Personal data and data protection
In the course of doing business, there may be circumstances where Asuria collects personal information in order to enable you to participate in our services or programs. Personal information is information or an opinion about an individual who is reasonably identifiable.
This Policy sets out the broad controls that have been adopted to govern the way we collect and use personal information, the circumstances under which we may disclose personal information to third parties, how personal information held may be accessed, and what to do if concerned with the treatment of your personal information.
1.1 Who does this policy apply to?
This policy applies to any individuals whose personal information we may hold or collect including
- contractors, consultants or suppliers of goods or services
- participants in programs or services delivered by us
- A person whose information may be given to us by a third party
- A person seeking employment with us
- Users of our website
The Company will be fair and open about the way we collect information about you and what we intend to do with the information we collect
- Describe the types of personal information that we collect, hold, use and disclose
- Outline our information handling procedures
- Explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected
- Explain our procedures in the event that your personal information is disclosed without authorisation
- Provide information about how to access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
Information We Collect
The Company collects information in a variety of ways in the course of running our business, including:
- Providing services to Jobseekers, trainees and other parties;
- Use of phone or fax
- Engaging suppliers, contractors, labour hire workers and other personnel;
- Responding to questions about our services and our business;
- Responding to complaints and enquiries via our online complaints process;
- Interacting with people via our website or via social media and related platforms;
- Conducting trade promotions and information sessions;'
- Via security processes at our sites including our sign in registers
The kinds of personal information that the Company collects and holds depends on the circumstances, but can include;
- Contact information - names, address, email address, telephone number
- Employment and education history
- Language proficiencies and other work-related skills
- Social Security number, national identifier or other government-issued identification number
- Date of birth
- Bank account information
- Citizenship and work authorisation status
- Benefits information
- Tax-related information
- Information provided by references
- Information in your resume
Means of collection
The Company collects most personal information directly from the person, unless the person consents to the collection of information by someone else other than them, or the Company is required or authorized under a Swedish law, or a court/tribunal order, to collect the information from someone other than the individual. Third parties may also share information with us about people, including Government agencies and other related parties. Where reasonable and practicable, the Company will collect personal information directly from you and inform you that this is being done.
When the Company collects personal information, the Company will take reasonable steps to ensure that the person is aware of:
- the collection;
- the purpose of the collection;
- the main consequences (if any) if the information is not collected;
- the types of organisations (if any) to which the information may be disclosed (including those located overseas);
- any law that required the particular information to be collected; and
- the fact that this Policy contains details on access, correction and complain
Personal information collected by the Company is held in a variety of formats including hardcopy and on our computer systems.
How We Use the Information We Collect
The Company only collects, holds and handles information about you that is necessary for the Company to perform the services that are requested of the Company, that is otherwise reasonably necessary for business activities or if required by law. The Company will not collect sensitive information unless the person to whom it relates consents to the collection and, the information is reasonably necessary for one or more of the Company’s business functions or activities. The exception to this is where collection is required or authorised by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) life or health or is necessary in relation to legal proceedings (current, anticipated or potential), or another permitted exception under law applies.
The Company uses ‘cookies’ and other similar technologies in electronic communications to help us collect information about the way you interact with our content online and help the Company to improve your experience when visiting the Company website.
Cookies are data files that your browser places on your computer or device. They remember the type of browser that the visitor is using and which additional browser software the user has installed. They remember preferences such as languages and region, which remain as your default settings when you next revisit the website. The cookies also allow the user to rate pages and fill in comment forms on the website.
Cookies cannot collect any information stored on your computer or files. Users can visit www.allaboutcookies.org for more information and details on how to delete or reject cookies.
The Company uses Google Analytics to collect information about how people use our website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites. The information the Company obtains from Google Analytics helps us understand user needs and offer a better user experience.
Use or disclosure of personal information
The use to which the Company can put personal information depends on the reason for which it was collected. The Company may use personal information for its primary purpose of collecting the information, or for a related secondary purpose that we could reasonably be expected to use the personal information for.
The Company respects the privacy of personal information and will take reasonable steps to keep it strictly confidential.
