JOTUN PRIVACY STATEMENT FOR RECRUITMENT
Jotun A/S and its Group Companies (Jotun) are committed to the protection of personal data of Jotun employees and other individuals.
This Privacy Statement (the "Privacy Statement") describes the personal data that Jotun collects from or about you in the recruitment processes ("Personal Data"), and how we use and to whom we disclose such data.
This Privacy Statement applies to the Personal Data of all individuals and employees (the “Data Subject”) registering their personal data in Jotun’s recruitment management system used for recruitment purposes.
2. Data controller
Jotun A/S or its Group Companies (Jotun) which controls the Personal Data is the so-called “data controller” for the Personal Data that is processed about you. For more information regarding data protection the Jotun Data Protection Officer can be contacted on firstname.lastname@example.org
Company name: Jotun A/S
Registration number: 923 248 579
Address: Postboks 2021
DPO: Lina Hellenes, email@example.com
3. Data Processor
The data processor is the company processing data in connection to recruitment on Jotun’s behalf. Jotun may use an external recruitment and/or employment verification service provider (the Data Processor) Specific information related to the Data Processor is available within the software applicable.
The Data Processors can only process Personal Data in accordance with the purpose stated in section 5. In addition, the Data Processor may need to access Personal Data stored in the system for the purposes of administration and technical maintenance. Jotun has entered into data processing agreements with the Data Processors, processing Personal Data on behalf of Jotun to the extent required by law. In any case, your data processed by Data Processors will be kept confidential and accessed only by a limited number of individuals. Notwithstanding the above, the Data Processor, may need to disclose your personal information in order to comply with applicable laws and requests of government authorities.
4. WHAT IS PERSONAL DATA?
Personal Data is any information related to a person that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
For the purposes of this Privacy Statement, Personal Data is any information about an identifiable individual. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).
5. FOR WHICH PURPOSES DO WE COLLECT PERSONAL DATA?
Personal Data of Data Subjects, shall be collected, used or otherwise Processed in connection to recruitment to positions in Jotun. The basis for the processing of your personal data is:
- Legitimate interest
- Consent for background checks and testing of applicants
6. WHAT KIND OF PERSONAL DATA DOES JOTUN COLLECT FROM YOU?
Jotun collects and maintains different types of Personal Data in respect of Data Subjects when applying for a position in Jotun. or sending a open/general application not related to a specific position (General CV). This includes e.g. the Personal Data contained in:
- contact information such as name and address, telephone numbers and email address;
- details about an individual’s work experience and qualifications
- CV and attachments such as, but not limited to, certificates, references,
- answers to screening questions (predefined questions)
- interview notes
- contact information for referees and related correspondence
- assessment of applicant
- if applicable to local legislation and filled out by the Data Subject we also collect date of birth, gender, country of residence, nationality
- if uploaded by the applicant, application text and/or photo of the applicant
- after prior consent from the applicant, occupational tests
- after prior consent from the applicant, access to background checks
7. WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may share your Personal Data with our Employees, contractors, consultants and other parties (including other members of the Jotun group) who require such information to assist us fulfilling the purpose of processing.
8. TRANSFER AND DISCLOSURE OF PERSONAL DATA
Personal Data is only transferred to external parties, outside the Jotun Group if this is required or permitted under the applicable privacy legislation. When we share Personal Data with external parties we require that the external party enters into a Data Processing Agreement (DPA) with Jotun in compliance with the General Data Protection Directive, (EU) 2016/679 ("GDPR"). Such parties may only use or disclose Personal Data in a manner consistent with the use and disclosure provisions of this Privacy Statement.
Further, your Personal Data may be disclosed in the following situations:
- If permitted or required by applicable law or regulatory requirements. In such a case, we will endeavour to not disclose more Personal Data than is required under the circumstances.
- To comply with valid legal processes such as search warrants, subpoenas or court orders; or
- To protect the rights and property of Jotun;
- With your consent where such consent is required by law.
