Please, read this policy carefully. By accessing or using any website that belongs to Sii, sending us any personal data in order to answer job offers, recommend a candidate, ask for an offer etc. or reading this policy, the User accepts its terms and confirms that he/she is familiar with its content.
II. TERMS USED IN THE POLICY
Personal data − as defined by GDPR, any information relating to an identified or identifiable natural person. Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an email address or a telephone number of the person and other data which, when combined with the above, may identify the User.
GDPR − General Data Protection Regulation 2016/679 of 27 April 2016 is a regulation in EU law that aims at protecting individuals with regards to processing personal data, free flow of such data and the repeal of Directive 95/46/EC (general data protection regulation). Sii processes Users’ personal data according to this regulation.
Specialist − a candidate offered by Sii to its clients.
User – a job candidate, newsletter subscriber, participant of a competition or training, person making an inquiry, recommending someone for a job or visiting any website that belongs to Sii including candidate portal.
Services − understood as services performed by Sii electronically by the website e.g. subscribing to a newsletter, sending inquiries via a contact form, sending documents necessary in the recruitment process, entering a competition, signing up for training, setting up an account on candidate portal.
III. PROVIDING PERSONAL DATA
By providing personal data on www.siisweden.se, the User confirms that he/she has all necessary permissions to disclose personal data that will be later used by Sii in a manner described in this Policy.
IV. PERSONAL DATA CONTROLLER
Sii Sweden AB with its registered office at Stockholm, 47089, 100 74 Stockholm, Sweden, entered in the register of businesses of Bolagsverket under the register number 559188 – 7954, tel. (46 793 379 387) is the Controller of User’s personal data provided while using Sii’s website; in particular, while partaking in the recruitment process, sending marketing information, accepting participation in conferences or events or using other services available on the website.
V. DATA PROTECTION OFFICER
Any questions regarding regulations concerning personal data processing described in this Policy should be sent to the Data Protection Officer appointed by Sii at email@example.com.
VI. PURPOSE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
Sii processes personal data in order to:
1. Send sales and marketing information (including a newsletter) to Users at the e-mail address they have provided if they consented to it. More detailed information regarding processing personal data in terms of marketing activities is provided in the chapter X of this Policy.
2. Respond to Users’ inquiries sent by a contact form on an e-mail address or phone number they have provided.
In case of contacting Users in order to respond to an inquiry, the legal basis for processing personal data is Sii’s interest as a Controller of personal data provided on the contact form (Art. 6(1)(a) of the GDPR). It is justified by the need to provide a complex answer to the inquiring party. Without processing personal data (contact data in particular), Sii would not be able to do it and, as a result, help in addressing the issue defined in the inquiry.
What’s important in terms of consent for sending marketing information, if Users inquire about a particular offer (e.g. implementing CRM) by sending a contact form, they consent to receiving this offer by clear affirmative action. Thus, point 1 regarding unwanted marketing information is invalid
3. Handle a job application submitted by the User and conduct the recruitment process after the User sends a consent to process personal data provided in a CV or a respective form.
In case handling a job application, the legal basis for processing personal data is User’s consent to process personal data (Art. 6(1)(a) of the GDPR). More detailed information regarding processing personal data in terms of recruitment activities is provided in the chapter IX of this Policy.
4. Organize and conduct competitions.
In case of partaking in competition, the legal basis for processing personal data is User’s consent to process personal data (Art. 6(1)(a) of the GDPR). Regulations regarding providing consent are as described in point 1, paragraph 1-2 of this chapter. More detailed information regarding competitions is provided in the chapter XIII of this Policy.
5. Organize and conduct open and dedicated training.
In case of trainings, the legal basis for processing personal data is the agreement for the provision of training services concluded with Sii by sending an order form (Art. 6(1)(b) of the GDPR).
VII. DISCLOSING PERSONAL DATA
Sii is entitled to disclose personal data to parties authorized by law.
Sii can disclose Users’ personal data to parties supporting Sii in fulfiling particular orders in cooperation. Such parties may include:
Disclosing personal data occurs by entrusting personal data processing. In order to do so, Sii concludes entrusting personal data processing agreements with the abovementioned parties that meet requirements of Art. 28 (3) of GDPR.
