June 1, 2023
This Data Processing Agreement ("DPA") between Talenthub.io ("Processor") and you ("Controller") sets forth the terms governing the processing of Personal Data under the Talenthub.io Standard Terms and Conditions (the "T&C's"). This DPA is in addition to the T&C's and is effective upon its incorporation into the T&C's, which may be specified in an Order Form or an executed amendment to the T&C's. Once incorporated into the T&C's, the DPA will become part of the T&C's.
In all cases, the Processor or a third party acting on behalf of the Processor acts as the processor of Personal Data, and the Controller remains the controller of Personal Data. The term of this DPA shall follow the term of the T&C's, and any terms not defined herein shall have the meaning set forth in the T&C's.
Hereinafter, the Processor and the Controller are individually referred to as a "party" and collectively referred to as "the parties."
The parties have agreed to this Data Processing Agreement (the "DPA") to comply with the requirements of the General Data Protection Regulation (GDPR) and to ensure the protection of the rights of data subjects.
A.1. Main benefit
The data controller and the data processor have entered into an agreement for the delivery of:
A survey tool to measure and analyse candidate feedback in order to optimize the overall candidate experience. The solution analyses feedback from candidates throughout the recruitment process. Completion is optional for the candidate and may contain personal information, depending on the candidate's completion of the evaluation. The candidate answers questions related to the recruitment process using, for example, a 5 or 10-scale answer as well as the possibility of stating comments in a free text field. The feedback can be accessed by the data controller via the data processor's platform and is owned exclusively by the data controller.
A.2. Information about the processing
The purpose of the data processor's processing of personal data on behalf of the data controllerThe Collaboration Agreement incl. Annexes regulate the rights and obligations of the parties in connection with the data processor making a platform available to the data controller. As part of this collaboration, the data processor will host the Talenthub platform on behalf of the data controller as well as assist the data controller in collecting, measuring, and analysing candidate feedback collected via the Talenthub Feedback module.The data processor's processing of personal data on behalf of the data controller is primarily about (the nature of the processing)The data processor hosts the Talenthub platform on behalf of the data controller and assists the data controller in collecting, measuring, and analysing candidate feedback. In addition, the data processor makes the data as well as the analysis available to the data controller via the platform.
In editable fields where candidates have the ability to write free text, Talenthub has implemented a bot that scans for text that may contain personal information. If the bot finds text - such as email addresses or phone numbers - these will be anonymised by replacing this information with xxxx’s so that these cannot be used to identify people.The processing includes the following types of personal information about the data subjectsGeneral personal information, including answers (feedback) from candidates, any information related to the candidate's experiences (which may make it possible to identify the applicant in question), feedback related to the recruitment process, identification information in the form of names and email addresses of employees of the data controller and logging the behaviour of the data controller’s employees on the platform.The processing includes the following categories of data subjectsThe category of registered, identified, or identifiable natural persons covered by the Agreement or the processing activity:
⋅ Job applicants to the data controller
⋅ Employees of the data controllerThe data processor's processing of personal data on behalf of the data controller may commence after the entry into force of this Agreement. The treatment has the following durationThe processing may take place until the termination of this Agreement, cf., however, sections 11 and 17.
B.1. Approved sub-processors
On commencement of the Agreement and the Clauses, the data controller authorises the engagement of the following sub-processors:
NAMEADDRESSDESCRIPTION OF PROCESSINGLOCATION(S) FOR PROCESSINGAmazon Web Services EMEA SARL38 Avenue John F. Kennedy
L-1855 LuxembourgAmazon Web Services hosts the platform that the data processor makes available to the data controller.Frankfurt, GermanyGoogle Cloud EMEA70 Sir John Rogerson’s Quay
Dublin 2, IrelandProcesses our Google Suite in different locations. These, however, hold duplicates of the same things. ⋅ Dublin, Ireland
⋅ St. Ghislain, Belgium
⋅ Eemshaven, Netherland
⋅ Hamina, Finland
The data controller shall on the commencement of the Clauses authorise the use of the abovementioned sub-processors for the processing described for that party. The data processor shall not be entitled – without the data controller’s explicit written authorisation, cf. clause 7 – to engage a sub-processor for a ‘different’ processing than the one which has been agreed upon or have another sub-processor perform the described processing. In addition, the data processor may not - without observing point 7 - process the personal data at locations other than those agreed above.
