Zimpler’s Privacy Notice for Job Applicants and Candidates
We greatly appreciate your interest in working at Zimpler!
Zimpler AB, org.no 556887-9984, with registered address at Wallingatan 2, 111 60 Stockholm
(”Zimpler”, “we”, “us” or “our”) cares about your privacy and we always strive to achieve a high
level of protection for your personal data. In this privacy notice we will among other things
explain how we in connection with a recruitment process collect and process your personal
For the processing of personal data that we undertake as a part of our recruitment process
Zimpler acts as the data controller.
If you have any questions in regards to this privacy notice, please feel free to contact us at
1. OUR PROCESSING OF YOUR PERSONAL DATA
The personal data we process and why
When you apply for a job at Zimpler, we will need to process the following personal data about you, which we collect from you directly:
- Social security number
- Email address
- Phone number
- Work history
- Other information you provide to us in your application
If you are a non-EU resident, we will also process:
- Copy of your ID card
- Residence permits
In addition, on a voluntary basis, we ask you to provide us with your demographic information. This information will be processed separate from your personal data and the application process, and whether you choose to answer will not affect your job application. Maintaining a diverse organization is our priority and the information from this survey helps us improve the first step of that process as it helps us understand who is seeing and responding to our ads, whereby we can improve our job ads, their placements, and reach.
How we use your personal data
We collect and process the personal data in order for us to review your application and to evaluate you as a potential candidate for a position with us, both in regard to the position you have applied for or for any other position at Zimpler that we think you might be interested in. We will also process your personal data when we make decisions in our recruitment processes, when we contact you as well as when we are fulfilling our legal obligations and defending Zimpler in case of any legal claims in regard to a recruitment process.
If you continue on to the second step in our recruitment process, we may also want to conduct background checks to ensure that the information you have provided us is correct and that you are suitable for the position. You will receive information about this processing at a later stage of the recruitment process.
Legal basis for the processing
The legal basis for the processing of your personal data is either based on the performance of a contract (i.e. we process your personal data as first step to possibly enter into an employment agreement with you) or based on the balancing of interests (i.e. we have a legitimate interest to process your personal data in connection with our recruitment process, which is done in a way that does not interfere with your privacy).
If we need to perform any processing of personal data that would require your consent, we will obtain such consent from you in connection with the specific processing activity.
How long we keep your personal data
If you provide us with contact details to someone providing you with a reference, please inform that person beforehand that Zimpler may contact them as a part of our recruitment process and that the personal data of that individual will be deleted once the recruitment process is finished
Disclosure of personal data to third partiesand storage
Your personal data may be shared within Zimpler’s organization for recruitment purposes and to external parties outside of Zimpler who we collaborate with in regard to the recruitment process (e.g. parties providing services to Zimpler as processors). Such third parties are only allowed to process your data in accordance with our instructions and by way of agreements we ensure a high level of security for your personal data. We may also be obliged to share your data with public authorities at their request in accordance with applicable legislation or a decision by a competent authority.
In this regard, your personal data is transferred, processed and stored both within and outside the EU/EEA. When the personal data is transferred outside the EU/EEA, we ensure that appropriate security measures have been taken, such as including the EU Commission’s standard contractual clauses for data transfers in our agreements with third parties as well as implementing any necessary supplementary measures.
Some of our recruitment processes may occasionally use limited elements of solely automated decision-making in order to confirm that we only proceed with candidates who meet the minimum requirements for a job, as set out in a job description. E.g. if the job description clearly requires a candidate to have had managerial experience and you are asked about this in the application form, your application may be rejected automatically if your answer in the application form is “No”. Automated decision-making is only used as an exception when we expect a high volume of applications which we cannot handle manually. You may always request a manual review of the decision by contacting us.
2. YOUR RIGHTS
In accordance with applicable data protection legislation, you have the following rights in connection with our processing of your personal data.
Right to information and access
You have the right to know if we process personal data about you. If we do, you also have the right to receive information about the personal data we process and why we do it. You also have the right to receive a copy of all personal data we have about you.
