recruitment processes, helping our clients with the whole process from the start of recruitment until the employment contract is signed. We also perform parts of the recruitment process such as selection, headhunting services, tests, reference taking, etc.

We safeguard the privacy of our clients and the people involved in our recruitment services. Level Recruitment has an office in Stockholm with its own staff. These include recruitment consultants, salespeople, administrators and the CEO. Within the framework of Level Recruitment AB, we conduct recruitment and related services of specialists and executives. At Level Executive, a subsidiary of Level Recruitment AB, we recruit more high-powered executives and leaders. Both Level Recruitment AB and Level Executive are subject to this policy.

We want you to feel secure when you entrust your personal data to us. This is why we prepared this policy. It is based on current data protection laws and clarifies how we work to protect your rights and your privacy.

The purpose of this policy is to inform you about how we process personal data, what we use it for, who has access to it and under what circumstances and how you can exercise your rights.

Terms

Personal data is information that can directly or indirectly be linked to a physical living person. Examples of personal data include name, address, phone number and e-mail address. Under certain circumstances, details about your IP number and your behaviour while using our services can also constitute personal data.

Processing of personal data includes all the handling of personal data, including collection, registration and storage.

Background

When you use our service to search for a job or register your CV on our website, you are providing personal data to us while also approving that we process your personal data. We process your personal data mainly in order to provide our service to you – to help you find a new job. As a general rule, we do not process more personal data than we need for the purpose and we also strive to use the least sensitive private details and work to filter out unnecessary personal data.

We also need your personal data to give you good service as regards follow-up and information, for instance. We may also need your personal data to comply with laws or if it’s on the grounds of overriding public interest.

Data that we collect

We only process personal data when we have legal grounds for doing so. Our assignment can be considered sensitive in nature as it concerns an individual’s job, training, interests, family circumstances, etc.

We collect information about you when you register your CV or search for a job on our website or use our services in general. Personal data is saved or processed primarily via our business system or on our website. When you register your CV or search for a job on our website, your personal data is saved in our business system. Here are some examples of personal data that we process in our business system:

  • Information from registration of CV profile and update (s) of profile via “My Page”, as well as IP address.
  • If you search for a job or register your profile through the “Search with LinkedIn” function or “Search with Jobreg” function, the system will retrieve available information from the profile in the service with which you authenticate. The information is then stored in your profile.
  • We collect data in aggregated form regarding our visitors to the web, such as traffic data, site data, etc.
  • In some cases, we store email correspondence when you contact us.
  • Name
  • Address
  • E-mail address
  • Phone number
  • Personal identity number/Date of birth
  • ID
  • Username and password
  • The information that you voluntarily registered on your own initiative such as a CV, covering letter, certificates, testimonials, test results or similar
  • The date when you registered or edited your CV or applied for a job
  • Gender
  • Photography (we do not perform biometric readings however)
  • Activities while in contact with Level Recruitment or Level Executive
  • Profiles on social media such as LinkedIn, Facebook or other social media
  • Other information that is relevant from a recruitment perspective

As an applicant in one of our recruitment processes, the information about you that is saved is necessary to enable us to conduct a professional recruitment process. This information can be saved in our business system, on our servers, in our telephony system incl. mobile phones, in e-mails or in a paper copy at our office.

The following data is saved in this context: notes from phone interviews, notes from physical interviews, CV, covering letter, certificates, testimonials, applicant presentations that we create in order to convey your profile to our client, reference summaries, test results, background checks, post-employment appraisal meetings for employees or other relevant information needed to perform the service.

Information flow in general

We also get access your personal data in the following manner:

  • Information that you provide to us directly
  • Information that we receive when you contact one of our employees
  • Information that we receive when you subscribe to newsletters, subscriptions and other mailshots
  • Information that we receive when you answer questionnaires and surveys
  • Information that we receive when you contact us, search for a job here, visit us or contact us by other means
  • Information that you register when you visit our websites

When you send an e-mail to us, we put your message in our business system if the information is required to complete the assignment. In other cases, your message and entire conversation is erased.

If you contact us by phone, we can also register the data in our business system if we need them to perform our service.

Your agreement with us and your consent

The information collected is used where necessary to:

  • Deliver our services to you and to communicate around the services with you.
  • Evaluate your qualifications and facilitate in connection with current and future recruitment or staffing assignments.
  • Inform about relevant opportunities and offers that we can offer.
  • Be compliant with legal requirements.
  • Maintain Security – IP address is obtained so that you as a candidate can get an overview of which IP addresses have been used to log into your account.