B.2. Prior notice for the authorisation of sub-processors
The data processor must notify the data controller in writing of the replacement or addition of sub-processors no later than 30 days prior to commissioning, whereby the data controller has been given the opportunity to object to the use of the use in question or change, cf. 7.2.
C.1 The subject of instructions for the processing
The data processor’s processing of personal data on behalf of the data controller is described in Appendix A – Information about the processing.
C.2. Security of processing
It is a cloud solution that processes little ordinary personal information on job applicants.
The data processor is then entitled and obliged to make decisions about which technical and organisational security measures must be implemented in order to establish the necessary (and agreed) security level.
However, the data processor must - in any case and as a minimum - implement the following measures, which have been agreed with the data controller:
C.2.1. Pseudonymisation and encryption of personal data
The main systems used by the data processor including Talenthub.io, G-suite and Amazon all encrypt “data in transit” with at least TLS 1.2 and “data at rest” with at least 256-bit AES.
C.2.2. Ensure ongoing confidentiality, integrity, availability
All data is backed up at least once every 24 hours, and most are backed up continuously as changes are made. Also, company policy dictates that no files are physically stored on a PC drive or similar, partly because of security risks, but also because of the risk of losing data.
C.2.3. The ability to restore availability in a timely manner
Should the data processor encounter an unforeseen event, a Disaster Recovery Plan has been implemented. This ensures fast recovery of data from the data processor's redundant backups located in separate geographical zones.
C.2.4. Regular testing, assessment and evaluation of the effectiveness of the technical and organisational measures
If necessary, the data processor performs security audits that test both digital and physical compliance. In addition, all employees undergo training in data security and management when they start their employment with the data processor.
C.2.5. Access to the information via the Internet
The transfer of files and information carried out by the data processor's employees follows specific guidelines regarding which information can be conveyed and which systems this can be done through. These systems have all passed our internal requirements regarding security and traceability.
C.2.6. Protection of information during transmission
When the data processor transmits data, the data processor uses end-to-end encryption. This ensures that the information remains unintelligible to outsiders, even if they were to pick it up along the way. The data processor's transmission protocols are configured to allow only secure connections, and any attempt to connect via unsecured methods is immediately rejected.
C.2.7. Protection of information during storage
Transfer of files and information carried out by the Data Processor's employees follows specific guidelines regarding which information can be conveyed and which systems this can be done through. These systems have all passed our internal requirements regarding security and traceability. In addition, all data is encrypted with AES-256 at rest.
C.2.8. Regarding physical security of locations
Access to the physical assets of the data processor (i.e. IT equipment) is limited to the data processor's employees and selected persons responsible for cleaning/maintenance at the data processor’s office. All persons have been issued a key and a code for our alarm system. The office building is monitored by a security company 24 hours a day, 7 days a week. No assets are stored locally in our office, but rather in the cloud, where they are located redundantly in data centres in Europe.
Physical access to the office is checked continuously. This means that physical and digital access is withdrawn/revoked if an employee quits. The data processor also has a digital access system based on the individual employee's position and work, which ensures that employees only have access to information and materials that are relevant to their work. All systems log the individual's use of the systems, which allows for detailed tracking of use and, more importantly, misuse of any information.
C.2.9. Home/remote workplaces
Employees are allowed home/remote work. For home/remote work, the same rules and guidelines apply as for attendance at the office, and activities are stored, cf. c.2.8, in the cloud.
C.2.10. Logging
All systems have a minimum log that shows the creation, updating and deletion of items or information. In addition, all systems have a log function that shows who has gained access to a given piece of information.
C.3. Assistance to the data controller
The Data Processor shall, as far as possible - within the scope and extent below - assist the Data Controller in accordance with clauses 9.1 and 9.2 by implementing the following technical and organisational measures.
At the specific request of the data controller, the data processor shall, taking into account the nature of the processing, assists the data controller as far as possible by means of appropriate technical and organisational measures in fulfilling the data controller's obligation to respond to requests for the exercise of the data subject's rights as laid down in the personal data legislation.
If a data subject makes a request for the exercise of his rights towards the data processor, the data processor shall notify the data controller without undue delay.
Taking into account the nature of the processing and the information available to the data processor, the data processor shall, upon specific request, also assists the data controller in ensuring compliance with the data controller's obligations in relation to:
Implementation of appropriate technical and organisational measures
Security breach
Notification of breach of personal data security to the data subject
Implementation of impact analyses
Prior hearings from the supervisory authorities
Furthermore, the data processor is free to inform the system owner and/or other contact persons in accordance with the main agreement.
C.4. Storage and period / erasure process
Personal information is stored for as long as the Main Agreement is active and the collaboration continues, after which it is deleted by the data processor.
In the event of deletion or request for deletion, the personal data in question must be irrevocably removed from all storage media on which they have been stored, so that personal data cannot be recovered, including with any sub-processors in accordance with section 11.1. This applies regardless of whether it is the data controller or the data processor who is responsible for the deletion.
C.5. Processing location
The processing and storage of the personal data covered by the Agreement may not take place without observance of clause 7 at locations other than the following:
Skelbækgade 4, 4. tv., 1717 Copenhagen V, Denmark
In addition, reference is made to the listing under Appendix B.1 above.
The data processor is obliged to inform the data controller in writing of changes in locations for the data processor's processing of personal data with at least 1 month 'written notice, however by transfer to insecure third countries with at least 2 months' written notice, thereby giving the data controller the opportunity to against the transfer.
C6. Instructions on the transfer of personal data to third countries
All data is stored and processed within the EU.
If the data controller does not in this Agreement or subsequently provide a documented instruction regarding the transfer of personal data to a third country, the data processor is not entitled to make such transfers within the framework of the Agreement.
C.7. Procedures for the data controller's audit, including inspections, of the processing of personal data being performed by the data processor
Upon request, the Data Processor shall provide a management declaration/statement subject to the usual confidentiality obligations regarding the Data Processor's compliance with the Data Protection Regulation, data protection provisions of other EU or national laws and this Agreement.
There is an agreement between the parties that the data processor must provide the following:
- Management statements
Management statements are sent without undue delay to the data controller for information. The data controller may challenge the framework for and/or the method in the declaration and in such cases may request a new management declaration under another framework and/or using another method.
In addition, the data controller or a representative of the data controller has access to carry out audits.
Any expenses of the data controller in connection with an audit shall be borne by the data controller himself. However, the data processor shall allocate the resources (mainly time) necessary for the data controller to carry out this audit.
The data processor shall also provide authorities which, under EU law or the law of a Member State, have access to the data controller's and data controller's facilities, or representatives acting on behalf of the authorities, access to the data processor's physical facilities upon presentation of proper identification.
C.8. Procedures for audit, of the processing of personal data being performed by sub-processors
Notwithstanding any contrary provision in this Agreement, it is acknowledged and agreed that certain limitations may apply with respect to the audit rights concerning sub-processors due to the policies and constraints imposed by the sub-processors. Sub-processors, such as Amazon and Google, do not permit audits of their facilities or systems. In such cases, the Data Processor shall make reasonable efforts to obtain assurances from its sub-processors regarding the protection of personal data.
The Data Processor shall ensure that its sub-processors are bound to provide adequate data protection and security measures as required by applicable data protection laws and regulations. If the Data Processor becomes aware of any material breach by a sub-processor, it shall take appropriate steps to remedy or mitigate the breach.
In the event that the Data Controller reasonably believes that a sub-processor's processing activities pose a significant risk to the protection of personal data, the Data Processor shall cooperate with the Data Controller in finding alternative solutions that comply with applicable data protection laws and regulations.
