Privacy Policy
Talenom’s privacy policy describes the procedures and principles related to the processing of personal data. The privacy policy helps you understand what personal data we collect and why we do it, as well as how we process, protect, store and delete your personal data.
This privacy policy applies to Talenom’s website, customer services, financial management production systems and recruitment.
Data protection at Talenom
- Last update: 25.05.2023
Why do we process personal data?
Talenom stores and processes personal data for the purpose of providing services in a contractual relationship between Talenom and Talenom’s customers.
Personal data is also processed in order to fulfil statutory obligations related to the processing by official authorities.
Talenom has a legitimate interest in processing personal data to target the marketing and sales of Talenom’s services and to improve the quality of Talenom’s products and services.
The processing of personal data is based on separate consent for the following processing operations:
- Recruitment processes
- Direct marketing
Data subjects have the right to withdraw their consent at any time via a link in the marketing messages.
What personal data do we process?
Talenom processes, among other things, the following personal data:
- Contact information, such as first and last name, address, telephone number, e-mail address
- Social security number
- The Know Your Customer (KYC) data required by anti-money laundering legislation
- Information on beneficial owners
- Health information (e.g. in connection with the wills service of the maternity and child health clinics)
- Customer history, such as contacts and changes to services
- Call recordings and other recordings in our customer service situations
- Data for identification in Talenom’s electronic services
- Data generated by the use of services
- Information about cookies
- Information voluntarily provided by the data subject in the recruitment process
- Prohibitions and consents to direct marketing.
- In some of its services, Talenom processes personal data on behalf of Talenom’s customers.
In such cases, the customer is the controller of the resulting personal data register, while Talenom acts as the Processor of the personal data in the personal data registry in the capacity defined in the General Data Protection Regulation.
In this case, the processing measures related to the processing of personal data have been separately agreed with Talenom’s customer, using the description of the processing of personal data included in this document: Description of Processing Activities
Regular sources of information
In most cases, we receive information about you directly from you, for example in the following situations:
- You become a Talenom customer and start using our products and services
- You participate in our surveys or campaigns or in Talenom’s events
- You call our customer service or send a message in the chat
- You are looking for a job with us
In addition, we receive data from:
- Registers kept by the authorities
- e.g. from the Swedish Companies Registration Office and the Swedish Tax Agency
- Sanction lists
- Verified.eu
- Other public services providing contact details
- The contact forms on the website Talenom.com
- Talenom’s internal exchange of information
How do we take care of our customers’ data protection?
Technical protection of data contained in registers
Data processed electronically in the register is technically protected by firewalls, passwords and by offering Talenom’s customers two-factor authentication to customer data systems.
The data transfer between the customer and Talenom’s services is encrypted using Transport Layer Security (TLS) technology. The data is backed up regularly, and the backups are stored in a different location from the primary data.
Talenom carries out internal evaluations and allows third parties to carry out evaluations covering both the technical security of critical information systems and the processes and guidelines related to the administrative aspects of information security and data protection.
Administrative protection of registers
Talenom has an information security policy that every new employee goes through when the employment starts at Talenom. The information security policy describes the general rules on information security and protection that are binding on the employee.
Talenom’s employees’ awareness of information security and data protection is continuously maintained in various ways: by organising regular information sessions on information security and data protection for all personnel as well as annually mandatory information security and data protection training for employees.
Only Talenom’s employees and employees of companies working on behalf of and on behalf of Talenom have access to the data contained in the register on the basis of separately granted user rights. Users’ permissions are reviewed regularly, and unnecessary permissions are automatically removed. In particular, the user rights of the main users of the systems are monitored and removed when the users no longer need the rights. The user rights of employees who have left the Supplier are removed when the employment ends.
In accordance with the information security policy, the customer’s data is only processed by an employee of Talenom whose duties require it. The processing of customer data on other grounds is prohibited even if the employee has technical access to customer data due to his or her duties and for business reasons.
Talenom’s entire personnel as well as external persons working on behalf of the Personal Data Processor are bound to secrecy regarding all customer and personal data held by Talenom. The duty of confidentiality, including sanctions caused by breaches of confidentiality, is written into the employment contracts of Talenom’s personnel and into agreements made with third parties.
Physical protection of data in registers
Customers’ data is processed in information systems located in data centers in Sweden and Finland or in Cloud Services in the European Union.