When you apply for a job via us or register your resume on our website, you agree that we will save your personal data and agree that we process your personal data. Level Recruitment is the Registry Manager and is the party that owns the data that is entered into the system. As Registry Manager, Recruitment Manager AS stands for the system solution, which develops, operates and maintains the system where your personal data is stored. Recruitment Manager AS uses subcontractors to perform tasks as Registrar.

There is a separate Data Processing Agreement between Level Recruitment and Recruitment Manager AS, which regulates what information the Registrar has access to and how the information is to be processed.

To view the consent text, click here.

You can also subscribe to a job vacancies via our website. When you sign up for this service, you consent to us sending you e-mails when we receive new job vacancies that we need to fill on our client’s behalf. In the template that we later provide, you can edit your preferences or unsubscribe. If the e-mails that we send to your address “bounce” for more than three weeks, your e-mail address will be erased. To read the consent form, click here.

You can contact us by filling out a contact form on our website. To contact us, we also ask you to us give us your name, e-mail address, phone number and the name of the company you represent. We also ask that you notify us if you are contacting us related to looking for a new job and your reason for contacting us. You can also send us a message via the free text field. To read the consent form, click here.

There is an agreement on the processing of personal data that you conclude when you register your CV, search for a job on our website or when you sign up for our subscription service. If you applied for a job, registered your CV or signed up for our subscription service before the date on which the GDPR came into force (25 May 2018), according to the GDPR (Recital 171), it is not necessary to obtain a new consent. However, we would still like to remind you of your rights.

If there is not enough scope in the agreement to handle personal data, we will obtain your consent before we process your data unless it specifies that our interests are more important. You can revoke your consent at any time. We will then cease processing your personal data or obtain new data, provided we do not need it to complete our obligations according to the law.

We may also have statutory requirements on handling certain personal data and they do not require consent.

What information do you get from us?

When we collect your personal data for the first time we will inform you of how the information was obtained, what we aim to use it for, what rights you have in regard to the data protection laws and how you can exercise those rights.

You will also be informed about who is responsible for the personal data processing and how you contact us if you have questions or need to make a request or enquiry relating to your personal data and/or rights.

Is your personal data stored securely?

We are developing routines and work methods to ensure that your personal data is processed securely. Our basic principle is that only employees of Level Recruitment and other people who need access to your personal data to perform their duties will be granted access to them.

We have IT security policies to ensure that your personal data is processed securely. We have also signed a Personal Data Processing Agreement with IT support, server owners and others to minimise the risk of incorrect transfer of data. The information you provide to these people may not be passed on without our consent.

We do not transfer or process your personal data in other ways than is explicitly stated in this policy.

Your individual rights

The EU General Data Protection Regulation (GDPR) and other countries’ personal data laws extend specific rights to data subjects. A good explanation to them (in Swedish) can be found at the supervisory authority’s website: Sveriges Datainspektion[1].

This Personal Data Policy is intended to inform you about what personal data we are processing about you and how it is used. If you have any questions, please contact us at personuppgiftsansvarig@levelrecruitment.se.

If you want confirmation that we are processing your personal data, or to get access to any personal data that we may have on you, please contact us at Personuppgiftsansvarig@levelrecruitment.se.

You can also request information about the purposes of data processing; categories of personal data, which parties outside Level Recruitment have received your personal data from Level Recruitment, information on your personal data’s source (unless you provided it to us directly) and for how long your data is stored.

You have the right to correct the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have the right to lodge a complaint with the appropriate data protection authority if you have concerns about how we handle your personal data. If it is technically feasible, we will also transfer your data directly to another data controller upon your request.

We will give you reasonable access to your personal data at no cost to you upon request to personuppgiftsansvarig@levelrecruitment.se. Reasonable access to data can be requested as long as it does not constitute an inconvenience for the Personal Data Controller. If access cannot be provided within a reasonable time frame, we will give you a date for when the information will be provided. If access is denied, we will provide an explanation as to why access has been denied.

When do we give out your personal data?

If you are selected for a recruitment process, we will send the personal data that is relevant to the assignment to the specific company, authority or organisation that is our client. In turn, we have ensured that our clients handle your personal data in a secure and correct manner. If you are presented as a potential applicant for our client, our client can save your personal data and information relevant to recruitment, even after the recruitment assignment is completed. We have concluded a Personal Data Processing Agreement with our clients where we ensure that the client stores and processes your personal data in a manner that complies with the GDPR.