June 1, 2023
This Annex will also apply to any services to be provided under this Agreement and will form part of the Agreement entered into by the parties. Professional Services will be deemed to be Services.
Term
Description
SLA
Service Level Agreement
Accuracy
Degree of conformance between a result specification and standard value
IT Operations Department / Service Desk
A unit of Customer responsible for internal IT Operations
Maintenance
Scheduled unavailability of the Talenthub Services, as announced by us prior to the Talenthub Services becoming unavailable.
Monthly Uptime Percentage
Is calculated by subtracting from 100% the percentage of minutes in which the Talenthub Services were unavailable. Monthly Uptime Percentage measurements exclude downtime resulting directly from SLA Exclusions.
Service Compensation
Means a credit denominated in Euros (EUR/€) calculated as set forth below, that we may credit back to an eligible account.
Timeliness
The characteristics representing the performance of an action that leaves sufficient time remaining to maintain SLA service expectations.
Unavailable and unavailability
For services, when your services or database is not running or not reachable due to Talenthub’s fault.
June 1, 2023
Talenthub wants to offer a service that gives you the best possible experience. To do so, we use technologies that may collect information about you and how you and others use Talenthub's website.
For example, we use cookies that allow you to watch videos. We also use cookies to track how many people visit Talenthub and how our website is used. This allows us to develop the content and make our services intuitive to use.
Talenthub uses its own cookies and cookies from partners, so-called third-party cookies. Partners can use cookie data for targeted marketing on platforms of their own and others’ platforms. You can see which partners use cookies and for what purposes under the section What are the different cookies used for?
Until you have given your consent, Talenthub may not use anything other than necessary cookies. Therefore, we ask for your consent to use cookies when you visit Talenthub for the first time. If you accept all or selected cookies, cookies are stored on your computer, tablet, mobile or other electronic device.
You can enable and disable cookies, and you can always revoke your consent and change settings here.
You can also change cookie settings by going to your browser settings and deleting cookies.
How to change cookie settings in your browser
We have grouped our cookies into these categories:
• Necessary cookies: Make the website work
• Statistical cookies: Track how you use the website
• Marketing cookies: Used for advertising
You can read more about the individual types of cookies below.
A cookie is a file that is stored on your computer, tablet, mobile or other electronic device when you visit Talenthub's digital services.
A cookie may contain a randomly generated ID that makes it possible to recognise your computer and gather information about which pages and features you visit.
Cookies can do different things. Some cookies ensure that a website works as intended, while others may store information about your behaviour to provide you with targeted advertising. You can see a description of the different types of cookies below.
This policy also covers other forms of data collection, e.g. via so-called scripts and pixels. Data collection only happens for the purposes you have consented to.
Below, you can read more about the different types of cookies.
Necessary cookies: Make the website work
Necessary cookies are technical cookies that make the website work.
Technical cookies mean that you do not have to enter your login details because the website remembers them from last time. These cookies also ensure that Talenthub is displayed correctly by activating basic functions. The website cannot function properly without these cookies, which means that you cannot opt out of this type of cookie.
When you log in via Google, Facebook or Apple necessary cookies are used. Beyond this, partners do not use necessary cookies.
Necessary cookies are used by Talenthub and the following partners:
Cookiebot
Stores the user's cookie consent state for the current domain
1 year
https://www.cookiebot.com/da/privacy-policy/
Used to check if the user's browser supports cookies and to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
Persistent
https://policies.google.com/privacy
Hubspot
Used to implement forms on the website.
Session
Stores the user's cookie consent state for the current domain.
1½ Year
https://www.linkedin.com/legal/privacy-policy
New Relic
Preserves users' states across page requests.
Session
https://newrelic.com/termsandconditions/privacy
Young CRM
This cookie is used in context with load balancing - This optimises the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers.
6 days
talenthub.io
This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators.
Session
Statistical cookies: Track how you use the website
Statistical cookies are used, for example, to track how long you have been on a given website and to track which pages you visit and in what order.
