Privacy Policy for EPICO

At EPICO we make every endeavour to protect your and other people’s personal information in the best way possible. We do so because we want to safeguard people’s basic right to privacy.

We process all personal data confidentially, we do not disclose personal data without consent, and we always strive to comply with applicable legislation and good data ethics regarding personal data processing.

You can read below about the information we generally collect, process and store. We always state what the specific purpose is in a specific situation, and what rights you have.

 

Should you have any queries or comments about the policy, or if you wish to contact EPICO as the data controller in order to exercise your data rights, you can do so by email at: info@epico.dk

 

 

EPICO-IT ApS

Borupvang 2C, 2. Sal

2750 Ballerup

Denmark

CVR: 32466249

 

 

EPICO UK Limited

The Poplars

Bridge Street, Brigg, Att. Leanne Dalby

DN20 8NQ

North Lincolnshire, UK

Reg. nr. 07953727

 

Content

VERSION HISTORY:

DATA PRIVACY POLICY FOR EPICO-IT APS

What is personal data

What personal data we process and for what purpose

In general contact with us

If you are one of our customers

If you are one of our consultants/freelancers

If you are recruited through us

If you are one of our employees

When you visit our website

Who we transfer and disclose personal data to

Your rights

Updating of our data privacy policy

 

 

What is personal data

Personal data can be many things. It is often a name, address, email, phone number, date of birth, national identification number, photo, etc. It can also be information that, combined with other data, says something about a person. It could be information on a CV, examination papers, statements, references, personality tests, and so on.

The personal data we process tends to be general information, but we still process it securely and confidentially.

 

What personal data we process and for what purpose

We process personal data in different ways and for different reasons, depending on your relationship with us. You can read below what the specific processing involves.

 

In general contact with us

Purpose

If you contact us by post, email or phone, we process your contact details for the purpose of being able to respond and conduct a general dialogue.

The legal basis for our personal data processing

We have a legitimate interest in the personal data processing (Article 6.1f), as we do not infringe the basic rights of data subjects when their general contact details are used and saved for the purpose of conducting dialogue.

Categories of personal data and their source

We process general contact details, as well as other personal data that data subjects provide us with themselves.

Recipients of personal data

The personal data received is by default only processed internally within EPICO, but there may be situations where the contact details are disclosed by agreement.

Storage of personal data

If your enquiry is of a casual nature, and you do not become an employee, customer, consultant, freelancer or are otherwise associated with EPICO, your personal data will be removed from our systems automatically within 6-9 months.

Automated decisions and profiling

There is no automated decision-making or profiling involved.

 

 

If you are one of our customers

Purpose

If you are one of our customers, we most likely have entered into an agreement with you on service or delivery. Under this agreement we often exchange personal data for the purpose of enabling our staff to communicate with you on what is to be delivered.

The legal basis for our personal data processing

Personal data processing is carried out in accordance with a contract/agreement (Article 6.1b)

Categories of personal data and their source

We primarily process general contact information provided by data subjects themselves or another person in the partnership relationship.

Recipients of personal data

Personal data is mainly processed internally within EPICO but may also be disclosed to other cooperating partners or parties in connection with the execution of the contract/agreement.

Storage of personal data

We save relevant communication that is important for our collaboration, for as long as you are one of our customers. Other ad hoc communication is deleted on a regular basis, in line with our internal policies.

When a customer relationship comes to an end, we save the relevant communication for up to 3 years, to enable us to settle any disputes, and to make it easier to work on a repeat collaboration.

Automated decisions and profiling

There is no automated decision-making or profiling involved.

 

If you are one of our consultants/freelancers

Purpose

If you are registered with us as a consultant or a freelancer, we process your personal data for the purpose of matching you to a vacant position or a commission with one of our customers.

The legal basis for our personal data processing

We have a legitimate interest in the personal data processing (Article 6.1f), as we consider that the personal data processing used for matching a person to a vacant position or commission does not infringe the data subject’s basic rights, and is in any case carried out at the data subject’s own request.

Personal data is only disclosed to customers where consent has been given.