If you are among the applicants in a recruitment process, we will share personal data that is relevant to the assignment with any sub-contractors who may be involved in the recruitment process. Examples of suppliers include providers of tests, background checks, etc. If this should be the case, you will be informed. If additional consent is required from the data subject, we or one of our suppliers will obtain it from you.

As a general rule, do not share your personal data with third parties outside this assignment if you haven’t consented to it or if it is not necessary for us to meet our statutory obligations. If we give out personal data to a third party, we prepare a confidentiality agreement and ensure that the personal data is processed in a secure manner.

Personal Data Controller

The Personal Data Controller is normally the legal entity (company, foundation or association) or public authority who processes personal data in its business and who decides what data will be processed and for what purpose it will be used. At Level Recruitment, the CEO has overall responsibility for data control. It is also the CEO’s responsibility to inform new employees about the GDPR and Level Recruitment’s policy regarding personal data in conjunction with the induction of new employees.

The Data Controller shall ensure that personal data is processed lawfully in compliance with the GDPR. They are also responsible for information security and for ensuring that data subjects receive the information that they have the right to. Of course, it is also each employee’s responsibility to ensure compliance with the GDPR.

If the Data Controller is unsure about whether certain data can be processed in accordance with the GDPR, they should consult Level Recruitment’s Data Protection Officer.

Data Protection Officer

A Data Protection Officer can be regarded as information management’s answer to a work environment representative. The Data Protection Officer’s task is to ensure that personal data is handled in a lawful and correct manner and in accordance with accepted practice. If the Data Protection Officer notices that personal data is not processed in accordance with the GDPR, the officer shall bring it to the attention of the Controller(s). If no change is made within a reasonable time, the officer shall bring the shortcomings to the attention of Level Recruitment’s CEO. If, despite this, there is still no change, the officer can report it to the Swedish Data Inspection Authority.

Another of the officer’s task is to keep a register of personal data processing sessions that the Controller performs.

The Data Protection Officer files all Personal Data Processing Agreements that Level Recruitment is obligated to sign when external parties process the company’s personal data.

The Data Protection Officer has an advisory role. There are no site visits, inspections or controls in the form of regular inspections to check that the various entities are complying with the GDPR in their operations. Nevertheless, Level Recruitment can consult the Data Protection Officer if they are unsure about how to interpret the GDRP in different issues.

The Data Protection Officer can in turn request the Swedish Data Inspection Authority to assist with a recommendation of Data Controller.

Level Recruitment AB’s Data Protection Officer is Mats Johansson and his task is to ensure that Level Recruitment processes personal data complies with the GDPR and its regulations. This person will answer questions about data protection and can be reached at dataskyddsombud@levelrecruitment.se.

The right to an extract from the public records registry, to be forgotten, correcting inaccurate data, correction and similar measures.

If you wish for Level Recruitment to take action regarding your personal data, you can contact us by phone or by e-mail.

As a candidate, you can request to be deleted by logging in to “My profile” in the system, or you can contact Level Recruitment for help with this.

Please note that your profile will be deleted in accordance with this policy. In Sweden, we are governed by current laws and regulations, which means that if you have applied for a service, we must keep your application with associated information for at least 2 years before it can be deleted. Upon contact your contact with us has chosen to ensure that you are the person you claim to be by asking control questions in the form of address, postal code and telephone number or other personal information stated in our system.

The Right to Complain to a supervisory authority

Complaints can be lodged with the Swedish Data Inspection Authority here.

Storage of data

Level Recruitment strives to erase unnecessary personal data as quickly as possible. Sometimes data needs to be saved for a longer period for administrative reasons or due to statutory requirements. Your personal data is not saved longer than is necessary for fulfilling the objective of the processing as described in this personal data policy. Your personal data is erased, thinned out or anonymised when it is no longer relevant for the purposes for which it has been collected.

Your data is normally saved for three years. We consider it reasonable to store your data for three years to allow us to fulfil our objective with the service that we provide to you as job applicant. The Swedish Discrimination Act requires that the information from a recruitment process must be saved for 24 months. As our recruitment processes can sometimes take a long time from when the application arrives until the applicant signs an employment contact, we save your details for 36 months from the job application date, to ensure that we have saved the data as required by the Discrimination Act for up to 24 months from when a potential discrimination issue arises.

If you are applying for a position at public authority, for instance, via Level Recruitment’s website, your details are saved for five years, or as long as required by any applicable law.

If the details are based on business transactions, they will be stored during the financial year and seven years thereafter, in accordance with the Swedish Accounting Act.

