VALIDA RESPECTS YOUR PRIVACY
Valida Personal Due Diligence AB (“Valida” “we”, “us”, “our”) respect your privacy and are committed to processing your personal data with a high level of security and in accordance with applicable data protection legislation. This privacy policy describes how we process personal data about you in your position as a customer representative or as our customer’s candidate, when we provide our services, i.e. when performing background screenings, preemployment investigations and/or security interviews.
If you have any questions about our privacy protection, you are always welcome to contact us. Our and our data protection officer’s contact details are available under the section ”Contact Information” below.
VALIDA RESPECTS YOUR PRIVACY
Valida Personal Due Diligence AB (“Valida” “we”, “us”, “our”) respect your privacy and are committed to processing your personal data with a high level of security and in accordance with applicable data protection legislation. This privacy policy describes how we process personal data about you in your position as a customer representative or as our customer’s candidate, when we provide our services, i.e. when performing background screenings, preemployment investigations and/or security interviews.
If you have any questions about our privacy protection, you are always welcome to contact us. Our and our data protection officer’s contact details are available under the section ”Contact Information” below.
VALIDA IS THE CONTROLLER
We are the controller of your personal data that we process when providing our services. Hence we are responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.
PROPORTIONALITY
We ensure that we collect, use, transfer and retain only the personal information we need for a specified purpose. We do this by observing the fundamental principles stated in the General Data Protection Regulation (GDPR). This means among other things that we comply with the following: Purpose limitation: We do not use personal information for purposes that are incompatible with those for which the information was first collected, unless we have a lawful basis for such processing. Data minimisation, use and disclosure: We avoid the collection, use and disclosure of personal information that is not necessary for the purposes of the processing, unless required by law. Storage limitation: We retain personal information only to fulfill the purpose for which it was originally collected and to fulfill legal obligations (if any).
OUR PROCESSING OF YOUR PERSONAL DATA
Information on from where we collect your personal data, what personal data we process, the purposes for which we intend to process your personal data, the legal basis for the respective processing activity and the applicable retention periods are stated in the table below. You are under no obligation to share your personal data with us. However, if you choose not to share any personal data with us we may not be able provide our services. This means that if you are a candidate who have applied for a job or assignment with our customer, your job application or assignment may not be processed.
Data related to candidates/persons
From where we collect the personal data | Categories of personal data | Purpose | Legal basis | Retention period |
---|---|---|---|---|
From you, from the company you have applied for a job or assignment with, from previous employers and/or schools, academic institutions, training centres, vocational institutes, from commercially available data resources, public registries, public records and from media, social media sites and other external internet sites | Name, email, phone number, national ID-number or equivalent, passport number or PAN card and/or Aadhaar number (as applicable), current and past addresses, civil status, place of birth, current and former (if any) citizenship, corporate engagements, information in your CV and job application, financial information, information in media/ social media and other information you, or the company you have applied for a job or assignment with, may choose to share with us | To provide our services e.g. to safely confirm your identity and carry out background checks, preemployment investigations and security interviews and to compile screening reports and risk assessments to our customers. | The processing is necessary for our legitimate interest in providing our services (legitimate interest) | The processing is necessary for our legitimate interest in providing our services (legitimate interest) |
Data related to customers
From where we collect the personal data | Categories of personal data | Purpose | Legal basis | Retention period |
---|---|---|---|---|
From the company that you represent or directly from you | Name, email, phone number, address and information that you provide to us by email or by other channels of communication | To provide our services by e.g. enable the customer to order and receive screening reports | The processing is necessary for our legitimate interest in providing our services (legitimate interest) | During the time which we provide the customer service/have an agreement with you or when the matter to which the communication relates is resolved, unless Valida does not have a legitimate interest to keep the data |
From the company that you represent or directly from you | Name, email, phone number, address and information that you provide to us by email or by other channels of communication | To administer the agreement or relationship with an existing or potential customer (e.g. administer orders, payments and invoices) | The processing is necessary for our legitimate interest to keep in touch with you in order to fulfil our obligations under the agreement with our customer or administer the relationship with potential customers (legitimate interest) | During the time which we provide the customer services/have an agreement with you or when the matter to which the communication relates is resolved, unless Valida does not have a legitimate interest to keep the data |
From the company that you represent or directly from you | Name, email, position and company | To enable communication about our services | The processing is necessary for our legitimate interest to communicate regarding our services (legitimate interest) | Until given notice to remove you from our system/database |
From the company that you represent or directly from you | Name, email, address, information about your orders | To fulfil legal requirements, e.g. accounting requirements | The processing is necessary for compliance with our legal obligations | As long as is required by law |
From the company that you represent or directly from you | Name, email, information about your orders | Protect our legal interests, e.g. in case of non-payment | The processing is necessary for our legitimate interest in protecting our legal interests, e.g. to receive payment (legitimate interest) | As long as necessary for our legitimate interest in protecting our legal interests |
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We do not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the purposes for which we process your personal data. Situations when your personal data may be disclosed to third parties are listed in the table below.
