Privacy Notice for Prospective Employees
This privacy notice describes what personal data is processed by Nortal AS and its affiliates (hereinafter Nortal) in regard to job applicants, potential candidates for employment and our optional recruiting programs and events, and selection procedures in view of potential recruitment at Nortal. It describes the information we collect, what we do with it (the “purpose”) and our lawful reason for processing it (our “legal basis”), with whom we share it, how long we store it and what rights and obligations you as an applicant have.
Leading Data Protection Officer: email@example.com
In case you apply for a job located in Germany
Personal data in the context of the application process
Personal data is information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number, personal identification code and date of birth, but also data about your specific career, etc., which can be assigned to a specific person with reasonable effort. Information that is not (in)directly associated with your real identity, on the other hand, is not personal data.
Personal data that we collect directly from you
This Privacy Notice covers any candidate data that is collected by Nortal for the recruiting process. This may include but is not limited to the following information:
- Your name (first and last name), contact details and candidate status.
- Information included in your CV or cover letter, such as employment history, academic background, skills and competencies, personal interests, languages spoken, and questionnaire results.
- Job preferences and type of employment sought and willingness to relocate.
- Names and contact details of referees. Please note that it is your responsibility to obtain consent from your referees prior to providing us personal information about them.
- Current and historic salary details together with salary expectations.
Nortal Group may, subject to your consent, collect data from third parties, in order to conduct employment background check, to the extent this is permitted by the applicable law
- Also notes about the candidate may be created by persons working for Nortal Group to process, manage candidates and to handle communication through and in-between recruiting activities.
During the recruitment process we might ask you to participate in assessment days, complete tests, or occupational personality profile questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes.
The data collected from you is voluntary and is not based on a statutory or contractual obligation to provide the personal data.
Personal data we collect from other sources
We may publish job openings on occupational platforms, and we may also find you based on your availability and profile settings in the same. In the event you apply for an opening at Nortal through an application function on an occupational platform or similar online service provider (“Partner”), it is important to note that the relevant Partner may retain your personal data and may also collect data from Nortal in respect of the progress of your application. This includes our recipients of personal data (see below) that may, depending on their features, enrich data by way of analytics and collecting data about a candidate based on publicly available information about you.
We may also receive your personal data from a third party who recommends you, or informs us of your eligibility, as a candidate for a specific opening or for our business more generally.
Candidate assessment days, tests or occupational personality profile questionnaires, attending an interview – or a combination of these will result in personal data generated by you, us and potentially a third in the event that there is third party involvement. Any use by a Partner of your data will be in accordance with the Partner’s Privacy Notice and subject to the terms and conditions between you and Partner on one hand, and Nortal Group and Partner on the other.
We do not use any automated decision making in recruitment. There is a human intermediary in each processing activity even in the event that we use third party recruitment tools with certain automated features.
The purposes and legal basis for the processing
Your personal data is processed for the purposes of managing Nortal’s recruitment related activities. Consequently, Nortal may use personal data in relation to the evaluation and selection of applicants as needed in the recruitment process, including procuring manpower. In particular, your data is processed for the following purposes:
- Identifying potential candidates for open or future positions;
- determining your qualifications for employment and reaching a recruitment decision;
- evaluating your suitability for other employment vacancies;
- verifying the data you submit through referees;
- conducting background checks (subject to the applicable national legislation);
- informing you, via e-mail, SMS or otherwise about the progress of your application for employment with Nortal;
- protecting our rights and fulfilling our legal obligations; and
- informing you, via e-mail, SMS or otherwise about other local or global vacancies at Nortal that we consider you suitable to make an application of employment for;
- Enhance information that Nortal Group receives from you with information obtained from third party data providers.
Should your application for employment be successful, your personal data submitted for hiring purposes may be processed for the necessary employment purposes and included in your employment file.
If Nortal does not employ you, Nortal may (subject to your freely given consent) nevertheless continue to retain and use your personal data collected during the recruitment process in order to consider you for new positions.
