Netcompany privacy policy

Data Protection Officer (DPO)
+45 70 13 14 40
gdpr@netcompany.com
Netcompany’s Privacy Policy relates to the nature and scope of our processing of your personal data in our business operations, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).


1 Privacy Policy 

This Privacy Policy explains how Netcompany processes your personal data and what your rights are in relation to Netcompany’s collection, processing and retention of your personal data.
 

The Privacy Policy is addressed to you as an applicant, customer, supplier, business partner, collaborator, consultant, advisor or any other party for whom we may process personal data.
   
2
 Data Controller 

When processing your personal data for Netcompany’s purposes, Netcompany acts as a data controller.

Netcompany is an international organisation with legal entities in several countries. The entity responsible for the processing of your personal data (the data controller) thus depends on which entity you are working with.

Location Company Address
Denmark

Netcompany Group A/S
Netcompany A/S

Strandgade 3
DK-1401 Copenhagen
Denmark
United Kingdom Netcompany UK Limited

6th Floor, 2 Pancras Square, London
Greater London, N1C 4AG
United Kingdom
Poland Netcompany Poland Sp. Z o.o.

ul. Puławska 180
PL - 02-670 Warzaw
Poland
Norway Netcompany Norway AS

Øvre Voll gate 15
NO - 0158 Oslo
Norway
The Netherlands Netcompany Netherlands B.V.

Kanaalweg 3b
2628 EB Delft
Holland

Some of your personal data may be shared internally within the Netcompany Group, but only if it is necessary in order to fulfil the purpose of which we are processing your personal data. All entities in the Netcompany Group have entered into an Intra Group Agreement that ensures that everyone follows the same procedures when processing personal data so the same level of security is maintained throughout.
   
3
 Whistleblower system 

The whistle-blower system found on our website is an independent and autonomous channel, which is secured by using an external law firm (Plesner). Some personal data might be collected in this matter, if you choose to use the system – it will however not be disclosed to Netcompany, unless there is a legal requirement to disclose it. We recommend that you read Plesners Privacy Policy regarding their collection of personal data, which can be found by following this link.
   
4 Purposes for processing of personal data

Netcompany only process personal data where a specific and legitimate purpose exists. Below we have listed the most relevant purposes for Netcompany’s processing of personal data and some of the activities associated herewith:
 

Applications and recruitment:
E.g. applicants applying for a job (whether solicited or non-solicited), potential candidates participating in various events (whether socially or academically), candidates contacting Netcompany with the purpose of hiring (whether as a regular employee or freelancer), entering and participating in Netcompany’s recruitment process and when participating in job interviews and/or personality tests.
 

Business operations:
E.g. when operating and managing the IT and communications systems, managing product and service development, buying various goods and items from suppliers, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to manufacturing and other business activities, maintaining security of premises, budgeting, financial management and reporting, communications, managing mergers, acquisitions, and reorganisation or disposals.
 

Communication:
E.g. when facilitating communication with employees, use of photographs in newsletters and other material distributed within Netcompany and to partner entities and subsidiaries, providing references, ensuring business continuity, protecting the health and safety of employees and others, safeguarding IT-infrastructure, office equipment and other property, facilitating communication in an emergency, publication of contact information and pictures on our website.
 

Compliance:
E.g. when monitoring compliance with internal policies or applicable laws, complying with legal and other requirements, such as income tax and national insurance deductions, recordkeeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public or regulatory authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claim and complying with internal policies and procedures.
 

Website:
When you use our website, we collect personal data via cookies. Please see Netcompany’s cookie policy for further information.
   
5
 Categories of personal data 
5.1 Personal Data

Netcompany processes personal data that is provided to us by either you, our business partners or customers etc. Usually, that amounts to the processing of some of the following categories of personal data e.g.:

  • Name, e-mail, telephone number, address, date of birth, gender, photographs, bank and salary details, description of current position and title, employment status, details contained in letters of application and resume/CV, previous employment background and references, education history, professional qualifications and academic credentials, other relevant skills and personality test results.
     
5.2 Sensitive personal data

Sensitive personal data is defined as:

  • Personal data regarding racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade-union membership
  • Genetic and biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health or data concerning a natural person's sex life or sexual orientation
  • Criminal offences

Generally, Netcompany does not process sensitive personal data. However, in connection with an application, we may ask for a criminal record to be provided.
   
6
 Collection of personal data 

We may collect personal data from the following source(s):
 
(1) Directly from you, such as through an application process or other forms or information you provide to Netcompany in connection with your application, partnership, consultancy work, advisory work etc.

(2) From group entities or subsidiaries such as through an application process or other forms or information you provide to the group entity or subsidiary in connection with your employment, partnership, consultancy work etc.

(3) During your activities in the course of your application, partnership, consultancy work, such as through your performance and interaction with other employees, customers, or other individuals

(4) From third parties which may include (the list is not exhaustive):

(i) References

(ii) Former employers

(iii) Public authorities (in particular regarding security checks and the obtaining of security licenses)

(iiiv) Other third parties, including background checks, agencies and external recruiters

(v) Websites, LinkedIn or similar public medias

 
7 Special notices
  Netcompany hereby explicitly notifies that there is video surveillance at the entries of our premises.
   