The information helps us understand how users interact with the website by collecting and reporting information anonymously. They form part of analyses that contribute to improving content and user experience, as well as market analyses.
You can enable and disable statistical cookies.
Statistical cookies are used by Talenthub and the following partners:
Google Analytics
Collection of information about users and their activity on the website for analysis and reporting purposes
2 years
www.google.com/intl/da/policies/privacy/partners
Hotjar
Collection of information and statistics about users and their activity on the website for analysis purposes.
1 year
https://www.hotjar.com/legal/policies/privacy/
Hubspot
Collection of information about users and their activity on the website for analysis purposes and to identify if cookie data needs to be updated in the visitor’s browser.
½ year
https://legal.hubspot.com/privacy-policy
Used for data-synchronisation with third-party analyses service and collection of information about users activity on the website for analysis purposes.
30 days
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
New Relic
Used to monitor website performance and statistical purposes.
Session
https://newrelic.com/termsandconditions/privacy
tr-rc.lfeeder.com
Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
Session
Marketing cookies: Used for advertising
Marketing cookies track how you navigate the website.
Marketing cookies can work in such a way that, after searching for a job title on Talenthub, you start getting banner ads with job postings for similar jobs.
Our partners can use cookies for targeted marketing on their own and others' platforms.
You can enable and disable marketing cookies.
Marketing cookies are used by Talenthub and the following partners:
Meta Platforms, Inc.
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
3 months
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Clearbit
Collects data on user behaviour and interaction in order to optimise the website and make advertisement on the website more relevant.
Session
https://clearbit.com/privacy-policy
Collection of information about users and their behaviour on websites to present more relevant advertisements.
1 year
https://policies.google.com/privacy
Hotjar
Used to identify visitors and optimise ad-relevance.
Session
https://www.hotjar.com/legal/policies/privacy/
Hubspot
Sends data to the marketing platform Hubspot about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
Session
https://legal.hubspot.com/privacy-policy
Collection of user behaviour to present relevant advertisement based on visitor’s preference.
1 year
https://www.linkedin.com/legal/privacy-policy
Salesloft
Collection of user behaviour on the website. Used for optimising advertisement.
1 year
https://salesloft.com/privacy-policies/
Youtube
Collection of user’s video player preference.
½ year
https://policies.google.com/privacy
YoungCRM
Collection of user information and interactions with web-campaign content. This is used by the website owner for promoting events and/or products.
1 day
https://youngcrm-platform.com/
Play.hubspotvideo.com
Collects information on user preferences and/or interaction with web-campaign content - This is used on CRM-campaign-platform used by website owners for promoting events or products.
Persistent
sc.lfeeder.com
399 days
In connection with a visit, your computer, tablet or mobile shares, among other things, your IP address and location data. Talenthub is also informed about what type of computer, phone and operating system you are using.
Fundamentally, there are two types of cookies – temporary (session) and permanent (persistent). Temporary cookies are linked to the current visit and are deleted automatically when you leave Talenthub's website. Persistent cookies are, however, stored on your device. Persistent cookies delete themselves after a certain period of time but will be renewed every time you visit Talenthub's website.
Below, you can read about how you can delete cookies yourself.
If you want to disable one or more categories of cookies, you can manage your consent here.
Necessary cookies, which are a prerequisite for basic functions, cannot be disabled.
You can also change cookie settings by going to your browser settings and deleting cookies.
How to change cookie settings in your browser.
Talenthub makes use of components that involve companies other than Talenthub. When using these third-party cookies, information about your use of our digital services and technical information about your device is collected for the purpose of compiling statistics and targeting advertisements at you.
For this storage and collection of information, Talenthub is the joint data controller, along with the supplier of the third-party cookies in question. Talenthub, however, is not responsible for the further processing of the information collected by third parties. You can read more about the processing of personal data in the third parties' own personal data policies, to which links are provided in the section What are the different cookies used for? If you wish to exercise your rights, which includes gaining insight into the information that these companies process about you, you must use the contact information provided in the privacy policies of the companies concerned.