Legal basis: Lawful, fair and transparent data processing is at the core of Nortal Group recruitment process. Nortal processes the personal data generated throughout the recruitment and communication process on the following basis:
|Purpose of use||Legal Basis||Categories of Data|
|Identifying potential candidates for open or future positions;||Legitimate interest||All|
|Determining your qualifications for employment and reaching a recruitment decision||Actions necessary prior to entering into employment or service contract||All|
|Evaluating your suitability for other employment vacancies||Consent||All|
|Verifying the data you submit through referees||Consent||Qualifications|
|Conducting background checks||Consent (further subject to national laws)||All|
|Informing you, via e-mail, SMS or otherwise about the progress of your application for employment with Nortal||Actions necessary prior to entering into employment or service contract||Name, phone number, email|
|Protecting our rights and fulfilling our legal obligations; and||Legitimate interest||Name, notes of your application process|
|Informing you, via e-mail, SMS or otherwise about other local or global vacancies at Nortal that we consider you suitable to make an application of employment for.||Consent||Name, phone number, email|
|Enhance information that Nortal Group receives from you with information obtained from third party data providers.||Legitimate interest (further subject to national laws)||All|
Recipients of your personal data
Only selected employees of Nortal Group, such as management team members, potential future line managers or HR staff, and selected third parties who support us with the recruitment process, have access to your personal data. Except as set out in this policy or as required by law, your personal data will not be supplied to any third party without your explicit authorization.
Globally, with the exception of jobs located in Germany, we use a third-party service provider to provide a recruiting software system (iCIMS, Inc. (for more information about iCIMS, please see https://www.icims.com/. When needed for technical support and maintenance, employees of iCIMS might have limited access to your data. Also notes about the candidate may be created by persons working for Nortal Group in order to process, manage candidates and to handle communication through and in-between recruiting activities.
When you apply for a job in Germany we use the recruiting tool Personio to receive and manage the application and thus for the purpose of (possible) establishing an employment relationship. The provider of this application is:
Registration in the Commercial Register
Register number: HRB 213189
Register court: Munich District Court
Data Protection Officer: firstname.lastname@example.org
The data transmitted in the course of your application is transmitted via TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel management and applicant management software (https://www.personio.de/impressum/). In this context, Personio is our processor under Article 28 GDPR.
Transfers of your personal data to third countries
Following the submission of your application, the information you have sent to us can be made available to Nortal’s HR teams worldwide (including certain third countries) for the purposes described below except from applicant for jobs in Germany. A list of the members of the Nortal group in third countries that can have access to and may process your personal data in accordance with this Privacy Notice for Prospective Employees is here.
In addition, when applying for a job with Nortal, except jobs located in Germany, you need to be aware that your personal data may be sent to iCIMS, Inc in the United States of America (for more information about iCIMS, please see https://www.icims.com). This transfer is reliant on applicable EU transfer mechanisms approved under the GDPR and updated by the EU from time to time. As per our agreement with iCIMS for service provided to Nortal Group the data is hosted in iCIMS EU data centers.
The storage period
Your personal data shall not be kept for longer than is necessary for the recruitment process.
Therefore, unsuccessful application data without consent to contact you for other positions, will be deleted after 3 years, taking into consideration our need to answer queries or resolve problems and comply with legal requirements under the applicable laws.
In addition to using your data for the position for which you have applied, Nortal may retain and use your application data to consider you for other positions, but only with your explicit consent for a maximum period of 3 years. If after this period, we feel it necessary to retain your records, we will write to you.
In case you applied for a job located in Germany your data will only be stored for a period of 180 days beyond the termination of the application process. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data. In this case, the data are only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. women’s or men’s share of applications, number of applications per period, etc.). In addition, we reserve the right to store your data for inclusion in our “Talent Pool” for 180 days longer if you agree in order to identify any other interesting positions for you.
If you receive and accept an offer for employment with us as part of the application process, we will store the personal data collected during the application process for at least the duration of the employment relationship.
Your rights as a data subject
You have the following rights under the GDPR, subject to the applicable statutory limitations:
- request access to information that Nortal holds about you;
- request a correction of information that Nortal has about you;
- request the erasure of information that Nortal has about you;
- restrict the use of your personal data;
- receive your personal data;
- object to the processing of your personal data;
- withdraw your consent for the use of your personal data;
- file a complaint about our processing with a supervisory authority.
GDPR also gives you the right to lodge a complaint with a supervisory authority in the EU/EEA state where you work, normally live or where any alleged infringement of data protection laws may have occurred.