8 Legal basis for processing of personal data

We process personal data on the following legal grounds pursuant to the GDPR:

Consent (article 6.1.a):
E.g. when you provide Netcompany with the relevant personal data directly or you provide Netcompany with your explicit consent to obtain such personal data.
 
Necessary for the performance of the contract between you and Netcompany (article 6.1.b):
E.g. when it is necessary for Netcompany to comply with a contractual obligation.
 
Necessary for Netcompany to comply with a legal obligation (article 6.1.c):
E.g. when Netcompany must comply with laws on bookkeeping and financial reporting etc.
 
Necessary for the pursuit of legitimate purposes of Netcompany (article 6.1.f):
E.g. when Netcompany stores contact information in our CRM system to handle client relations.
 
Necessary for the purpose of carrying out obligations in the field of employment, social security and social protection (article 9.2.b):
E.g. when Netcompany must comply with employment laws etc.
 
Necessary for the establishment, exercise or defence of legal claims (article 9.2.f):
E.g. in cases where it is necessary for Netcompany to either establish, exercise or defence legal claims.
   
9 Recipients of personal data

Netcompany only shares your personal data to the extent that it is necessary in order to fulfil the purposes with the processing or if required by law. In such cases, we might share your personal data with:

  • Suppliers, business partners and clients that we work with e.g. service providers and financial institutions
  • Group entities
  • Public authorities

Certain recipients process personal data on behalf of Netcompany (data processors) and may only process your personal data in accordance with the instructions given by Netcompany. These third parties may not process your personal data for their own purposes.
 

To the extent that Netcompany disclose or transfer personal data to third parties who may use your personal data for their own purposes (joint data controllers), such disclosure or transfer will only take place if it is in accordance with applicable law or with prior consent given from you.
 
   
10 Transfer to countries outside the EU/EEA 

Netcompany generally refrains from transferring personally data to countries outside the EU/EEA.
 

(1) If the country has been deemed to have an adequate level of protection of personal data by the Commission of the European Union, and

(2) If the country has not been deemed to have an adequate level of protection of personal data by the Commission of the European Union, where the appropriate safeguards can be guaranteed through either:

(a) The use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities, or

(b) The use of an approved code of conduct pursuant to article 40, an approved certification mechanism pursuant to article 42


11 Storage 
  We only store personal data for as long as it is necessary in order to fulfill the purposes of the processing, unless there are specific legal reasons, and/or a legal requirement that stipulates a longer storage period.
  As such personal data obtained in connection with applications and recruitment will as a main rule be deleted after 12 months from the receiving of the candidate’s application.
  Personal data obtained in connection with business operations will generally be deleted according to either Netcompany’s Internal Privacy Policy or according to the agreed upon terms with our suppliers or other business parties.
  Personal data obtained in connection with communications will also in general be deleted according to Netcompany’s Internal Privacy Policy.
   
12
 Your rights as a data subject

As a data subject you have certain rights, which are listed and further described below. Netcompany takes all necessary and adequate measures to protect your personal data and ensure your rights as a data subject.
 

Your rights as a data subject includes the right to:

  • Request access to your personal data
  • Request rectification of your personal data
  • Request erasure of your personal data
  • Object to the processing of your personal data and have the processing restricted
  • Receive your personal data in a structured, commonly used and machine-readable format (data portability)
  • Complain to a data protection supervisory authority
     

Exercising your rights

You may take steps to exercise your rights by contacting Netcompany’s appointed DPO. You can find the contact information under section 15.
 

Please note, that there may be other conditions or limitations on your rights as a data subject than stated above, depending on the specific circumstances.


13 Withdrawal of consent

When the processing of your personal data is based on your consent, you may withdraw your consent at any time by contacting Netcompany’s DPO. However, please note that this does not affect the legal basis for Netcompany's processing of your personal data prior to the withdrawal of your consent. 
 
14 Filing of complaint 

If you wish to file a complaint regarding Netcompany’s processing of your personal data, you can always contact Netcompany’s DPO. All complaints filed to the DPO should be resolved, if, however, this is not the case, you can file a complaint to the local data protection supervisory authority.

 
Country Supervisory Authority 
Denmark Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
DK-2500 Valby
Tel: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Poland Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
ul. Stawki 2
00-193 Warsaw
Tel. +48 22 531 03 00
Fax: +45 22 531 03 01
Email: kancelaria@uodo.gov.plzwme@uodo.gov.pl
Website: https://uodo.gov.pl/
Norway Datatilsynet
Tollbugata 3
0152 Oslo
Tel: +47 22 39 69 00
Email: postkasse@datatilsynet.no
Website: www.datatilsynet.no
United Kingdom The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel: +44 1625 545 700
Email: casework@ico.org.uk
Website: https://ico.org.uk
The Netherlands Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel: +31 70 888 8500
Fax: +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/nl
15 Data Protection Officer (DPO)
 

The contact information of Netcompany’s Data Protection Officer (DPO) are as follows:
Telephone number: +45 70 13 14 40
Email address: gdpr@netcompany.com
   
16 Changes to the Privacy Policy 

This Privacy Policy will be updated on a regular basis and whenever necessary due to changes in applicable law. The Privacy Policy will always include information on the effective date of the latest version.
 
Latest version was approved and adopted on February 3 2020.