Sii may also disclose Users’ personal data to its clients during recruitment conducted for them in order to process employment and delegate Workers to provide services within outsourcing of Specialist and whole teams. Sii have concluded relevant agreements or contracts that define rules for entrusting personal data.
Each User, according to rules defined in the chapter VII of this policy, is entitled to receive information regarding a client that received their personal data.
Taking into account that Sii cooperates with Sii Sp. z o.o. (registered at al. Niepodległości 69, 02-626 Warsaw; later referred to as Sii Poland) that uses solutions and resources (business processes, IT systems) that belong to Sii, Sii Poland has access to Users’ personal data. Such data may be processed:
Asserting rights by the User is possible according to regulations of processing personal data by Sii defined in the chapter VIII of this Policy.
VIII. USER’s RIGHTS
In accordance to Chapter III, Art. 15-21 of the GDPR, the User has following rights in connection to processing his/her personal data by Sii:
All of these rights are executed at the request sent by the User at firstname.lastname@example.org. Sii verifies each request and provides a response within 1 month of sending. Such response includes information on activities that have been undertaken as well as the estimated time for handling the request itself if it requires further action.
Taking into account point 8, the User may at any given moment withdraw the consent to process personal data for purposes that require his/her consent. It may be done if the withdrawal does not affect the legal use of personal data in activities conducted on the basis of the consent granted before the withdrawal.
As a part of the right to access personal data, the User is entitled to obtain copies of information on:
Sii informs that every following copy of personal data is connected with a fee resulting from costs incurred while creating another copy. The cost is provided to the User after estimating the scope of information defined in the request.
Sii reserves the right to respond later than indicated above (up to two months) in case of a large number of requests or complex nature of the inquiry. Complex nature is understood as a need to prepare a summary of personal data from multiple systems, a need to consult with more than one person from one or more departments in order to obtain requested information. Sii is obliged to inform the User about such situation and provide a relevant explanation.
Sii is entitled to refuse recognition any of the rights defined in Art. 15 – 22 of GDPR if the User makes request repeatedly, excessively and without proper justification. Each time Sii will justify the refusal to recognize any right mentioned in the request. Repeated and excessive manner includes sending several request of similar nature to the first one even if the issue was handled the first time and all necessary information was provided e.g. the User sends a request to access information, Sii provides it but the request is repeated without proper justification.
IX. PROCESSING OF PERSONAL DATA FOR RECRUITMENT PURPOSES AND WITHIN THE CANDIDATE RECOMMENDATION SYSTEM
Sii recruits for its own needs as well as for its
clients due to e.g. services connected with providing Specialists. Therefore,
be mindful that your personal data may also be processed by Sii’s clients. Such
information is provided in job advertisements which specify that the
recruitment process is conducted on the behalf of the client. In addition, note
that the consent provided to partake in a given recruitment process on a chosen
job position also covers partaking in recruitment processes in the future. This
means that personal data will be stored in Sii’s database in order to send
information on positions tailored to a profile and professional experience of
According to the chapter VIII of this Policy, the User may withdraw consent to further processing of personal data. It may be done if the withdrawal does not affect the legal use of personal data in activities conducted on the basis of the consent granted before the withdrawal.
Personal data may be also processed if the User has been recommended by another person. In such case, the recommending person enters own personal data, data of the recommended person with his/her CV. Sii verifies the received CV taking into consideration the consent, that meets the requirements of the GDPR, of the recommended person to process his/her personal data. If such consent has been granted, Sii has permission to use the data for recruitment process’ purposes.
X. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
By submitting an inquiry or signing up for a training, conferences or other event organized by Sii, the User may consent to processing of personal data in order to receive marketing information on products and services offered by Sii, including newsletters. The rules for obtaining such consent have been described in the chapter VI points 1-2 of this Policy. The consent may be withdrawn anytime taking into consideration rules defined in the chapter VIII of this Policy.
User’s consent for processing personal data (Art 6 (1) (a) of GDPR) is the legal basis for sending newsletters. It can be granted while providing one’s e-mail address in the newsletter subscription form or gated content as well as by checking a box while completing a contact or recruitment form. Providing the e-mail address in the newsletter subscription form is a clear affirmative action of consenting to processing personal data as defined in the Art 4 (11) of GDPR regarding the definition of consent as well as connected 32nd motif of GDPR explaining the clear affirmative action.
