Interim Search Data & Privacy Policy

When you, as the recipient, actively accept Interim Search Data & Privacy Policy, you give Interim Search AB your consent to store and process your personal data as described below.

Background: Policy for personal data processing

Interim Search AB, corporate identity number 556908-4691, (the ”Company”/“Business”) provides temporary consultant placement services (the ”Service”). The Company targets companies (”the Customer”) that have temporary needs for qualified personnel, as well as consultants (”the Consultant”) who are interested in consulting assignments. The Company is the data controller for the personal data relating to the Customer/Consultant that the Company collects and processes in connection with the storage of Customer and Consultant information for the purpose of providing the Service.

The Customer's and Consultant's personal data may be transferred to other companies when conducting background checks, credit checks, and reporting to, for example, the Swedish Tax Agency. Information is also transferred between the Customer and the Consultant to the extent necessary for the provision of the Service. In this document, the Company describes how personal data is processed in accordance with the General Data Protection Regulation (GDPR). For more information about the GDPR, please visit Privacy Authority website. The company's processing of personal data means that a data protection officer must be appointed in accordance with Article 37.1a-c (DSF) 4.1:1.

Data Protection Officer for Interim Search AB
Stefan Granqvist (CEO)
Email: stefan.granqvist@interimsearch.com
Phone number: 08-556 460 02

The rights of data subjects

Information shall be provided to data subjects in an easily accessible form, in clear and plain language, and shall include the following: details of the controller, contact details of the controller's representative, where applicable, contact details of the data protection officer, the purpose and legal basis of the processing, where the processing is based on Article 6(1)(f), definition of legitimate interests, recipients or categories of recipients, transfer of personal data to third countries. In order to achieve and ensure fair and transparent processing, the following information shall also be provided: storage period, if possible, or criteria for determining this period, the rights of the data subject, if the processing is based on consent, that this can be withdrawn, the right to lodge a complaint, whether the provision of personal data is a statutory or contractual requirement, the existence of automated decision-making. Whether there are procedures in place to inform data subjects about the personal data that is collected.

If you are registered in Interim Search's database, you have the right to know at any time what personal data the Company has stored about you. You also have the right to change your data with us, and you have the right to be deleted or forgotten in the system. When you register your data with us, you give your active consent for us to process your personal data. You can withdraw your consent at any time, in which case we will delete your information from our records. We continuously delete data that no longer serves its purpose and data that has not been updated in five (5) years.

As a Customer or Consultant, you have the right to request information about or correction of the personal data concerning you that is processed by the Company, free of charge. As a Customer/Consultant, you also have the right to restrict our processing of personal data, request that the processing be discontinued, and obtain the personal data you have provided to the Company in a structured, commonly used, and digital format, as well as the right to transfer this data to another data controller without the Company preventing this. If the Customer or Consultant is dissatisfied with the Company's processing of personal data, the Customer/Consultant has the right to submit a complaint to the Privacy Policy, or to the corresponding authority in the country where the Customer lives or works. Procedures for accommodating your rights have been established, and all you need to do is contact Interim Search's Data Protection Officer.

Company principles: Processing of personal data

The company has established policies and procedures to ensure that personal data is processed in accordance with the requirements of Article 5 (DSF). The company's operational management system includes instructions on how information may be collected, stored, processed, and shared. Under the General Data Protection Regulation, Interim Search AB is the data controller for the processing of all personal data in the company, except in cases where the company processes personal data on behalf of another party and is the data processor. It is only permitted to process personal data in the company if there is a legal basis for the processing and as long as the purpose of the processing remains. Processing personal data in a manner that is incompatible with the original purpose is not permitted unless consent has been obtained from the data subject. Personal data shall only be processed by employees with expertise in the area and shall be handled, stored, updated, and deleted in accordance with established procedures and with sufficiently high security requirements.

Everyone affected by this policy shall be informed about how and why their personal data is processed by the Company. As a data subject, you should know who is the responsible contact person for personal data processing, any personal data assistants, and who they are. When personal data is to be deleted and the rights of data subjects under the DSF. Personal data in the Company is processed in a lawful manner with legal basis for each category in accordance with Articles 6 and 9 (DSF). Personal data in the Company is processed in a correct manner for each category in accordance with Article 5.1a (DSF). This means that the Company has procedures in place to ensure the accuracy of the data.