References are only obtained where consent has been given.

Categories of personal data and their source

We process personal data in the form of contact details, CVs, examination certificates, education certificates, other certificates and similar documents provided by data subjects themselves.

We also process statements from references, and subjective assessments of professional skills.

Recipients of personal data

Personal data is mainly processed internally within EPICO in connection with the search for a suitable candidate for a position or commission. Personal data is disclosed to our customers when a match has been found. Our customers tend to be based in the EU or EEA, but there may be occasions when personal data is disclosed to customers outside the EU/EEA. Any disclosure always requires the consent of the consultant or freelancer.

Storage of personal data

We store and process personal data for as long as you are registered with us as an active consultant or freelancer.

If you no longer wish to be registered with us as an active consultant/freelancer, we will delete information such as CVs, examination papers, statements and similar documents. General contact information, as well as information concerning contracts and invoices, is basically stored for up to 5 years, cf. specific purpose and legal obligation.

Automated decisions and profiling

There is no automated decision-making or profiling involved.

 

If you are recruited through us

Purpose

If you are registered with us in connection with recruitment, we process your personal data for the purpose of matching you to a vacant position with a customer.

The legal basis for our personal data processing

We have a legitimate interest in the personal data processing (Article 6.1f), as we consider that the personal data processing used for matching a person to a vacant position does not infringe the data subject’s basic rights. This is carried out, in any case, at the data subject’s own request.

Personal data is only disclosed to the customer where consent has been given.

References are only obtained where consent has been given.

Categories of personal data and their source

We process personal data in the form of contact details, CVs, examination certificates, education certificates, other certificates and similar documents provided by data subjects themselves.

We also process statements from references, and subjective assessments of professional skills.

Recipients of personal data

Personal data is mainly processed internally within EPICO in connection with the search for a suitable person for a position. Personal data is disclosed to our customer when a match has been found. Our customers tend to be based in the EU or EEA, but there may be occasions when personal data is disclosed to customers outside the EU/EEA. Any disclosure always requires the person’s consent.

Storage of personal data

We store and process personal data during the period in which a recruitment process is in progress, and up to 6 months thereafter.

If you wish to remain registered with us for the purpose of being selected for other suitable jobs, we store your personal data for up to 1 year after the last dialogue with you.

If you no longer wish to be registered with us as an active jobseeker, we will delete information such as CVs, examination papers, statements and similar documents. General contact details and any information in respect of contracts are stored for up to 1 year.

Automated decisions and profiling

There is no automated decision-making or profiling involved.

 

If you are one of our employees

Purpose

If you are one of our employees, we process your personal data for the purpose of running the business.

The legal basis for our personal data processing

The personal data processing is primarily carried out in accordance with an employment contract (Article 6.1b) or a legal obligation (Article 6.1c).

In addition, a certain amount of processing will be based on a legitimate interest (Article 6.1f), and some based on your consent (Article 6.1a)

Categories of personal data and their source

We primarily process general contact information provided by data subjects themselves. In addition, we process details of wage, pension, holidays, sickness, trade union and other relevant information for the purpose of running the business.

Recipients of personal data

Personal data is mainly processed internally within EPICO. Details of wage, pension, tax and so on are disclosed to the relevant organisations and/or authorities.

Storage of personal data

We store relevant personal data for as long as you are employed with us.

When the employment relationship comes to an end, we save the personal data for up to 5 years in accordance with legal obligations.

Automated decisions and profiling

There is no automated decision-making or profiling involved.

 

 

When you visit our website

Purpose

When you visit our website, you leave a “footprint” in the form of either an IP address or an ID in a cookie. Both pieces of information may be disclosed to third parties for the purpose of gathering statistics or for direct marketing purposes. Read more about our use of cookies in our cookie policy: http://epico.dk/cookies-policy.

The legal basis for our personal data processing

We have a legitimate interest in the personal data processing (Article 6.1f) as we consider that the gathering and disclosure of behavioural information on our website for statistical purposes does not infringe the basic rights of the visitor. You can opt out of this disclosure of personal data at any time by changing the settings for third party cookies in your browser. See our cookie policy: http://epico.dk/cookies-policy.

