Legal

Personal data is anything that relates to an identifiable living person. This includes your name, national identification number, address, email and phone number. It also includes a photo or video of you, as well as indirect information that may identify you, such as your IP-address, your location data and a user ID you use in a certain database. All this information can be available in different forms – in writing, as graphics, videos or numbers – and can be stored on paper, computers or any other media. Any information that can be used as part of identifying you, is considered your personal data. 

The GDPR regulates when and how personal data may be processed. Processing refers to a wide range of operations or actions performed on or with personal data. Examples of data processing include:

• Collection of data, for example gathering information about candidates in a recruitment process
• Storage of data, meaning storing data on servers or in a physical archive
• Use of data, for instance, a company using their customers’ email addresses to send out newsletter
• Dissemination of data, including posting a photo of an employee by the company’s marketing department on the company’s website
• Altering of data, for example managers updating employees’ home address in the address list
• Deletion of data, for instance deleting the candidate data from a recruitment system

Any organization that processes the personal data of people in the EU must comply with the GDPR.

Talentech offers HR solutions for the full talent journey, from recruitment to onboarding and talent management. Our customers are data controllers of the personal data processed in our solutions, and Talentech is data processor. This means that our customers decide why and how the personal data shall be processed, and we follow the instructions, for example regarding how long data should be stored, of our customers.

GDPR is all about empowering invidiuals in regard to their personal data, and in order to do so, the GDPR states the following fundamental rights:

• You have the right to information about your personal data being processed and for what purposes. You are entitled to ask for a registry of your data, including all the data being processed about you.
• You have the right to rectification, which guarantees that inaccurate personal data must be corrected.
• You have the right to erasure, also known as the right to be forgotten, meaning that you can demand that your personal data shall be removed. Using this right, the data must be deleted, unless it is necessary for continuing the processing for a legal basis.
• You also have the right to restriction of processing, which means you can demand that only the data necessary for certain legal basis may be processed.
• Additionally, you have the right to data portability. This means that you are entitled to receiving your data in a structured manner, for example in order to transfer it from one company to another.
• Finally, you have the right to object to processing of your personal data, for example by declining direct marketing.

Yes, we do! Our Data Protection Officer (DPO) is responsible for ensuring GDPR compliance within Talentech, and is the main point of contact for questions regarding privacy and GDPR. Talentech’s DPO is our Legal Director Malin Gustafsson, and you can contact her here.