Personal data in the Company is processed in an open manner and the Company has procedures and policies in place to support each category, Article 5.1a (DSF). Personal data in the Company is only collected and processed if there are specific, explicitly stated and legitimate purposes, Article 5.1b (DSF). Personal data in the Company shall at all times be adequate, relevant, and not excessive in relation to the purposes for which they are processed, Article 5.1c (DSF). All personal data collected is needed by the Company to perform the Service. Personal data in the Company shall not be stored for longer than is necessary for the purposes for which it is processed, Article 5.1d (DSF). The Company has documented procedures for archiving and deletion in the Company's Business Management System. Personal data in the Company is processed in a manner that ensures appropriate security for the personal data, Article 5.1f (DSF).

Data protection in the processing of personal data

When the Company processes personal data, an assessment of the risks to the rights and freedoms of individuals shall be made based on the nature, scope, and purpose of the data. Sensitive personal data is given special consideration and is handled via encrypted digital transfer. Pay slips and transfers of personal data to third parties may not be delivered via email that is not encrypted or otherwise made unidentifiable to anyone other than the recipient with the key.

Safety
Interim Search has access to systems with functions that enable secure data management through an external system provider. The provider stores the information in encrypted form and performs continuous security updates to prevent intrusion. The company has taken the organizational and technical measures listed below to achieve an appropriate level of security for the processing of personal data:

The business uses encryption for the processing of personal data. The business has restricted access to personal data so that only authorized persons have access. To prevent data breaches, two-factor authentication is used to access the database. In addition to standard encryption, the Company has an additional security program to quickly detect data breaches through the website (www.interimsearch.com as well as www.andcompany.seThe company continuously monitors, through its supplier, any alarms that are sent via email from the supplier's monitoring system and initiates troubleshooting in the event of a possible intrusion. The website is monitored around the clock by the supplier's monitoring system, which checks and alerts according to the following monitoring points when, according to the supplier, they are outside normal values.

Access to data
Access to personal data shall be authorization-controlled and limited to authorized personnel and the data subject. To ensure confidentiality and integrity, all persons who have access to personal data in the business have signed a confidentiality or non-disclosure agreement to ensure confidentiality and integrity. The following Employees, Partners & Suppliers may be given access to personal data relating to all categories: Employees, Suppliers, Consultants, Customers.

Employees
All employees of the Company have signed the Personal Data Management Policy to ensure that data is handled in accordance with the Interim Search Data & Confidentiality Policy.

Partners & Suppliers
All partners have signed a Personal Data Processing Agreement to ensure that data is handled in accordance with Interim Search's Data & Privacy Policy.

Access to recipients within the EU
Google Sweden AB
Stockholm
Organization number
556656-6880
Business Data Processing & Hosting

Paloma in Sweden AB
Hedemora
Company registration number 556709-3090
Business Software publishing

Gaffla AB
Stockholm
Organization number
559132-2051
Business Advertising, PR, Media Agency & Ad Sales

Actsec Security AB
Nacka
Company registration number 556984-3872
Business Consulting services relating to corporate organization.

GetAccept AB
Malmö
Company registration number 559023-1402
Business Computer programming

Datavara Produktion Göteborg Limited Company
Alingsås
Company registration number 556453-3817
Business Publishing of other software

Fortnox Limited Company
Växjö
Company registration number 556469-6291
Business Publishing of other software

UC Business Information AB
Stockholm
Company registration number 556730-7367
Activities Web portals

Creditsafe in Sweden AB
Gothenburg
Company registration number 556514-4408
Business Debt collection and credit reporting

Add & Subtract Accounting Pool AB
Stockholm
Company registration number 556220-5467
Business Accounting & bookkeeping

Grant Thornton Sweden AB
Stockholm
Company registration number 556356-9382
Operations Audit

If Skadeförsäkring Holding AB (publ)
Stockholm
Company registration number 556241-7559
Operations Holding operations in financial groups

LilaTech Inc.
Stockholm
Company registration number 559290-2380
Business Computer programming

Access to recipients outside the EU
Zoho Corporation
4141 Hacienda Drive
Pleasanton,
California 94588, USA

Oracle Corporation
Oracle Parkway, Thames Valley Park
Reading, Berkshire RG6 1RA
Registered in England No. 1782505
VAT REG No. GB 391 3130 73

