Cookie and privacy policy for EPICO
Privacy Policy for EPICO
At EPICO, we always strive to protect your and others' personal information to the best of our ability. We do this because we want to safeguard the fundamental right to privacy.
We treat all personal information confidentially, do not disclose personal information without permission, and always aim to comply with applicable laws and good data ethics regarding the processing of personal information.
Below, you can read about the information we generally collect, process, and store. In each specific situation, we will inform you about the purpose and your additional rights.
If you have questions or comments about the policy or wish to exercise your data rights with EPICO as the data controller, you can contact us via email or mail at:
EPICO-IT ApS Borupvang 2C, 2nd floor 2750 Ballerup VAT: 32466249 Email: info@epico.dk
Content
EPICO's Privacy Policy
What is personal information
What personal information do we process and for what purpose
When in general contact with us
When you are a customer with us
When you are a consultant/freelancer with us
When you are recruited through us
When you are employed with us
When you visit our website
Who transfers and discloses personal information
Your rights
Updating our privacy policy
What is personal information
Personal information can be various things, often including name, address, email, phone number, birthdate, CPR number, image, etc. It can also be information that, in combination with other data, reveals something about a person, such as information in a CV, exam papers, statements, references, personality tests, etc.
The personal information we process is often general information, but we still handle it securely and confidentially.
What personal information do we process and for what purpose
Depending on the relationship with us, we process personal information in different ways and for different purposes. Below, you can read about the specifics of each processing.
When in general contact with us Purpose
When you contact us via letter, email, or phone, we process contact information to respond and engage in regular dialogue.
Legal basis for processing personal information
Processing of personal information is based on legitimate interest (Article 6.1f), as we do not violate the fundamental rights of the data subject when using and storing ordinary contact information for dialogue.
Categories of personal information and their source
We process general contact information and other personal information provided by the data subject.
Recipients of personal information
Received personal information is primarily processed internally at EPICO, but there may be situations where contact information is disclosed as agreed.
Storage of personal information
If your contact is sporadic and you do not become an employee, customer, consultant, freelancer, or otherwise associated with EPICO, your personal information will automatically be removed from our systems within 6-9 months.
Automatic decisions and profiling
There are no automatic decisions or profiling involved.
When you are a customer with us Purpose
When you are a customer, we often have an agreement for a service or delivery. Under this agreement, we exchange personal information for our employees to communicate about the deliverables.
Legal basis for processing personal information
Processing of personal information is based on a contract/agreement (Article 6.1b).
Categories of personal information and their source
We primarily process general contact information provided by the data subject or another person in the collaboration.
Recipients of personal information
Personal information is primarily processed internally at EPICO but may also be disclosed to other partners and collaborators in fulfilling the contract/agreement.
Storage of personal information
As long as you are a customer, we retain relevant communication important for our collaboration. Other ad-hoc communication is regularly deleted as part of our internal policies.
When a customer relationship ends, we retain relevant communication for up to 3 years to settle potential disputes and facilitate a possible resumption of collaboration.
Automatic decisions and profiling
There are no automatic decisions or profiling involved.
When you are a consultant/freelancer with us Purpose
When registered as a consultant/freelancer, we process personal information to match a person with a vacant position or task for our clients.
Legal basis for processing personal information
Processing of personal information is based on legitimate interest (Article 6.1f), where we balance the processing of personal information for the purpose of matching a person to a vacant position or task, which does not violate the fundamental rights of the data subject and is done at the data subject's own request.
Disclosure of personal information to clients always occurs based on obtained consent.
Collection of references always occurs based on obtained consent.
Categories of personal information and their source
We process personal information such as contact details, CV, exam certificates, education certificates, certificates, etc., provided by the data subject.
We also process statements from references and subjective assessments of professional knowledge.
Personal information is primarily processed internally at EPICO in searching for a suitable candidate for a position or task. Personal information is disclosed to our clients when a match is found. Our clients are typically in the EU/EEA, but it may occur that personal information is disclosed to clients outside the EU/EEA. Disclosure is always based on the consultant's/freelancer's consent.
Storage of personal information
As long as you are registered as an active consultant/freelancer with us, we store and process personal information.
When you no longer wish to be registered as an active consultant/freelancer, we delete information such as CVs, exam papers, statements, etc. Ordinary contact information and information related to contracts and invoicing are generally kept for up to 5 years, depending on the specific purpose and legal obligation.
Automatic decisions and profiling
There are no automatic decisions or profiling involved.
When you are recruited through us Purpose
When registered with us for recruitment, we process personal information to match a person with a vacant position with a client.
Legal basis for processing personal information
Processing of personal information is based on legitimate interest (Article 6.1f), where we balance the processing of personal information for the purpose of matching a person to a vacant position without violating the fundamental rights of the data subject. This occurs at the data subject's own request.
Disclosure of personal information to the client always occurs based on obtained consent.
Collection of references always occurs based on obtained consent.
Categories of personal information and their source
We process personal information such as contact details, CV, exam certificates, education certificates, certificates, etc., provided by the data subject.
