1. Data controller and contact information
The data controller for your personal data is:
Company registration no.: 26585848
Strandvejen 102E, 5.,
2. Types of personal data, purposes and legal basis
In our capacity as an International Executive Search Firm we may process your personal date in a number of situations as described below.
When you apply for or is contacted regarding a position with a Directure client:
When we look for candidates for a certain position on behalf of a client, we will process the information, including the personal data, which you have disclosed on public available sources (especially LinkedIn), in your job application and CV in order to evaluate your application, profile, etc. We will also evaluate your performance and competencies during potential interviews. The legal basis for our processing of your personal data is your request for our evaluation of your application and CV on behalf of the client and prior to the potential execution of an employment contract in accordance with our legitimate interest in processing the information you have given us in accordance with Article 6(1)(f) of the General Data Protection Regulation. This depends on the stage of the application process and whether it is Directure that reaches out to you, or you that reaches out to us.
Further, we might search the internet for relevant and available information, including content from social media and will typically involve information regarding your previous jobs, activities, competencies, performance, as well as your general appearance.
If the job position requires you to complete personality tests or similar you will be informed hereof when we have processed your application. The results of such tests will be treated confidentially but will be included in our evaluation of your application. Our legal basis for such processing of personal data is Article 6(1)(f) of the General Data Protection Regulation.
We may also request that you provide us with a copy of your criminal record depending on the position for which you are applying. Such information will also be treated confidentially. In such case we will ask for your consent, whereas our legal basis for such processing of personal data is Section 8(3) of the Danish Data Protection Act.
As part of our evaluation of you and your application, we may wish to take references from your previous and/or current employers. We will only take up references from persons you have explicitly stated in accordance with Article 6(1)(f) of the General Data Protection Regulation or if you have consented hereto in accordance with Article 6(1)(a) of the General Data Protection Regulation.
If the position in question involves financial responsibilities (e.g., bookkeeping or accounting), we might – after a concrete assessment – collect information about your credit information and rating. Our legal basis for such processing of personal data is Article 6(1)(f) the General Data Protection Regulation.
We recommend that you do not disclose sensitive personal data, such as information revealing racial or ethnic origin, religion, trade union membership, sexual orientation, health, etc. in your application. In the unlikely event that a certain health condition is required for the ability to perform the duties related to the position in question, we might – after a concrete assessment – request health information from you. In such case we will ask for your consent, whereas our legal basis for such processing of personal data is Article 9(2)(a) of the General Data Protection Regulation.
The client will be ultimately responsible for the assessment of whether you will be offered the position you apply for. The personal data collected during the application process will therefore be transferred from Directure to the client on basis of the said legal bases above.
Directure will store your information for the duration of the position’s recruitment process and six months after the project is closed, however, Directure may also ask for your consent for storage for a longer period (see below).
When you apply for a position with Directure:
If you apply for a position with Directure, the processing activities described above will also apply, however, the legal basis of the said processing activities will primarily the aim of concluding a contract with you in accordance with Article 6(1)(b) the General Data Protection Regulation.
If you are offered a position with the Directure, your application and additional relevant personal data obtained during the recruitment process will become part of your employee file.
If you are not offered a position, we will store your application and any additional personal data obtained during the recruitment process for a period of 6 months following our rejection, unless you have provided your consent to the storage hereof for a longer period.
Storage in the Directure candidate and succession databases:
Directure retains a database of candidates for clients or potential clients of Directure, which contains information found in public sources, hereunder especially LinkedIn. The data is stored in this database is thus a link to your LinkedIn profile, which ensures that we always retain data that is up to date as well as your contact details. The data in our database will, thus, be information that has been made publicly available by yourself and our legal basis for retention is therefore our legitimate interest you in accordance with Article 6(1)(f) the General Data Protection Regulation. We will in any case update our database on ongoing basis to ensure that it is relevant for the business of our clients.
If you participate in an application process with a Directure client (see above), e.g. as part of a succession project, we may under certain circumstances ask for your consent to retain your personal data in our database for the same or similar positions in accordance with Article 6(1)(a) the General Data Protection Regulation.
When otherwise communicating with us:
Apart from the above you may also contact or interact with us for a number of other purposes. We will in such case process your personal data, hereunder especially your contact details in accordance with Article 6(1)(f) of the General Data Protection Regulation and our legitimate interest in responding to your query.
When using our website:
The use of our website Administration of your personal data, also based on your click behavior in relation to marketing send outs and via cookies on our website. Such processing will be based on our legitimate interest in being able to collect and administrate your personal data, also based on your click behavior in relation to marketing send outs and via cookies on our website, according to Article 6(1)(f) of the General Data Protection Regulation.
3. Disclosure to other data controllers and transfer to data processors
To fulfil the above purposes, we may provide access to your personal data for third parties who, on the basis of a contractual relationship with Directure provide relevant services, e.g. IT-providers, etc. Such service providers will only process personal data in accordance with our instructions pursuant to the data processor agreements entered into.
In connection with Directure’s development, the company structure may change, e.g. through a full or partial sale of Directure. In case of a partial hand over of assets containing personal data, the legal basis for the related disclosure of personal data is, as a general rule, Article 6(1)(f) of the GDPR, as Directure has a legitimate interest in handing over part of its assets as well as making commercial changes.
Aside from above, it is a general rule that your personal data is not disclosed to a third party without your permission. However, under certain circumstances and in accordance with applicable law, we may need to disclose your personal data to the police, lawyers, auditors, courts and other public authorities.
If your personal data is transferred to data processors or data controllers established in countries outside the EU/EEA which does not have an adequate level of protection, such transfer will be based on the EU Commission’s Standard Contractual Clauses.
4. Deletion of personal data
We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above. However, the data may be processed and stored for a longer period in anonymised form.
We protect the confidentiality, integrity and accessibility of your personal data. Hence, we have implemented security measures to ensure that our internal procedures meet the established security standards and applicable legal requirements.
We have internal rules on information security that contains instructions and measures to protect your personal data from being destroyed, lost or altered, against unauthorised disclosure, and unauthorised access to and knowledge of them. Sensitive and/or confidential personal data will only be transmitted in encrypted form.
6. Your rights
- You have the right to access the personal data we process about you.
- You have the right to object to our collection and further processing of your personal data.
- You have the right to have your personal data rectified and deleted, with certain statutory exceptions, including the Bookkeeping Act.
- You have the right to request us to restrict the processing of your personal data.
- Under certain circumstances you may also request to receive a copy of your personal data as well as the transmission of your personal data which you have provided us with to another data controller (data portability).
- You may, at all times, withdraw any consent you may have given. We will then delete your personal data, unless we can continue the processing on another basis.
7. Links to other websites etc.
Our website may contain links to other websites. We are not responsible for the content of other companies’ websites or their practices in collecting personal data. When you visit other websites, you are advised to read the owner’s policy for protection of personal data and other relevant policies.
8. Questions or complaints
If your complaint is not resolved by us and you wish to proceed with the case, you can send your compliant to the Danish Data Protection Agency, Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Telephone +45 33 19 32 00, e-mail firstname.lastname@example.org.