According to the above mentioned motif, a clear affirmative action includes informing Sii that User’s e-mail address provided in the form may be used for sending newsletter that includes Sii’s promotional information. It is one of acceptable forms of consenting to using provided e-mail address for the defined purpose (such forms also include checking a box located near the content of the consent).
Consent to sending unsolicited marketing information, according to Art. 10 of rules for electronically supplied services and Art. 172 (1) of Telecommunication Act, is provided by the user independently and separately by checking a dedicated box located near the content of the consent.
In order to obtain some materials uploaded to Sii’s website, it may be necessary to complete a form that requires providing personal data. Such data will be processed according to the consent (Art 6 (1) (a) of GDRP) expressed by a clear affirmative action. If the User wishes to receive other marketing information, he/she may state so by checking a relevant box. If the User will not state so, it means that he/she is not interested in receiving other information thus Sii will not send it.
XI. PROCESSING PERSONAL DATA AND PROFILING
In Sii, profiling is understood as a form of automated processing of personal data that includes using some of User’s personal data. Obtained data may include information from social media profiles, location or data provided by Users via Sii’s website. It allows Sii to:
One of the tools used for profiling is Social Discovery which is a part of Click Dimensions application. It binds data provided to Sii by the User during recruitment process or subscribing to a newsletter with data available on social media (e.g. LinkedIN, Goldenline) also provided by that User. Data binding allows Sii to create User’s profile which can be used in:
Owing to that, we do not sent irrelevant and unwanted information as well as reduce the risk of creating spam.
An example of such activities may be binding data provided during recruitment process (e.g. CV, covering letter) and contact data (e.g. e-mail, phone number) with information provided on websites such as LinkedIn or Goldenline (e.g. identification and contact data, professional experience description, education, skills or interests). In this case, binding data means connecting information from own IT systems (such as job candidate data kept in CRM) with information provided online.
Using this tool influences the scope of information sent to the User e.g. content of newsletter that may include information on trainings, events, current promotions or discounts. In case of recruitment, the obtained data allows making a decision whether the User should be still processes as a job candidate, have technical tests or be presented to a client.
All of the abovementioned aspects of using the tool and its effects are the justified interest of Sii as a Data Controller (Art 6 (1) (f) of GDPR). The reason being that personal data obtained by the tool allows Sii to make decisions that enable decreasing the operational cost of recruitment processes, marketing activities that aim at building Sii’s reputation as a reliable company which focuses on the quality of provided services and worker satisfaction as well as respecting User’s needs and requirements in terms of sent information.
Sii ensures that information or data gained by the tool are used only for purpose described above and are not shared with other parties that specialize in creating such profiles. The User may object to profiling at any given moment according to chapter VIII, points 6-7 of this Policy. As a result, the User will not receive any marketing or sales information as well as updates with job offers tailored to his/her profile or competences. In addition, it also means that Sii will stop using the tool to profile this User’s personal data but is still able to process it in case of having a different legal basis e.g. consent.
Sii has implemented appropriate (organizational and technical) security measures to protect personal data from loss, misuse, unauthorized processing or modification. Sii is obliged to protect any information disclosed by Users in accordance to security and confidentiality standards.
Sii has implemented the Information Security Management System that is certified as compliant with international ISO 27001 security norms which ensure that Sii operates according to GDPR regulations in terms of implemented security measures for processing personal data (Art 32 of GDPR). Sii has proper procedures for managing accesses to IT systems that disable unauthorized workers from processing data. Sii’s workers are subjected to regular trainings regarding secure processing of personal data and current threats. In order to guarantee the security of personal data provided by the users, Sii uses dedicated SSL certificates that use data encryption keys based on most reliable encryption algorithms such as RSA or SHA (min. 1024 bites) to transfer data provided on Sii’s websites to IT systems.
website, the User agrees to the storage of cookies on his/her device as
Settings regarding cookies used on the www.siisweden.se and other websites may be modified via our website or via a third-party website. Cookies are used to:
Types of cookies used by Sii:
XIV. MODIFICATIONS TO THE POLICY