It is possible to link a Facebook, Google or Apple login with Talenthub's login system, but it is not a prerequisite for using Talenthub's login. It is up to you to decide whether you want to use this function.
If you do decide to use this function, Facebook, Google or Apple will receive technical data about your browser and IP address, and Facebook, Google or Apple will be able to link this data to your profile. The processing that Facebook, Google or Apple performs is beyond the control of Talenthub and solely a matter between you Facebook, Google or Apple, who are the data controllers for this use.
Talenthub.io A/S
Skelbækgade 4, 4. tv.
1717 Copenhagen V
Denmark
CRN (CVR): 38623508
June 1, 2023
At Talenthub, we understand the importance of protecting your personal information and are committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, and disclose personal information from our users and visitors to our website, and online services (collectively, the “Services”).
By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use our Services.
This Privacy Policy applies to personal information collected by Talenthub through our Services and does not apply to any third-party websites, applications, or services that may be linked to or from our Services. We encourage you to review the privacy policies of those third-party services before providing any personal information.
We may update this Privacy Policy from time to time to reflect changes in our privacy practices or legal obligations. We will notify you of any material changes to this Privacy Policy by posting a notice on our website or through other means, such as email. Your continued use of our Services following the posting of changes to this Privacy Policy means you accept those changes.
We understand that you may have concerns about the personal data you share with us. We want to be transparent about what data we collect and how we use it. Personal data is any information that can be used to identify you, such as your name, email address, or payment information.
We keep and use only personal data that you've provided directly, or when it's clear they were left for processing by us when provided. We may use the following types of data for the purposes set out in this Privacy Policy:
• Name
• Email address
• IP address
• The way you navigate through our service
• Statistics as to how you use the service
We collect this data for the following purposes:
• To provide you with our services • To personalise your experience with our services • To analyse how you use our services and identify areas for improvement • To send you important account information and updates
We use cookies on our website to provide you with a better user experience. Cookies are small text files that are placed on your computer or mobile device when you visit a website. We use cookies to remember your preferences and settings, to analyse how our website is used, and to personalise your experience.
The legal basis for processing your personal data is consent. We obtain your consent when you visit our website and accept our offer to use our service. You have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact us at dpo@talenthub.io.
To access our service, you must register a user first. When you register, we collect personal data associated with the username you choose to share with us. This allows us to personalise your experience and keep you informed about updates to our service.
We will not disclose your personal data to third parties (other than the below listed) unless it is necessary to fulfil our agreement with you, or we are legally required to do so.
If we suspect fraudulent or abusive behaviour related to the Talenthub feedback application, we may share your personal data with relevant authorities.
As a user of our platform, you agree to use the platform in a responsible and ethical manner. You agree not to use the platform to engage in any activity that violates any laws, infringes upon the rights of others, or interferes with the operation of the platform or any related services.
Furthermore, you agree to abide by the following guidelines:
• After registering a user: Do not provide or post any personal identifiable information on the platform, including but not limited to your full name, home address, phone number, email address, social security number, or any financial information unless specifically asked to do so. • Do not copy and paste any contact details of a hiring manager or contact person from a job posting into the platform. • Do not engage in any activity that violates any laws, regulations, or the rights of any person or third party. • Do not attempt to access any part of the platform that you are not authorised to access. • Do not engage in any activity that could harm, disable, overburden, or impair the platform or interfere with any other user's use of the platform.
We reserve the right to investigate and take appropriate action against any user who violates these guidelines, including but not limited to terminating their account and reporting their activity to law enforcement authorities.
We may use third-party service providers to help us operate our website and provide our services. These third-party service providers may have access to your personal information in order to perform tasks on our behalf. We strive to ensure that all third-party service providers we work with are reputable and have adequate security measures in place to protect your personal information.