The Company will disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected such as;
- (i) with our subsidiaries and affiliates;
- (ii) if you are a job seeker or employer seeking to recruit; and
- (iii) with organisations and consultants helping us to find you a job
Where such disclosure is necessary, the Company will require that the third party undertake to treat the personal information in accordance with the legislative requirements. Otherwise, the Company will only disclose personal information to third parties without the consent of the person to whom the information relates if the disclosure is:
- necessary to protect or enforce Asuria’s rights or interests or to defend any claims;
- necessary to prevent or lessen a serious threat to a person’s health or safety;
- required or authorised by law;
If the Company uses or discloses personal information to third parties in accordance with the above, the Company must make a written note of the use of disclosure.
Under no circumstances shall the Company sell personal information.
The Company will take all reasonable steps to ensure that all personal information held by the Company is secure from any unauthorised access or disclosure. The Company stores personal information in archive systems for a period the Company considers reasonable depending on the primary purpose for which the information was collected. Only properly authorised people who have a need to access personal information to perform their job will be able to see or use that information.
Personal information will be de-identified or destroyed when it is no longer required such that it cannot be re-identified at a later date.
The Company will ensure that its employees receive training about the management of personal information relevant to their respective roles and responsibilities in accordance with the Company’s Information Security Policy.
We maintain administrative, technical and physical safeguards designed to protect the personal data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Accessing personal information
A person may request to access personal information about themselves held by the Company. Such a request must be made in writing and addressed to the Asuria Data Protection Officer at the address below:
Contact the Data Protection Officer
Questions regarding Asuria's privacy and data protection are answered by our Data Protection Officer:
Human Factory Sweden AB Fendergatan 8, 120 71 Stockholm
Dealing with requests for access
The Asuria Data Protection Officer, or delegate of the Company, must respond to the request for access to personal information within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Refusal to give access
If the Company refuses to give access to the information, or to give access in the manner requested by the individual, the Company must give the individual a written notice that sets out:
· the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
· the mechanisms available to complain about the refusal; and
· any other matter prescribed by the regulators,
and take steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
Correction to personal information
The Company will take reasonable steps to ensure the accuracy and completeness of the personal information they hold. However, if the Company is satisfied that, having regard to a purpose to which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or the individual requests the Company to correct the information, the Company must take steps (if any) as are reasonable in the circumstances to correct the information to ensure, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. If a person believes that any personal information that the Company holds about them is inaccurate or out of date, then they should contact the Asuria Data Protection Officer.
If the Company corrects personal information and the individual requests the Company notify a third party of the correction; the Company must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
If the Company refuses to correct personal information, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators
Your Rights as a Data Subject
When permitted by applicable law, a data subject can exercise under Articles 15 to 22 of the GDPR the following specific rights:
- Right of access: A data subject has the right to access his or her personal data in order to verify that his or her personal data is processed in accordance to the law.
- Right to rectification: A data subject has the right to request the rectification of any inaccurate or incomplete data held about him or her.
- Right to erasure: A data subject has the right to request that the Data Controller erases information about him or her and to no longer process that data.
- Right to restriction of processing: A data subject has the right to request that the Data Controller restricts the processing of his or her data.
- Right to data portability: The data subject has the right to request the data portability meaning that the data subject can receive the originally provided personal data in a structured and commonly used format or that the data subject can request the transfer of the data to another Data Controller.
- Right to object: The data subject who provides a Data Controller with personal data has the right to object, at any time to the data processing on a number of grounds as set out under GDPR without needing to justify his or her decision.
- Right not to be subject of automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect concerning the data subject or similarly significantly affects him or her.
- Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.
Whenever the processing is based on the consent, as under art.7 of the GDPR, the data subject may withdraw their consent at any time. There may be circumstances where we will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific requirements.
If you believe that any of your data that we process is incorrect or incomplete, please contact us and we will take reasonable steps to check its accuracy and correct it where necessary.
If you require more information about the processing of your personal data, please refer to the How to Contact Us section below.
How to Contact Us
The Data Protection Officer
If the Company is unable to resolve the matter, or if you have general questions regarding the Swedish privacy protection legislation and the European Union’s General Data Protection Regulation (GDPR) you may raise your concern with the Swedish Authority for Privacy Protection:
Phone: 08-657 61 00
Postal Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm