As a company responsible for data protection, it is something that we take very seriously. We protect the personal information that we handle, and we ensure that we adhere to the data protection legislation.
Contact regarding data protection
If you have any questions regarding our treatment of your information, you can always contact our HR-department or our administrative manager on tel. +45 45 540 540 or e-mail HR@powercare.dk.
Our management of personal data
Categories of personal data
The data that we hold about you can include:
Information about applicants
When you apply for a position with POWERCARE A/S and POWERDOC A/S or if you are employed by POWERCARE A/S and POWERDOC A/S, we will collect and manage the following types of personal data about you:
Ordinary personal data, including
- your identity and contact information, including your private address, telephone number and e-mail address
- your education, previous employment and other information contained in your CV
- age, sex, country of employment, department, segment/function, wage bracket, income
- information collected from referees
- information that is obtained from correspondence with you
CPR [social security] number
- When you are applying we can manage information about your CPR number if you have given us consent to do this, and we have a relevant aim, for example in connection with your application for a post.
Criminal Record checks
- If you apply for a post where it is necessary for us to see your certificate of criminal record, we will - if you are given an offer of a post - ask you to obtain your certificate of criminal record and send it to us. At the same time, we will ask for your specific consent to see and store the certificate of criminal record.
Information about employees and previous employees
If you are employed by POWERCARE A/S and POWERDOC A/S, we collect and manage the following types of data as well as those mentioned previously:
Ordinary personal data, including
- income, bank account and tax information and pension details
- information about personal performance
- information about holidays, sickness and other absence
- your signature
- information about your relatives
- information about termination of employment, including redundancy or sacking.
CPR [social security] number
- When you are employed by POWERCARE A/S and POWERDOC A/S, we treat the information from your CPR number to identify you unambiguously when we need to report information about your income etc in accordance with the tax legislation duty to report.
Sensitive personal information
- Membership of trade unions in relation to potential disputes
- Health related problems (occupational injures, sickness absence including statements of fitness to work and doctor’s certificates, information regarding maternity leave in connection with reimbursement of income, flexible working or employment on specific conditions, for example, disability).
Aims and legal basis
Our database has the following aims:
- Administration of personnel, including case management in relation to appointments. The administration is in accordance with the applicable legislation and other central regulations, agreements and decisions that have been entered into between the parties in the workplace and local and individual agreements regarding wage and employment conditions.
- Statistical aims.
The legal basis for our management of personal data is:
- The legal basis for the treatment of your CPR number is - until you are employed - your consent, see the Data Protection Act [databeskyttelsesloven] S.11(2)(2). At any time, you can withdraw your consent, at which point we can no longer store your CPR number. If we have another legal reason for managing your information, we will continue to do so. A withdrawal of consent will not affect the legality of the management that we have conducted prior to the withdrawal of consent.
- When you are employed, the basis for the management of your CPR number is the tax legislation about the obligation to report and Section 11(2)(1), in the Data Protection Act.
- Health information is treated under the authority of the legislation. For example, the legal basis for the treatment of health information in the recruitment process on particular terms in the special legislation that regulate that particular form of recruitment.
- Possible criminal convictions in criminal certificates will be treatment with your express consent, see the Data Protection Act Section 8(3). At any time, you can withdraw your consent, and from this time we are no longer allowed to manage your data. If we have another legal reason for managing your information, we will continue to do so. A withdrawal of consent will not affect the legality of the management that we have conducted prior to the withdrawal of consent.
- The legal basis for the treatment of personal data that appear in assessments and their results are your consent, see the Data Protection Act Section 6(1), see the Data Protection Statutory Instrument Article 6(1) Schedule a. At any time, you can withdraw your consent, and from this time we are no longer allowed to manage your data. If we have another legal reason for managing your information, we will continue to do so. A withdrawal of consent will not affect the legality of the management that we have conducted prior to the withdrawal of consent.
- When we register information that is required for the Danish Bookkeeping Act or as a duty to report to the tax authorities, the legal basis is the Data Protection Act Section 6(1), see the Data Protection Statutory Instrument article 6(1) Schedule c, regarding treatment that is necessary to comply with a legal duty that is the responsibility of the data controller.