If you are interested in specific information, please indicate so in your request. For example, you can specify if you are interested in a certain type of information (e.g. what contact and identification information we have about you) or if you want information from a certain time period.
Right to have erroneous data corrected
If the data we have on you is incorrect, you have the right to have it corrected. You also have the right to supplement incomplete information with additional information that may be needed for the information to be correct.
Once we have corrected your data, or it has been supplemented, we will inform those we have shared your data with about the update, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
If you request to have data corrected, you also have the right to request that we limit our processing during the time we investigate the matter.
Right to have data deleted
In some cases, you have the right to have your data deleted. You have the right to have your data deleted if:
- the date is no longer needed for the purposes for which we collected it,
- you withdraw your consent, if applicable
- you oppose our use that is based on our legitimate interest and we cannot show compelling grounds that outweigh your interests,
- the personal data has been used illegally, or
- deletion is required to fulfill a legal obligation.
If we delete data following your request, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome.
Right to data portability
Under certain circumstances, you may request to have your data transferred to another actor in a commonly used machine-readable format. This is also known as data portability. You can request data portability if we have collected the data from you, and our processing is based on your consent or if it is processed to enter into or fulfill an agreement with you.
Right to object
You have the right to object to processing that is based on our legitimate interest. If you object to the use, we will, based on your particular situation, evaluate if our interests in using the data override your interests, rights and freedoms. If we are unable to provide compelling legitimate grounds that outweigh yours, we will stop using the data you object to – provided we do not have to use the data to establish, exercise or defend legal claims. If you object to the use, you also have the right to request that we restrict our use during the time we investigate the matter.
Right to withdraw consent
You have the right to withdraw your consent for a specific processing at any time. You can withdraw your consent by contacting us at firstname.lastname@example.org. Your withdrawal will not affect processing that has already been carried out.
Right to request restriction
Restriction means that the data is marked so that it may only be used for certain limited purposes. The right to restriction applies:
- When you believe the data are incorrect and you have requested correction. If so, you can also request that we limit our use while we investigate if the data are incorrect or not.
- If the use is illegal but you do not want the data to be deleted.
- When we no longer need the data for the purposes for which we collected it, but you need it to be able to establish, assert or defend legal claims.
- If you object to the use. If so, you can request that we limit our use while we investigate if our interest in processing your data outweighs your interests.
Even if you have requested that we restrict our use of your personal data, we have the right to use it for storage, if we have obtained your consent to use it, to assert or defend legal claims or to protect someone’s rights. We may also use the information for reasons relating to an important public interest.
We will let you know when the restriction expires.
If we limit our use of your data, we will also inform those we have shared your data with, provided that it is not impossible or too cumbersome. If you ask us, we will also tell you who we have shared your data with.
How to exercise your rights
If you want to exercise any of your rights, please contact us at email@example.com and we will help you with your request.
If you have any complaints regarding how we process your personal data even after you have notified us of this, you are always entitled to submit your complaint to the relevant supervisory authority in your country. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).
3. CONTACT INFORMATION
Zimpler has appointed a Data Protection Officer (DPO) who is responsible for monitoring our compliance with applicable data protection legislation. If you have any questions to us, or feel you need any part of this notice explained, please contact us by sending an e-mail to our support team at firstname.lastname@example.org. If you want to reach our DPO specifically, please state this in your request or email.
Generally, Zimpler AB is the data controller when personal data are processed in connection with its processing of personal data for recruitment purposes. However, where one of subsidiaries in the EU/EEA has a legal obligation to perform a certain processing activity, Zimpler AB and the subsidiary will be joint controllers for that specific processing activity, e.g., if the candidate is recruited by the subsidiary. Regardless of how the roles are allocated between us, you may always contact Zimpler AB in case of questions, if you want to exercise any of your rights or if you want to submit a complaint.
4. VERSIONS IN OTHER LANGUAGES THAN ENGLISH
We reserve the right to make changes to this privacy notice from time to time. We will inform you of any changes by posting the updated notice on our website.