Currently, we work with the following third-party service providers:
• Juice.io: We partner with Juice.io to provide job-matching services. If you choose to use this service, we will share name and email address with Juice.io to make the onboarding process easier. Please note that this is an feature and we will only share your personal information if you choose to use it. Juice.io's privacy policy can found on their website. • Mailchimp: We use Mailchimp for our email correspondence with users, this among others include welcome messages, notifications about profile deletion requests from users, etc.. Mailchimp's privacy policy can be found on their website.
Please note that our use of third-party service providers may change over time. We will update this section of our privacy policy accordingly and notify you of any significant changes.
We take the security of your personal data seriously and have implemented measures to protect it from unauthorised access, use, disclosure, alteration, and destruction. We use industry-standard security practices and technologies to safeguard your personal data.
However, no transmission over the internet or electronic storage system is completely secure. Therefore, we cannot guarantee absolute security of your personal data. We encourage you to take steps to protect your personal data, such as using strong and unique passwords, logging out of your account when you finish using our service, and keeping your account information confidential by not sharing your credentials with anyone else.
If you have reason to believe that your personal data has been compromised, please contact us immediately so that we can take appropriate action.
Personal data provided by you will be stored in your account until the account is terminated or removed. However, in certain cases, we may need to store your data for a longer period of time to comply with legal requirements.
If you share personal data with us via contact forms or email, we will retain the data for as long as necessary to provide a complete response or handle your request. Once the purpose of the data collection has been fulfilled, we will delete the information unless we are required by law to keep it for a longer period of time.
We have appointed a Data Protection Officer (DPO) to oversee our data protection responsibilities and ensure that we are processing your personal data in accordance with applicable data protection laws and regulations.
Our DPO can be contacted by emailing dpo@talenthub.io. If you have any questions or concerns regarding the processing of your personal data or would like to exercise any of your data subject rights as outlined in this Privacy Policy, please contact our DPO.
Our DPO's responsibilities include:
• Monitoring our compliance with applicable data protection laws and regulations;
• Providing advice and guidance on data protection matters to employees and other individuals whose personal data we process; • Coordinating with regulatory authorities in the event of a data protection breach; and • Serving as a point of contact for individuals whose personal data we process regarding any questions, concerns, or requests related to their personal data.
Please note that our DPO is not responsible for handling any customer service or technical support inquiries. If you have a question or concern that is unrelated to data protection or privacy matters, please contact our customer service team at hello@talenthub.accademy.
As a data controller, we respect your right to privacy and understand that you have certain rights under applicable data protection laws. This section describes your data subject rights and explains how you can exercise them.
Right to Access
You have the right to request access to the personal data that we hold about you. If you wish to exercise this right, you can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Rectification
If you believe that any of the personal data that we hold about you is inaccurate, you have the right to request that we rectify it. You can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Erasure
You have the right to request that we delete the personal data that we hold about you in certain circumstances. If you wish to exercise this right, you can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances. If you wish to exercise this right, you can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Data Portability
You have the right to receive a copy of the personal data that you have provided to us in a structured, commonly used, and machine-readable format. If you wish to exercise this right, you can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including where we process your personal data for direct marketing purposes. If you wish to exercise this right, you can submit a request to us using the contact details provided at the end of this Privacy Policy. We will respond to your request within the timeframes required by applicable data protection laws.
Right to Withdraw Consent
If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. If you wish to withdraw your consent, you can submit a request to us using the contact details provided at the end of this Privacy Policy. Please note that withdrawing your consent will not affect the lawfulness of any processing that we have carried out based on your consent before you withdrew it.
Contact Details
If you wish to exercise any of your data subject rights, or if you have any questions or concerns about how we process your personal data, please contact us using the following details:
dpo@talenthub.io
We will respond to your request or query within the timeframes required by applicable data protection laws. Please note that we may need to verify your identity before we can fulfil your request
We reserve the right to make changes to this statement at any time. If we make any material changes, we will notify you via email or other means of communication, and the updated statement will be effective immediately upon posting.
We encourage you to review this statement regularly to stay informed of any updates. By continuing to use our service after any changes have been made, you agree to the updated privacy statement.
Talenthub.io A/S
Skelbækgade 4, 4. Tv.