We also process statements from references and subjective assessments of professional knowledge.
Recipients of personal information
Personal information is primarily processed internally at EPICO in searching for a suitable person for a position. Personal information is disclosed to our client when a match is found. Our clients are typically in the EU/EEA, but it may occur that personal information is disclosed to clients outside the EU/EEA. Disclosure is always based on the person's consent.
Storage of personal information
We store and process personal information during the recruitment process and up to 6 months afterward.
If the person wishes to remain registered with us for matching to other jobs, we store personal information for up to 1 year after the last interaction.
When the person no longer wishes to be registered as an active job seeker, we delete information such as CVs, exam papers, statements, etc. Ordinary contact information and information related to contracts are kept for up to 1 year.
Automatic decisions and profiling
There are no automatic decisions or profiling involved.
When you are employed with us Purpose
When you are employed with us, we process personal information to operate the business.
Legal basis for processing personal information
Processing of personal information primarily occurs based on an employment contract (Article 6.1b) or a legal obligation (Article 6.1c).
Additionally, some processing occurs based on legitimate interest (Article 6.1f) and occasionally based on consent (Article 6.1a).
Categories of personal information and their source
We primarily process general contact information provided by the data subject. Additionally, we process information about salary, pension, vacation, sickness, union membership, and other relevant information related to the operation of the business.
Recipients of personal information
Personal information is primarily processed internally at EPICO. Information about salary, pension, tax, etc., is disclosed to relevant companies and/or authorities.
Storage of personal information
As long as you are employed with us, we retain relevant personal information.
When the employment relationship ends, we store personal information for up to 5 years due to legal obligations.
Automatic decisions and profiling
There are no automatic decisions or profiling involved.
When you visit our website Purpose
When you visit our website, you leave a "footprint" either in the form of an IP address or an ID in a cookie. Both pieces of information may be disclosed to a third party for the purpose of collecting statistics or targeted marketing. Read more about our use of cookies in our cookie policy (link).
Legal basis for processing personal information
Processing of personal information is based on legitimate interest (Article 6.1f) because we balance the collection and disclosure of behavioral information on our website for statistics without violating the fundamental rights of the visitor. You can opt-out of this disclosure at any time by changing the settings for third-party cookies in your browser. See our cookie policy (link).
Categories of personal information and their source
We collect personal information in the form of an IP address and visit behavior based on an ID in a cookie. We only collect personal information that the visitor voluntarily provides.
Recipients of personal information
We indirectly and directly disclose personal information to Google. The company is located in the USA. Data processing agreements have been made with Google, and it has been verified that Google is part of the EU's certification agreement "Privacy Shield." This ensures that companies in the USA process personal information in accordance with applicable EU legislation.
Storage of personal information
The data we collect for statistics is stored for 26 months in Google Analytics, after which it is automatically deleted.
Automatic decisions and profiling
The collected personal information is not used for automatic decisions and profiling at EPICO. However, it should be expected that Google, to some extent, uses visit behavior for its internal profiling.
Links to other websites
There may be links to other websites or partners on the website. We cannot be held responsible for the content of these websites or the collection of personal information by these websites.
Who transfers and discloses personal information We use several external companies and services that process personal information on our behalf. These are 'data processors' for us. For all our data processors, we have entered into data processing agreements to ensure that our requirements for the protection of personal information are followed. In general, we only transfer data. That is, the data we transfer belongs to us and is not used for the external company's own purposes.
To the fullest extent possible, we use data processors located in the EU/EEA, so personal information is not transferred to insecure third countries. In some cases, we use data processors in the USA, but only if they meet the applicable requirements according to the Data Protection Regulation.
In some cases, we disclose personal information to external companies. This could be customers, insurance companies, tax authorities, and the like. In common for these is that they are data controllers for the personal information they receive from us. When we disclose personal information, it is typically based on one of the following legal grounds: Legitimate interest, your consent, fulfillment of a contract/agreement, or legal obligation.
Your rights With the introduction of the new Data Protection Act and the General Data Protection Regulation (GDPR) in May 2018, you, as an individual, have gained several new rights that provide you with a higher degree of insight and self-determination over the processing of your personal information. Regardless of your relationship with EPICO, you have the following rights:
The right to access and rectify: You can request access to the personal information we process and request rectification if it is incorrect.
The right to erasure: The personal information we process will always be deleted when the purpose of processing ceases. However, we may be obligated to retain and process certain personal information if other legislation requires it. You can ask us to delete the personal information we process about you, and you can withdraw your consent if our processing is based on consent, which is equivalent to asking to be deleted. If we do not have another legal obligation or legal basis to continue processing, we will comply with the deletion.
The right to restriction of processing: You can ask us to limit the use of your personal information. This right does not apply to all processing, but we will inform you about this upon request.
The right to object: You can object to our processing of your personal information if you believe we do not have a legal basis to process them.
The right to data portability: You can receive the personal information you have provided us in a machine-readable format if the personal information was machine-readable upon delivery. Personal information in the form of images, PDF files, etc., is provided in the same format as we received them.