Privacy Notice - Applicants

Here you can read about how we handle your personal data as a job applicant, valid from 1 July 2021 for both existing and new applicants.

We are committed to protecting and respecting your data and your privacy. When you apply for a job at kompasbank, we are the data controller (“dataansvarlig”) processing your personal data.

This Privacy Notice applies to you as a private individual applying for a job at kompasbank and describes a number of matters concerning our processing of your personal data when you apply for a job here.

 

1. What is personal data?

When we say ‘personal data’, we mean information which can be used to identify you as an individual (for example, a combination of your name and postal address).

 

2. How do we process your personal data?

At kompasbank, we process your personal data confidential and of course in compliance with the Danish Data Protection Act, the General Data Protection Regulation (‘GDPR’), the Danish Data Protection Agency’s guidelines and other relevant legislation.

We collect and process both general (non-sensitive) and sensitive personal information:

When applying for a job

  • Identification information (such as name, address, telephone number and your email address) are general personal information (“almindelige oplysninger”) that we process, just as we process your information from the job application including competence profile, position and current place of employment, education, professional qualifications and other CV information, as well as salary terms and conditions.
  • In addition, we can collect sensitive information such as health data in case of flex job or employment on special terms (i.e. disability).

If selected for interviews

  • Potential personality test and other tests, adverse media search and references from previous employers

If selected for a position, prior to your first day of employment

  • Full name, address, telephone number and email for identification (if not already provided earlier)
  • For the majority of positions in the bank a criminal record is required. If your criminal record is collected and it contains criminal offenses, this information will (in general headlines) be registered and thereby information about criminal offenses will be processed
  • Finally, when onboarding you, we will process your CPR number in order to report to SKAT

The personal information is primarily gathered from you. Furthermore we can gather information from adverse media (ie. Google and LinkedIn), recruiters and references from former employers.

 

3. Purpose of processing and the legal basis

We process your personal data for the following purposes:

  • Hiring and onboarding
  • Compliance with applicable law

We do not ask for information beyond what is necessary and relevant to fulfill the above purposes.

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

  • Legitimate interests (GDPR art. 6, no. 1, litra f)
    Information such as your professional and personal qualifications, education, references from former employers we collect and process, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy
  • Consent (GDPR art. 6, no. 1, litra a)
    In some cases our processing of your personal data requires consent, i.e. contacting your former employees to get references. The consent can at any point be withdrawn, but will inevitably raise an eyebrow

If selected for a position following legal basis are relevant

  • Keeping to our contracts and agreements with you (GDPR art. 6, no. 1, litra b)
    We need certain personal data to ie. pay salary.
  • Legal obligations (GDPR art. 6, no. 1, litra c)
    In some cases, we have a legal responsibility to collect and store your personal data, ie. in order to report your salary and more to SKAT and check your criminal record to comply with the AML legislation regarding screening of employees

 

4. How long will you keep my personal data for?

If you do not become an employee of kompasbank, we will keep your personal information for no longer than six months after the position applied for is filled, unless legislation or special circumstances necessitate a longer storage, e.g. meeting a legal claim.

If you become an employee you will receive our Privacy Notice relevant for you, together with your contract.

 

5. Protection of your personal data

We have established a number of technical and organizational measures to ensure that your personal data is not accidentally or illegally deleted, published, made known to unauthorized persons or misused.

 

6. The right to information and other rights

You have the right to get access to the information we have collected about you, and the right to get incomplete or inaccurate personal data about you corrected or deleted. You also have the right to request restrictions on how we may process your information, just as in certain cases you have the right to object to our processing of your personal data based on our legitimate interest. In the event of an objection, we will assess whether the processing can continue to take place, or whether your situation means that your objection can be met. Finally, you have the right to have your information transferred to you or another company (data portability). You can read more about your rights in the Danish Data Protection Agency’s guide on data subjects’ rights, which you can find at www.datatilsynet.dk.

We keep records that we have complied with (or possibly rejected) your request to use one of your rights for two years.

You make use of your rights by contacting our data protection officer. See the contact information below.

 

7. Transfer of information (including third country transfers)

We share your personal information to the following recipients:

  • Private companies (independently data controllers and thereby independently responsible for your personal information), such as recruitment companies
  • Lawyers and courts when this is necessary in law cases

We also use third parties (data processors) for storage and processing of data, i.e. processing and storage of your personal information in our IT systems provided by private companies. They process information solely on our behalf and are prohibited to use it for their own purposes.

We only use data processors and/or sub-processors in the EU or in countries that can provide your information with satisfactory protection.

If you become an employee you will receive our Privacy Notice relevant for you, together with your contract.

 

8. Right to withdraw your consent at any time

As mentioned above, you have the right to withdraw your consent at any time. You do so by contacting kontakt-os@kompasbank.dk.

Note that it will have been lawful for us to use the personal information up to the point you withdraw your consent.

 

9. Duty of confidentiality

All our employees have a duty of confidentiality. This means that information about you, including your personal data, will not be unjustifiably passed on to third parties.

 

10. Data controller

We, kompasbank a/s, CVR.no. 38803611, Frydenlundsvej 30, 2950 Vedbæk, are Data Controller with regards to the personal information we collect.

 

11. Data Protection Officer

We have appointed a Data Protection Officer (“DPO”), who is responsible of controlling that kompasbank complies with the relevant data protection regulation. You can always contact our DPO with inquiries or questions regarding our processing of personal information:

kompasbank a/s
Att. Data Protection
Frydenlundsvej 30
2950 Vedbæk
Phone +45 38 42 33 00
Email: databeskyttelse@kompasbank.dk

 

12. The Danish Data Protection Agency (Datatilsynet)

If you are unhappy with the way we process your personal information, you can always submit a complaint to the Danish Data Protection Agency. You can find the contact information at www.datatilsynet.dk.

 

13. Changes to the Privacy Notice

We may change our processing of personal data at any time to reflect changes in our use of your information as well as to comply with applicable legal obligations and decisions of relevant authorities. We encourage you to regularly review this Privacy Notice in order to keep updated on how we use your personal information.