If our client is a private company not subject to the Principle of Public Access to Public Documents, your Personal data is saved for a maximum of 2 years after the recruitment assignment is completed. If our client is a public authority or a municipal or county council enterprise that is subject to the Principle of Public Access to Public Documents, the client can save personal data up to 5 years according to the Swedish Archives Act or as long as required by applicable law.

Cookies and similar technology

We strive to improve the user’s experience of our website. For this purpose we collect various types of information about our users. We use cookies to understand our users and to analyse data about the users. This information includes pages you have visited, time of day when you visited them, which browser you used and where the user is located geographically.

According to the Electronic Communications Act, which came into force on 25 July 2003, all visitors to a website with cookies must be informed about what they are used for and how they can be avoided.

Level’s website uses cookies. A cookie contains no personal information. Level uses cookies to simplify your use of the service as much as possible and to make the service more customisable to individual needs.

A cookie is a small text file that the website you visit saves on your computer. The text file contains information that is used to simplify the visitor’s use of the website, among other things.

There are two types of cookies. One saves a file on your computer for a longer period. It is used for a number of functions including informing the user what’s new since their last visit.

The other type of cookies, or session cookies, are only stored temporarily, for the duration of your visit to the website. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a Web server linked to the domain that issued the cookie to you. Cookies are intended to simplify website use and save you time.

Depending on your use of the system, any of the pages may contain triple services, such as a map from Google Maps in a job advertisement, a movie from Vimeo etc., and the use of pages containing these services may result in the services placing additional cookies. Level has no control over this, and we therefore urge you to familiarize yourself with the privacy policies of these services as well.

If you use the “Search with LinkedIn” function or “Search with Jobreg” function in the system, a cookie will be placed in the browser from the respective third party.

Block and delete cookies

If you do not want cookies to be placed when you visit the website, you can set this in your browser. More information on this can be found in the documentation for your browser. Note that disabling the site’s ability to place cookies may affect the user experience and some features of the site may stop working.

You can also delete existing cookies in your browser. See your browser’s documentation for more information on how to do this.

Our cookies

Always Enabled

Changes to the Personal Data Policy

From time to time, we may update and develop our service offering in recruitment services, and may therefore update this personal data policy. We reserve the right to update this privacy policy at any time without informing you. We will inform you when the Personal Data Policy is published on our website. When required by law we will notify you when the Personal Data Policy is changed and that your consent is required anew.

Our registers

The register we keep is:

Our business system Recman, which stores and processes personal data including CVs and other documents linked to job applications and the information you provide to us when you contact us by phone or e-mail or visit us.

Subscriber register of subscribers to our job vacancies service on our website. The register is in WordPress.

On our servers we save information in the form of documents that we create about you as an applicant when you have entered a recruitment process. This includes reference summaries, test results or similar.

The telephony system is intended for communication with applicants, suppliers and other stakeholders. Our telephony system consists both of a client installed on our staff computers, enabling them to talk online and that all employees have a mobile phone. The client contains personal data including contact details and any voice messages. The mobile phones contain personal data in the form of contact details and voice messages, SMS and e-mail.

Employment contract register is in the payroll program and is continuously updated with respect to working and employment conditions.

Employee register including the staff computers, mobile subscriptions, salaries and other employment conditions is updated continuously.

Contact details

Level Recruitment AB is the Personal Data Controller for data that is processed within the framework of our services.

To exercise your rights as described above, or if you have questions about our processing, you are welcome to contact us at the addresses below:

Contact person for Data Controller:

Level Recruitment AB
Att: Patrik Smith, CEO
Skeppbron 26
SE-111 30 Stockholm
personuppgiftsansvarig@levelrecruitment.se

Level Executive
Att: Patrik Smith, CEO
Skeppsbron 26
SE-111 30 Stockholm
personuppgiftsansvarig@levelexecutive.se

Data Protection Officer:

Level Recruitment AB
Att: Mats Johansson
Skeppbron 26
SE-111 30 Stockholm
dataskyddsombud@levelrecruitment.se

Level Executive
Att: Mats Johansson
Skeppsbron 26
SE-111 30 Stockholm
dataskyddsombud@levelexecutive.se

Our consents:

Consent form for job applications and register a CV
Consent form when subscribing for job vacancies service.
Consent form when using contact form

[1] Hyperlink to the Swedish Data Inspection Authority’s website: https://www.datainspektionen.se/dataskyddsreformen/dataskyddsforordningen/de-registrerades-rattigheter/