Privacy Policy for Employees at Searchmind ApS

Privacy Policy

Privacy Policy for Employees

1. We are the data controller – how do you contact us?

Searchmind ApS is the data controller for the processing of the personal data that Searchmind ApS has received about you in connection with your employment with the company.

If you have any questions about Searchmind ApS’ processing of your data, you are always welcome to contact us.

You will find our contact details below.

Searchmind ApS
https://www.searchmind.dk/
CVR 37340588
Klostergade 28, 2nd–3rd floor
8000 Aarhus C
Phone 3012 4272
E-mail: info@searchmind.dk.

Contact person regarding personal data relating to employees: Head of People Operations

2. The purposes of and legal basis for the processing of your personal data

Searchmind ApS processes your personal data for the following purposes:

Searchmind ApS processes your personal data as part of our HR administration.

3. Categories of personal data, the legal basis for the processing of your personal data, and where Searchmind ApS obtains the personal data from

Searchmind ApS processes the following categories of personal data about you:

  • Identification data such as name, address, etc. some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(b), as processing is necessary for the performance of the employment contract

    • Source of the personal data: You as the data subject

  • Information relating to the employment relationship for use in HR administration, such as position, place of work, salary conditions, seniority, CPR number, education, sick leave, information from appraisal meetings, information from workplace assessments, etc. some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(b), as processing is necessary for the performance of the employment contract, and for CPR numbers: DPA, § 11(2), cf. DPA § 7(2)

    • Source of the personal data: You as the data subject

  • Employee photos some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(a), as consent is always obtained before photos of you are published on the company website. Consent may be withdrawn at any time. Your portrait photo will also be used on our intranet, internal communication channels, and email signature to identify you.

    • Source of the personal data: The company's photographer

  • Criminal offences, where relevant in relation to the employment relationship some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): DPA, § 8(3), as you as the data subject have given your explicit consent

    • Source of the personal data: You as the data subject

  • Trade union membership, where relevant in relation to the employment relationship some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): DPA, § 12(2), as the company processes the information in order to comply with a collective agreement, and as the information is only processed when necessary in relation to the fulfilment of collective agreement obligations, which is a legitimate interest that overrides your interests, as the processing is relevant to the company's compliance with the collective agreement

    • Source of the personal data: You as the data subject

  • Health information some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): The Act on the Use of Health Data in the Labour Market and DPA, § 12(2), as the company processes the information in order to comply with legislation (such as the Sickness Benefits Act, the Active Employment Effort Act, and the Anti-Discrimination Act) and collective agreements, and as the company's processing of health data is based on a legitimate interest that overrides your interests. This may, for example, relate to the tasks that an employee on a flex job scheme can perform

    • Source of the personal data: You as the data subject

  • Logging of emails and internet use some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(f), as the company's legitimate interest in carrying out monitoring measures overrides your interests. In this regard, it is noted that logs are only reviewed as part of a check when there is suspicion of use contrary to the company's guidelines, or as part of the company's assessment of its IT security level

    • Source of the personal data: The company's logging system

  • Recording of telephone calls for quality assurance, training purposes, and documentation of agreements some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(a), as consent is obtained before telephone calls are recorded. Consent may be withdrawn at any time

    • Source of the personal data: The company's telephone call recording system

  • Publication of contact details on the internet (not photos) some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(f), as the company's legitimate interest in informing customers and business partners of your contact details overrides your interests. If, as an employee, you have particular private circumstances that make publication of your contact details problematic, you are encouraged to notify your manager, after which the company will decide whether the information should not be published

    • Source of the personal data: You as the data subject

  • Attendance times and access control some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(f), as the company's legitimate interest in carrying out monitoring measures overrides your interests. In this regard, it is noted that the company gives notice of monitoring measures, and that the company has a need to monitor who is on the premises and that time registration is correct. Monitoring of time registration is relevant in relation to correct salary payment, etc.

    • Source of the personal data: The company's registration system

  • Electronic trails in connection with the performance of work in e.g. ERP systems, CRM systems, and file management systems, etc. some text

    • Legal basis in the General Data Protection Regulation (GDPR) or the Data Protection Act (DPA): GDPR, Article 6(1)(f), as the company's legitimate interest in being able to retrieve information from its systems and see who entered the information overrides your interests, as this is essential for customer service


4. Recipients or categories of recipients

Based on the purpose for which the information was collected, Searchmind ApS discloses or transfers your personal data to the following recipients:

  • The company's payroll bureau

  • Your bank and the company's bank

  • NemID

  • Public authorities such as the Danish Tax Authority (SKAT), FerieKonto, your municipality of residence, NemRefusion, Udbetaling Danmark, ATP, Statistics Denmark, etc.

  • e-Boks

  • Trade unions and employee representatives

  • Pension companies

  • Insurance companies

  • Auditor and any legal counsel

  • The IT company that hosts the company's data

  • Employer associations such as Grakom and DA

5. Transfer to recipients in other EU countries and third countries, including international organisations

Your personal data will not be transferred to recipients outside the EU and the EEA.

Your personal data will furthermore not be transferred to recipients outside Denmark's borders.

6. Retention of your personal data

Searchmind ApS retains your personal data for as long as you are employed. Your personal data will be deleted no later than 5 years after your departure, unless it is necessary to retain the data for a longer period, for example in the event of workplace injuries or the establishment of legal claims.

However, we delete the results of your personality test no later than 6 months after your departure.

An email account of a departed employee is closed no later than 12 months after the employee has left.

7. Automated decisions, including profiling

Searchmind ApS does not use automated decisions.

8. The right to withdraw consent

If the processing of your data is based on consent, you have the right to withdraw your consent at any time. You can do so by contacting Searchmind ApS using the contact details set out in point 1 above.

If you choose to withdraw your consent, this does not affect the lawfulness of Searchmind ApS’ processing of your personal data based on your previously given consent and up to the time of withdrawal. If you withdraw your consent, it will therefore only take effect from that point in time.

9. Your rights

Under the General Data Protection Regulation, you have a number of rights with regard to Searchmind ApS’ processing of information about you.

If you wish to exercise your rights, you must contact Searchmind ApS.

Right to access information (right of access)

You have the right to access the information that Searchmind ApS processes about you, as well as a number of additional pieces of information.

Right to rectification (correction)

You have the right to have inaccurate information about yourself corrected.

Right to erasure

In special cases, you have the right to have information about you deleted before the time at which Searchmind ApS’ general deletion schedule applies.

Right to restriction of processing

In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to restricted processing, Searchmind ApS may in future only process the data – apart from storage – with your consent or for the purpose of establishing, exercising, or defending legal claims, or to protect a person or important public interests.

Right to object

In certain cases, you have the right to object to Searchmind ApS’ otherwise lawful processing of your personal data. 

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have this personal data transferred from one data controller to another without hindrance.

You can read more about your rights in the Danish Data Protection Agency's guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

10. Complaint to the Danish Data Protection Agency

You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way in which Searchmind ApS processes your personal data. You can find the Danish Data Protection Agency's contact details at www.datatilsynet.dk.