RP People GDPR Policy
2. Our Organisation
2.1 RP People is a recruitment and headhunting consultancy with offices in Denmark, Sweden, Finland and Brussels. Each office is an independent legal entity belonging to the same group, and the following policy concerns any work carried out within the RP People brand.
2.2 We are a specialized recruiting and interim solutions consultancy brand which advises companies and organisations regarding in recruitment and recruitment related matters.
3. Processing of Personal Information
3.1 During the course of our work, we collect personal information for the purpose of recruitment and talent acquisition on behalf of clients.
3.2 We process the personal information you send us, along with information we receive from you or third parties as specified below.
4. Purpose of Processing
4.1 The purpose of our processing of personal information is to gather a database of potential candidates.
4.2 As a consequence of the purpose specified above, we strictly process information:
from the registered persons submitted via our recruitment system, where interested candidates can upload their resumé and other related documents,
Interviews with the candidates and reference persons
Results from tests the candidates take in connection to a recruitment process
Public information as link to the persons own LinkedIn profile, articles the person has published etc .
4.3 All employees of RP people have been instructed to solely collect and process personal information which is correct and necessary to fulfil the described purpose.
5. Legal Grounds of Processing
5.1 We process personal information in accordance with our legitimate interest in carrying on business in recruitment, and on the basis of article 9(2)(a), consent of the registered person.
6. Transfer of Personal Information
6.1 We forward personal information to our clients. Our clients are responsible for their own use of data and, for confidentiality reasons, we do not disclose information about our clients.
6.2 We transfer personal information to our entrusted data processors, who perform services for us, including cloud services or other IT infrastructure service providers. Our data processors are subject to the same security requirements as RP people and they have no independent right to use the data. All our data processors are established in the EU/EEA. We use third party data processors for candidate testing and for the candidate database system Ponty.
6.3 We do not transfer, share or forward personal information in any other way than specified above.
7.1 We keep personal information for as long as it is necessary to fulfil the purpose of the processing. After a specific recruitment process is over, we may still want to retain a cv and relevant information in our database for interested candidates. On these grounds, we do not automatically delete all information at a specific date or time.
8. Your Rights
8.1 At any time, you are entitled to ask us what information we process about you. In this case, we will be able to confirm or invalidate whether your information is processed or not, but we do not provide a copy of such information, as our analyses and stakeholder mapping are core values in our business and are therefore considered business secrets. If you become familiar with a specific matter, you may of course ask us to rectify wrongful data, including deleting, objecting to or limiting our continued processing.
8.2 Please note that you cannot exercise your rights contrary to our continued processing, if the processing is necessary for our fulfilment of any provision of the law. The same applies if our processing is litigation.
8.3 If you wish to contact us with regard to the processing of your personal information, please send an email to [email protected]
8.4 In case you do not feel that we have responded adequately to your inquiry, you are welcome to write again. If your inquiry is an objection to our continued processing of your personal information, we kindly ask you to further explain the reason for your objection. We process any objection with confidentiality and do not store such data with other personal information.
8.5 If you wish to make a complaint, you may contact the Swedish Data Protection Agency.
9. Security Measures
9.1 We have implemented a number of technical and organizational measures to ensure the proper protection of our data against unauthorized access. We have also implemented a fine mesh of control for our employees’ access to different types of data.
9.2 Our security measures are subject to continuous updates and include the following:
Centralized user database for all computers, mail accounts and wireless network
Password protection, including use of complex passwords and periodic change of passwords
Encryption of computers, file sharing services and cloud traffic
Firewall, anti-virus, anti-malware and filtration of data traffic
Automatic security updates
Separate guest network
9.3 All data is stored on servers within the EU/EEA.