1717 Copenhagen V
Denmark
hello@talenthub.io
CRN (CVR): 38623508
June 1, 2023
At Talenthub we take the protection of personal data seriously. This statement is intended to explain how we collect, use, and protect personal data when visiting our website, purchasing our services, or interacting with us in any way. The General Data Protection Regulation (GDPR) sets out strict requirements for how organisations handle personal data. We comply with GDPR and are committed to ensure that personal data is processed lawfully, fairly, and transparently. This statement will provide you with information on how we use personal data and the rights of data subjects in relation to that data. We encourage you to read this statement carefully to understand our practice and how to contact us with any questions or concerns.
We would like to inform you that we process personal data on the basis of consent. This means that we will ask for your explicit consent before collecting and processing any personal data. We take your privacy seriously and are committed to ensuring that your personal data is processed lawfully, fairly, and transparently.
Personal data collection:
We collect personal data from you when you create a user account on our platform. The personal data we collect is limited to your name and email address. This information is necessary for us to provide you with our services and to communicate with you about your account.
If you are an integration customer, we may also collect the name and email address of your candidates in order to send out survey emails on your behalf. This personal data is used solely for the purpose of administering the surveys and is not used for any other purposes.
We do not collect any other personal data from you, and we do not share your personal data with third parties unless required to do so by law.
We only collect personal data that is necessary for the provision of our services, and we do not process your personal data in any way that is incompatible with the purposes for which it was collected.
Under GDPR, you have certain rights with respect to your personal data. These rights include:
If you wish to exercise any of these rights, please contact us using the contact details provided in the "Contact us" section below. We will respond to your request without undue delay and in any event within one month of receipt of your request, unless we need to extend the period by a further two months due to the complexity or number of requests. Please note that we may need to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws.
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
We use industry-standard security measures, including encryption, firewalls, and secure socket layer (SSL) technology, to protect your personal data. We regularly review and update our security measures in light of current technologies and industry standards to ensure the security and confidentiality of your personal data.
However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your personal data.
If we become aware of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by applicable law. We will also take all necessary steps to mitigate the effects of the breach and prevent similar incidents from occurring in the future.
If you have any questions or concerns about the security of your personal data, please contact us using the contact details provided in the "Contact us" section below.
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
If you have registered with us, we will retain your personal data for as long as your account is active or as needed to provide you with our services.
If you have contacted us with a question or a request, we will retain your personal data for as long as necessary to respond to your question or request and for a reasonable period thereafter in order to maintain a record of our communications.
If you have provided your consent to receive marketing communications from us, we will retain your personal data for as long as you remain subscribed to our mailing list or until you withdraw your consent.
Once the retention period has expired, we will securely delete or anonymize your personal data in accordance with our data retention policies and applicable laws.
If you have any questions or concerns about our data retention practices, please contact us using the contact details provided in the "Contact us" section below.
We store your personal data in the European Economic Area (EEA) and do not transfer it outside of the EEA.
If we need to transfer your personal data outside of the EEA, we will ensure that appropriate safeguards are in place to protect your personal data, in accordance with the requirements of the GDPR. This may include implementing Standard Contractual Clauses approved by the European Commission, or ensuring that the recipient of the data is located in a country that has been deemed to provide an adequate level of protection for personal data by the European Commission.
If you have any questions or concerns about the transfer of your personal data, please contact us using the contact details provided in the "Contact us" section below.
We take your privacy and the protection of your personal data seriously. We are committed to complying with the GDPR and other applicable data protection laws and regulations.
If you have any questions or concerns about how we collect, use, or protect your personal data, or if you would like to exercise any of your data subject rights, please contact us using the contact details provided in the "Contact us" section below.
We reserve the right to update or amend this GDPR statement from time to time, in order to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any such updates or amendments will be posted on this page, and we encourage you to review this statement periodically.
Talenthub.io A/S
Skelbækgade 4, 4. Tv.
1717 Copenhagen V
Denmark
hello@talenthub.io
CRN (CVR): 38623508