We at Nordcloud are committed to protecting the privacy of job applicants and potential candidates. We ensure that the processing of your personal data takes place responsibly and in accordance with the applicable data protection legislation.
1. Identity of the controller and contact details
The data controller is the Nordcloud group company with whom you are interacting. The contact details of Nordcloud’s offices may be found at: https://nordcloud.com/contact/. In matters related to processing of your personal data, you can always contact our data protection officer at dpo(at)nordcloud.com.
2. Types of personal data we process
We typically process the following types of data relating to you:
- basic information, such as name, address, phone number, email address;
- competence information, such as education, employment history and specific fields of competence;
- other information you have provided to us on your resume or CV, during the interview or otherwise during the application process; and
- other possible information relevant to the recruitment process, such as aptitude test results, reviews of earlier work performance and background checks (e.g. security clearance) when permitted by local legislation.
We receive personal data and other information from you directly or from external sources during the recruitment process or when concluding an employment contract.
3. Purposes and grounds of processing
We process potential candidates’ and job applicants’ personal data for the following purposes on following legal grounds:
- Legitimate interest: We will process personal data included in your application and your resume or CV for measuring your suitability for the applied role. We may also source potential candidates from various channels, such as LinkedIn. We have a legitimate interest to reach potential candidates to tell them about interesting job opportunities at Nordcloud. We may also process job applicants’ personal data to defend possible legal claims on the basis of our legitimate interest. We have assessed that your interests or fundamental rights or freedoms do not override our legitimate interests described above.
- Consent: Based on your consent, we may collect data relating to you from third parties and other external sources, such as work performance reviews by your former colleagues or managers, aptitude tests and other evaluations to measure work-related cognitive capacity and your suitability for a role. We may also ask your consent to keep your data for future recruitment processes.
- Contract: In the final stages of the recruitment process, job applicants’ personal data is processed for the purposes of negotiating an employment contract.
We do not process personal data to make automated decisions which produce legal effects or would otherwise significantly affect you.
We take into account local legislation concerning job applicant’s background checks. Background checks, such as security clearance vettings, are limited to certain roles only and may be based on your consent or are based on our legitimate interest to provide services to certain organisations such as financial institutions which are permitted by legislation to process such information.
4. Data retention
Your personal data will be stored for the duration of the recruitment process and for two years thereafter. We may retain your personal data for longer if we have your consent to use your personal data in further recruitment processes. Consent will be asked every two years, and if you don’t renew your consent, your data will be deleted without undue delay. Maximum retention time based on your consent is ten years.
5. Disclosures and transfers of your personal data
We do not disclose your personal data to any third parties except in situations described below:
- Authorities: We may disclose your personal data to authorities when we have a legal obligation or other legitimate interest to do so under applicable legislation.
- Consent: Based on your consent, we may disclose your personal data within the limits of the specific consent you have given.
- Business transactions: We may disclose your personal data in connection with a business transaction (such as a transfer of undertaking) to the other party/parties of the transaction, if and to the extent necessary.
We may transfer your personal data to third parties who are providing services to Nordcloud. These third parties, such as IT service providers, process personal data on our behalf and under our instructions. When transferring your data to third party service providers we have ensured that those service providers are also committed to protect your privacy in accordance with applicable legislation.
In case we need to transfer your personal data outside the EU/EEA, we will only transfer your data by using the transfer mechanisms permitted under applicable legislation, such as the EU Commission’s Standard Contractual Clauses.
6. Data security measures
We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel participating in the processing of personal data.
7. Your rights as a data subject
- Right of access, rectification and erasure: You have the right to request access to your personal data we process. At your request, we will also rectify any inaccurate or incomplete personal data relating to you. You also have the right to request your data to be erased (right to be forgotten) in accordance with applicable legislation.
- Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on a contract or your consent.
- Right to object and right of restriction: You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
- Right to withdraw consent: You may withdraw your consent at any time. Please note that withdrawing your consent does not affect the legality of the processing we have carried out prior to the withdrawal.
To use your rights described above, please send your request to dpo(at)nordcloud.com. Please note that we ask you to verify your identity when using your rights.