Recruitment Privacy Notice
The purpose of this privacy notice is to inform candidates on how Tink AB will process applies personal data within Tink’s recruitment process.
Tink AB (“we”, “our”, “us”) is the data controller for the processing of your personal data, meaning that Tink is responsible
for processing of your data in accordance with applicable data protection legislation, such as the GDPR.
111 20 Stockholm
+46 8 50 90 89 00
How we collect your data
We collect candidates’ personal data directly from themselves when they make an application for a position at Tink, providing personal data about themselves either personally or by using a third-party source such as LinkedIn.
We may also collect data from third parties, such as LinkedIn and through other public sources. This is often referred to as “sourcing”. In some cases, our employees can make recommendations about potential candidates and provide personal data about such candidates.
As Tink is a payment institution supervised by the Swedish financial supervisory authority, all employments are subject to satisfactory background checks. This means that we, as a potential final step in the recruitment process, may collect personal data from vendors specialized in such background checks.
The personal data we process
Tink collects and processes personal data provided by yourself when you submit information in job applications, such as name, contact details, curriculum vitae (CV).
If you are accepted and agree to further steps in the recruitment process, interview notes, tests, recorded comments and dialogue between people involved in the activity will be added to the processing of personal data. Tink also collects information by use of social media, public searches, own or third-party cookies and other follow-up tools.
As mentioned above, we also engage third-party vendors for background checks. We may take part of, and process, limited parts of such background checks.
Why we process your data, and the legal basis for the processing
The overall purpose for processing your personal data is handling our recruitment processes. The legal basis for the processing is our legitimate interest in facilitating
Provided that we have obtained your consent, we may also retain your personal data in our candidate database for the purposes of future recruitments. You may withdraw your consent at any time by contacting us.
Lastly, some data collected during the recruitment process may be processed and retained on the legal basis of our legitimate interest of protecting our legal interests.
Retention and deletion of your data
Your personal data is only kept and used by Tink for the time periods necessary to fulfil the purposes for which the data was collected. Basically, this means that once the data is no longer needed in relation to a specific recruitment process, the data is deleted. Please note that certain data is retained even after a recruitment process is closed, such as data that we need to retain to protect our legal interests on the event of a discrimination claim. No data is however kept by us when it is no longer needed in relation to the legal basis with which it is processed.
If you have agreed to let us retain your data in our candidate base for future potential recruitment, we will retain your data until you ask us to delete it or when we consider it not relevant in relation to our foreseeable recruitment plans.
How we share your data
Occasionally, your data may be shared with other companies in the Tink group if it is necessary in a recruitment process. As mentioned above we may also engage vendors providing background checks. To facilitate background checks we may provide basic identity data (name and social security number) to such vendors.
Some of our platforms and systems are provided by our subcontractors (“data processors”). As our subcontractors, they are only allowed to process your data according to our instructions and may not engage in unauthorized disclosure of your data.
As a general rule, we prefer to keep your personal data within the EU/EEA, but some of our subcontractors may use IT resources located outside the EU/EEA. If your personal data is transferred outside the EU/EEA, we ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted in line with applicable data protection legislation requirements, such as the GDPR. These safeguards may for example consist of ensuring that the recipient is subject to an adequacy decision by the European Commission, implementing the European Commission’s standard contractual clauses or ensuring that the recipient is registered with the US Privacy Shield.
Your rights as a data subject
As a data subject, you have certain rights in relation to your personal data. If you want to exercise any of them, please contact our Data Protection Officer at firstname.lastname@example.org.
● Right to access – You have the right to be informed about what personal data we process about you, including the purpose of the processing as well as the legal basis for the processing.
● Right to correction/rectification – If you consider that we are processing incorrect personal data about you, you may ask us to rectify it.
● Right to restriction of processing – You may request that we restrict the processing of your personal data. For example, it may be relevant if we have incorrect information about you and you do not want the processing to continue until we have rectified it.
● Right to erasure/ right to be forgotten – You may request that we delete your personal data. Although we will meet any such request to the extent required under applicable law, please note we may still maintain that certain data (such as data which we need to keep to protect our legal interests).
● Right to data portability – In relation to personal data which is processed based on consent, you may ask to obtain your personal data in a machine-readable format so that it can be forwarded to a third party.
● Right to object – In relation to processing of personal data based on legitimate interest, you are entitled to object to the use of your personal data. If your privacy interests outweigh our interests in processing certain data, we will stop processing such data.
● Right to withdraw consent – If any processing of your personal data is based on consent, you are entitled to withdraw your consent (and we will stop further processing of the data).
Want to know more?
If you have any questions about our processing of your personal data, please do not hesitate to contact our Data Protection Officer at email@example.com.
If you are not happy with us
Finally, if you think that we are not fulfilling our legal obligations in relation to our processing of your personal data or your rights, you may contact the Swedish data protection authority (Datainspektionen, www.datainspektionen.se, firstname.lastname@example.org).
This privacy notice applies from 2020-01-24.