9. INTERNATIONAL TRANSFER OF PERSONAL DATA
The Jotun Group has entered a set of data protection rules and policies, binding for all companies. The so-called Jotun Binding Corporate Rules (“BCR”), with corresponding policies, procedures and guidelines are worked out in order to be compliant with the GDPR. With common data protection rules across Jotun, we ensure an adequate level of protection for all Data Subjects including when Personal Data is transferred between different Group companies to different countries.
It is Jotun's policy to comply with the privacy law within each country in which we operate. Sometimes this legislation and/or a Data Subject's right to data protection are different from one country to another. Data Subjects keep any rights they have under local law. This Privacy Statement shall apply only where it provides additional protection. Where local law provides more protection than this Privacy Statement, local law shall apply.
10. NOTIFICATION AND CONSENT
In some situations, however, it might be that your consent is required for our collection, use or disclosure of your Personal Data. In such cases you may at any time, subject to legal or contractual restrictions and reasonable Statement, withdraw your consent. If you choose to withdraw your consent please send an email to your contact person in Jotun or to firstname.lastname@example.org.
11. HOW IS YOUR PERSONAL DATA PROTECTED?
Jotun endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the Personal Data in question. These safeguards are designed to protect your Personal Data from loss and unauthorized access, copying, use, modification or disclosure.
12. PERSONAL DATA RETENTION
Except as otherwise permitted or required by laws or regulations, Jotun endeavours to retain your Personal Data only for as long as we believe is necessary to fulfil the purposes for which the Personal Data was collected, and for no longer than one year after the recruitment has been finalised.
For personal data voluntarily delivered manually as a General CV personal data will be retained until the Data Subject contacts Jotun and requests deletion. For personal data related to a specific position the personal Data will be retained for a period of one year after the recruitment process is finalised for the Data Subject that are not hired for the position. For the Data Subject hired for the position other retention rules for employees apply.
Notwithstanding the other provisions outlined above, we will retain electronic records containing personal data if we believe that the record(s) may be relevant to any ongoing or prospective legal proceedings; and to the extent that we are required to do so by law.
13. UPDATING YOUR PERSONAL DATA
It is important that the Personal Data in our records is both accurate and current. If your Personal Data happens to change, please keep us informed of such changes.
14. ACCESS, CORRECTIONS AND DELETING PERSONAL DATA
You have the right to access information about your Personal Data. If you want to review, verify, correct or delete your Personal Data, you can either do that in the self-service part of the system, or contact your local Jotun company or branch or send an email to email@example.com.
We will take necessary steps to confirm the data subject’s identity before providing any information regarding personal data. The request will, when the requestors identity is confirmed, be answered within 30 days. In some instances, the request may take longer, but we will inform you accordingly and send an answer at the latest within 90 days.
Your right to access the Personal Data is not absolute. There are instances where law or regulations allow or require us to refuse to provide some of the Personal Data. It may also be statutory requirements preventing us from deleting some Personal Data. In the event that we cannot adhere to your request, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
15. INQUIRIES OR CONCERNS
If you have any questions about this Privacy Statement or concerns about how we manage your Personal Data or if you wish to file a complaint, please contact our Global Data Protection Officer at firstname.lastname@example.org.
We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you at our earliest convenience and at the latest within one month after your request was made.
If you wish to lodge a complaint you can also contact your local supervisory authority, or the EU/EEA member stated where you have habitual residence, place of work or the place where the alleged violation took place. The contact information to the authority in Norway is:
P.O 8177 Dep.
16. REVISIONS TO THIS PRIVACY STATEMENT
Jotun may from time to time make changes to this Privacy Statement to reflect changes in our legal obligations or in the manner we deal with your Personal Data. We will communicate any revised version of this Privacy Statement. The, at all times applicable and updated Data Protection Statement is available here. Any changes to this Privacy Statement will be effective from the time they are communicated. Any change that relates to why we collect, use or disclose your Personal Data, that require your consent, will not apply to you until we have obtained your consent.
17. INTERPRETATION OF THIS PRIVACY STATEMENT
This Privacy Statement includes examples but is not intended to be restricted only to such examples. Therefore, where the word 'including' is used, it shall mean; including but not limited to.