In the machine halls in Sweden and Finland, the most important production systems have been duplicated in two physically separated machine halls to ensure the safety, data storage and continuity of service under both normal and exceptional conditions.
These machine halls are operated in safety procedures, access control and monitoring certified by the service provider.
Disclosure of data and subcontracting
Talenom may disclose personal data to any unit within the Talenom Group.
In some cases, Talenom must also disclose personal data to authorities if required by applicable law or regulation or if a request from a judicial or administrative authority so requires.
Talenom may disclose data other than data classified as special categories of personal data to its partners for the purpose of developing services, monitoring quality and marketing.
Talenom does not sell or rent personal data to other parties.
Upon request, Talenom provides an up-to-date list of the subcontractors used by Talenom.
Transfer of data outside the EU/EEA
As a rule, personal data is not transferred outside the European Union or the European Economic Area.
Contact information used in marketing communications and statistical data generated when Talenom’s electronic systems are used, as well as data stored in the recruitment service, are transferred to servers located outside the EU and EEA. These are protected by the respective service provider in accordance with European Union data protection law.
Data transfer to countries outside the EU/EEA takes place in accordance with the standard contractual clauses for data protection established by the European Commission.
Subcontractors transferring data to countries outside the EU/EEA:
- Google Analytics
- Hubspot
- Mailchimp
- TeamTailor (recruitment service)
- Choice HR (recruitment service)
How long do we store the data?
Talenom processes personal data throughout the customer relationship.
Company information and information about the company’s decision-makers are stored permanently at Talenom, as the information is automatically updated with us from the business registers.
When the customer relationship ends, personal data is stored to the extent necessary to fulfill our legitimate interests.
We store prohibitions on direct marketing until further notice.
Recorded calls are automatically deleted from the information systems after 3 months.
The data in the recruitment register is deleted from the system at the request of the data subject, or automatically after 12 months.
How do we use cookies and web analytics?
Talenom collects information with cookies to improve the user experience of our website and services, to evaluate the content used and to support marketing.
Cookies are small text files that are stored on the website visitor’s terminal device.
The following data is stored about the data subject:
- User’s IP address
- Time of visit
- Pages visited and duration of visit
- Browser type used
- User’s device, version, and operating system
- Where the user came from and where the user goes after using the website
By using Talenom’s website, we accept that cookies are used and stored on the user’s computer.
The visitor can prevent the use of cookies by changing the browser settings in such a way that the browser does not allow the storage of cookies. In this case, the user agrees that blocking the use of cookies may affect the functionality of certain services.
Data on users’ terminal equipment is automatically collected for the purposes of developing digital services and customer service, such as using browser cookies or similar technologies.
Rights of data subjects
In accordance with Sections 15–22 of the General Data Protection Regulation of the European Union, the data subject has the right to:
- check
- request correction of
- request deletion of
- restrict the processing of
- Request transfer from one system to another
- object to the processing of their personal data;
- lodge a complaint with the supervisory authority;
You can object to the processing of your personal data for direct marketing purposes at any time.
The exercise of certain rights of the data subject is restricted by other mandatory legislation, according to which Talenom has the right and obligation to justify the refusal to rectify, erase, restrict the processing of the data or transfer them from one system to another.
The data subject must address a written request based on his or her rights by e-mail to: dataskydd@talenom.se.
Controller of personal data
Talenom Redovisning AB
Holländargatan 13, SE-111 36 Stockholm
or
Box 842, SE-101 36 Stockholm
Procedures for notification of personal data breaches
The controller will notify the data subject if the personal data breach is likely to result in a high risk to the rights and freedoms of the data subject. The notification must describe the nature of the personal data breach and the measures taken in the manner required by the General Data Protection Regulation.
The controller’s obligation is to submit a notification to the information security authority within 72 hours of discovery if it is likely that the personal data breach will result in a high risk to the rights and freedoms of a natural person. The notification is made in accordance with the instructions of the Data Protection Ombudsman in force at the time.
Limitations
This privacy statement does not apply to third-party websites, applications or services that may be available in Talenom’s services through additional services provided by partners.
By accessing a partner’s website, the customer leaves Talenom’s service, in which case a third party can collect and share data about the customer.
Talenom recommends that our customers always familiarize themselves with the data protection procedures of a third-party service before allowing the collection and use of their own personal information in these services.