Awareness within the business

Company management consists of
Stefan Granqvist, CEO/Owner
Wictor Bonde, Owner

The board consists of
Stefan Granqvist
Wictor Bonde
Mia Klingvall

Employee Training
The company management and board of directors are familiar with and aware of the implications of the General Data Protection Regulation and their responsibilities. To ensure that all employees comply with Interim Search's guidelines on data collection, processing, and storage, one of the employees is responsible for conducting internal training. The training sessions are a mandatory part of the company's induction of new employees and are a standing item on the agenda of the company's annual meeting, which takes place in August. Both the induction training and the ongoing training sessions cover topics such as:

Data Protection Regulation – What does the GDPR entail, what is its purpose, and how do we ensure compliance?
Search criteria – How do we ensure that our selection process is in line with the company's policies against discrimination and unfair treatment?
Meeting notes – What information is essential to collect for personal assessments, and how may it be processed?
Processing of data – How do we ensure that information obtained during background checks, references, and interviews is processed and stored in a secure, ethical, and legal manner?

Physical storage of personal data
Interim Search is a paperless company to the greatest extent possible, in accordance with the company's environmental policy. This means that a minimum amount of paper is printed. Information that is considered necessary to have in physical format is shredded in a paper shredder immediately after it has been entered electronically, such as CVs and meeting notes. Documents containing personal data that are stored in binders are kept in lockable cabinets.

Inventory & continuous updating of personal data

The data controller responsible for processing personal data in the business is Stefan Granqvist, CEO. This responsibility means that the data controller must implement, continuously review, and, where necessary, update appropriate technical and organizational measures to ensure and be able to demonstrate that the processing is carried out in accordance with the GDPR.

The company has appointed an employee who continuously reviews that the data stored and processed by the company is relevant and up to date. This employee reports to the Data Protection Officer, Stefan Granqvist. During this review, incorrect data is corrected/supplemented and consent for the processing of personal data is checked on an ongoing basis.

System suppliers

LilaTech Inc.
Stockholm
Company registration number 559290-2380
Business Computer programming

Zoho Corporation
4141 Hacienda Drive
Pleasanton,
California 94588, USA
Business CRM system

Sale and disclosure of data
Interim Search does not sell or disclose any data to third parties other than the specified Suppliers & Partners.

How long data is stored
The main rule is that data is stored for a maximum of five (5) years from its last update.

Email management
All emails must be deleted/cleared unless they are of significant importance to assignments, ongoing work, or in the Company's interest. In the absence of any other legal basis, consent must be obtained in order to save the data. All web publishing is voluntary, and data is only published with consent. In the event of incidents, unless it is unlikely that the incident poses a risk to the freedoms and rights of individuals, a report must be made to the supervisory authority within 72 hours. If the incident could expose individuals to serious risks, the data subjects must also be informed of the incident.

Email campaigns
For recipients of email mailings/email advertising, Interim Search AB only stores the email address. No other information such as personal details, employer, or other information is stored. We do not sell or distribute our email registers to third parties for commercial purposes and do not disclose information outside the EU. The legal basis and purpose of personal data processing for the above category is consent in accordance with Article 6(a) (DSF). The purpose is to highlight available consultants and news via email. The Consultants highlighted have either given their active consent to participate in the mailing (always under a fictitious name) or are example profiles based on Consultants that Interim Search AB usually places with client companies. As a recipient, you have the right to request information about what data is stored about you at any time by emailing the Data Protection Officer. You also have the right to be deleted/forgotten and to have your personal data corrected. If at any time you wish to withdraw your consent, please contact the Data Protection Officer.

Access to recipients within the EU
Paloma in Sweden AB
Hedemora
Company registration number 556709-3090
Business Software publishing

Personal data for the category  EMPLOYEES

The business processes personal data for the category Employees. Personal data processed for employees includes: Name, social security number, home address, email, phone number, bank details, health information. The legal basis and purpose of personal data processing for the above category is: Consent pursuant to Article 6(a) (GDPR). The data subject has given consent to the processing of their personal data for one or more specific purposes. Necessary for the performance of a contract pursuant to Article 6(b) (GDPR). That it is necessary to protect interests that are of fundamental importance to the data subject or another natural person pursuant to Article 6d (GDPR). The person responsible for the processing of personal data in the above category at the company is: Stefan Granqvist. The company does not engage any personal data processors for the processing of personal data in this category.