Categories of personal data and their source

Personal data is collected in the form of IP addresses, and visiting behaviour based on an ID in a cookie. Only personal data provided by visitors themselves is collected.

Recipients of personal data

We disclose indirect and direct personal data to Google. This company is based in the USA. Data processing agreements have been concluded with Google, and it has been verified that Google is part of the EU’s certification agreement ‘Privacy Shield’. This ensures that companies in the USA process personal data in accordance with applicable EU legislation.

Storage of personal data

The data we collect for statistics is stored by Google Analytics for 26 months, after which it is automatically deleted.

Automated decisions and profiling

The collected personal data is not used in connection with automated decision-making and profiling by EPICO. It is to be expected, however, that Google uses the data on visiting behaviour to some extent for their internal profiling.

Links to other websites

There may be links on the website to other websites or collaboration partners. We cannot be held liable for the content of these websites or the websites’ collection of personal data.

 

Who we transfer and disclose personal data to

We use a number of external companies and services that process personal data on our behalf. These are our ‘data processors’. We have concluded data processing agreements with all of our data processors, ensuring that our requirements for the protection of personal data are met. We only transfer data in accordance with these agreements. I.e. the data we transfer belongs to us and is not used for the external company’s own purposes.

 

We use data processors based in the EU or EEA as far as possible, so that personal data is not transferred to insecure third countries. In some cases, we use data processors in the USA, but only if they satisfy the applicable requirements of the General Data Protection Regulation.

 

In these cases, we disclose personal data to external companies. These may be customers, insurance companies, the Danish Tax and Customs Administration (SKAT) and similar. All of these are data processors of the personal data they receive from us. When we disclose personal data, it is typically on one of the following legal bases: Legitimate interest, your consent, or the fulfilment of a contract/agreement or legal obligation

 

 

Your rights

The introduction of the General Data Protection Regulation (GDPR), from May 2018, grants you, as an individual, a number of new rights that allow for a greater degree of access to and self-determination over the processing of your personal data. Whatever your relationship with EPICO, you have the following rights:

 

The right of access and to rectification: You may request access to the personal data we process and ask to have this corrected if it is wrong or incomplete.

 

The right to erasure (‘right to be forgotten’): The personal data we process will always be deleted when there is no further purpose for processing it. We may however be obliged to store and process some personal data, if this is required by other legislation. You may request that we delete personal data we process about you, and you may withdraw your consent, if our processing is based on consent, which is the same as requesting it to be erased. We will comply with the request to delete unless another legal obligation or other legal basis requires us to continue the processing.

 

The right to restriction of processing: You may request that we restrict the use of your personal data. This right does not apply to all processing, but we will advise you of this on request.

 

The right to object: You may object to our processing of your personal data if you do not believe we have a legal basis for processing it.

 

The right to data portability: You may request that the personal data you have given us yourself be provided to you in a machine-readable format, if the personal data was machine-readable when supplied to us. Personal data in the form of images, PDF files and similar is provided in the same format as when we received it.

 

The right to withdraw consent: If we process your personal data on the basis of consent, you may withdraw your consent at any time. See also deletion.

 

The right to complain: You have the right to complain to Datatilsynet if you do not feel we have responded in a satisfactory manner, according to the law. We would encourage you to direct your enquiry to EPICO before making a complaint, so that we have an opportunity to discuss the matter with you and resolve the problem.

Datatilsynets contact details can be found athttps://www.datatilsynet.dk/

 

Note - if the purpose of your enquiry is to exercise one of your rights, it is important for EPICO that we do not disclose your personal data to anyone other than you. We would ask you, therefore, to verify your identity, for example, by email or telephone.

 

Updating of our data privacy policy

The present data privacy policy is version 1.0 and is valid from 25 May 2018.

 

A history of amendments to the personal data policy is given below.

  • Version 1.0 - Valid from 25 May 2018
    Data privacy policy prepared.