With whom do we share your personal data? | Categories of personal data | Purpose |
---|---|---|
Suppliers/partners/third parties | Name, email, phone number, national ID-number, passport number or PAN card number (as applicable), current and past addresses, civil status, place of birth, current and former (if any) citizenship, information in your CV and job application, financial information, information in media/ social media and other information you may choose to share with us | We may disclose your personal data to suppliers and/or partners and/or other third party instances that we use to provide the services, e.g. to obtain verification of information and to carry out the background check, if such third parties need your personal data to fulfil their undertakings toward us, e.g. cloud service providers, educational/academic institutions and schools, previous employers etc |
Customers (the company that you have applied for a job or assignment with, in this particular process) | Name, email, phone number, national ID-number, passport number or PAN card number (as applicable), current and past addresses, civil status, place of birth, current and former (if any) citizenship, information in your CV and job application, financial information, information in media/ social media and other information you may choose to share with us | To provide our services and carry out background checks, preemployment investigations and security interviews and to compile screening reports and risk assessments to our customers. |
Authorities | Name, email, phone number, national ID-number, passport number or PAN card number (as applicable), current and past addresses, place of birth, current and former (if any) citizenship, information in your CV and job application | We may disclose your personal data to authorities that we contact to provide our services, e.g. to obtain verification of information and to carry out the background check, if such authorities need your personal data to fulfil their undertakings toward us and to identify you properly |
Authorities | Information necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others, when otherwise required by law, regulation, subpoena, court order, warrant or similar legal process, or if necessary to assert or protect our rights or assets | Personal data may be disclosed to authorities when necessary for compliance with legal obligations |
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
When we transfer personal data to a country outside the EU/EEA, we will take necessary measures to ensure that the personal data is processed in a secure manner by applying an appropriate safeguard, e.g. the EU Commission’s standard contractual clauses. You have the right to obtain a copy of the standard contractual clauses by contacting us. Valida will also share your personal information with third parties in other countries to collect, verify, validate or translate information, such as your educational qualifications or employment history, from countries or regions where you have lived, worked or studied. Where there are legal restrictions on transfers of personal information, these transfers are done based on one or more of the following:
Regulators have decided that personal information will be adequately protected in the country to which it is transferred.
There are signed contractual clauses with the recipient that are deemed by the relevant authority to ensure adequate protection of personal information.
We have your consent for us to transfer your personal information outside of your country of residence.
The transfers are otherwise permitted by law
We may transfer your personal data outside the EU/EEA to the countries listed in the table below. The list is not exhaustive, as applicable countries may vary as necessary for us to provide the services. For further information about data transfers to third countries, please go to www.valida.se or contact us directly.
Country | Is there an adequacy decision? |
---|---|
• Switzerland • United Kingdom • Canada • Israel |
Yes |
Australia | No. Standard contractual clauses adopted by the European Commission are applied as security mechanism |
Brazil | No. Standard contractual clauses adopted by the European Commission are applied as security mechanism |
China | No. Standard contractual clauses adopted by the European Commission are applied as security mechanism |
India | No. Standard contractual clauses adopted by the European Commission are applied as security mechanism |
Philippines | No. Standard contractual clauses adopted by the European Commission are applied as security mechanism |
Turkey | No. Explicit consent is applied. |
USA | Yes, certification through EU-U.S Data Privacy Framework |
YOUR RIGHTS
A summary of the rights you have as a data subject under the GDPR follows below.
Right to withdraw
your consent When the processing of your personal data is based on your consent as a legal basis, you have the right to withdraw your consent at any time by contacting us via the contact information listed at the bottom of this privacy policy.
Right of access
You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.
Right to rectification
If the personal data we process about you is inaccurate, incomplete or outdated, you have the right to ask us to rectify or complete such personal data without undue delay.
Right to be forgotten
You often have the right to request deletion of your personal data without undue delay. Such is the case when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.
Right to object
You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.
Right to restriction of processing
Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.
Right to data portability
When personal data you have provided to us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.
Right to lodge complaints
You have the right to file complaints regarding our processing of your personal data with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), Box 8114, SE-104 20 Stockholm.
CHANGES TO THIS POLICY
We reserve the right to change this privacy policy at any time. In the event of changes to this Privacy Policy, we will publish the amended privacy policy on www.valida.se with information on when the changes will come into effect. Further, we may also notify amendments by other appropriate means.
CONTACT INFORMATION
Do not hesitate to contact us if you have any questions about this privacy policy, the processing of your personal data or if you wish to exercise your rights under this privacy policy or applicable legislation.
Valida Personal Due Diligence AB
Reg.no: 556735-8113
Postal address: Blasieholmsgatan 4b, 111 48
Email: info@valida.se
Data protection officer: Henrik Carlbark
Email: henrik.carlbark@valida.se