- The legal basis for the collection and registration of information regarding the use of e-mail and internet is the Data Protection Act Section 6(1), see the Data Protection Regulation Article 6(1) Schedule f on treatment that is necessary for a legitimate interest that is not outweighed by the interest of the registered party. The legitimate interests that can be used as a basis to investigate an employee’s internet use or e-mail account can, for example, be in connection with the use, security, restoration and documentation as well as in respect of monitoring of the employee’s use of internet or e-mail.
- The legal basis for our treatment of information regarding employee’s use of telephones, including mobile telephones is the Data Protection Act Section 6(1) see the Data Protection Regulation Article 6(1) Schedule c, regarding treatment which is necessary to comply with a legal duty which is the responsibility of the data controller, including the duties to ensure to a certain degree that mobile telephones are not used to pay for private aims.
- The legal basis for the collection and registration of the other personal data is the Data Protection Act Section 6(1) see the Data Protection Regulation Article 6(1) Schedule b, on treatment that is necessary to enter into a contract of employment and for the conduction of such a contract.
- Disclosure of your information will only occur in accordance with the regulations regarding treatment of data in the Data Protection Act and other Danish law. In each case, we will assess whether disclosure required your express consent, or whether this can occur on another legal basis.
- Statistical aims: Information on income and absence etc. can be disclosed to configure different statistics, including sickness absence statistics, where we compare information about different employees to create a necessary overview. The legal basis is in the Data Protection Act Section 6(1), see the Data Protection Regulations Section 6(1) Schedule e, on the treatments that are necessary in relation to the completion of a task in the interests of society. Only information that is necessary for the investigation should be used and information cannot be used for other purposes than pure statistics.
Categories of recipients
We disclose or transfer personal data about our employees to the following categories of recipients:
- Tax authorities and other authorities with legal reporting authority
- Bank connections in connection with the payment of wages
- Pension companies in connection with pension
- Professional organisations and unions in connection with further education and wage reimbursement
- External advisers, our lawyers etc.
- Customers and business partners of POWERCARE A/S and POWERDOC A/S which you help service, receive information such as your name and your position in connection with case management etc.
- Our data managers on the basis of data manager agreements.
Erasure
We will erase your data when they are no longer required.
If you did not receive a post with POWERCARE A/S and POWERDOC A/S, we will keep your application and the associated personal data for as long as required for the aims we have described above. Data required for applications is erased 6 months at the latest after the date of the application deadline.
POWERCARE A/S and POWERDOC A/S generally following the data storage deadline that applies according to the Danish Bookkeeping Act. In order to document our case management and to live up to our duties, we have assessed that it is necessary to store all information for more than five years after termination of employment.
Your rights
In accordance with the legislation you have a number of rights in relation to our treatment of your personal data.
You can exercise your rights regarding your personal data by contacting us. Our contact details are at the top of this policy.
When you have requested to gain access to the information we hold on you, to have them corrected or deleted, or if you have objected to our treatment of your data, we will investigate whether it is possible to accommodate your wishes. We will answer your request as quickly as possible and at the latest one month after receiving your request.
Your rights:
- Right to see the information (insight)
You have the right to access to the information that we hold on you, as well as a range of other information. - Right to correction (correction)
If you think that personal data we hold on you is inaccurate, you have the right to have it corrected. You must contact us and inform us where the inaccuracies lie, and how they can be corrected. In all situations, we must consider whether your request is legitimate. When you request a correction or deletion in your personal data, we investigate whether the conditions are met and if this is the case, we will make the changes or deletion as quickly as possible. - Right to erasure
We delete general personal data when there is no longer a need for them. In certain circumstances you have the right to have particular information about you removed before the deadline for general erasure has passed. This applies, for example if you withdraw your consent and we do not have another basis on which to treat your information. If you believe that your data is no longer necessary in relation to the aim with which we gathered it, you can ask for it to be erased. You can also contact us if you believe that your personal data is being treated against the legislation or other legal duties. - The right to limited treatment
If you challenge information that we have registered or in another way treated, you can request that we limit the treatment of the information until we have had the opportunity to establish whether the information is correct. You can also request a limitation instead of an erasure if you believe that our treatment of the information is illegal, or you believe that we no longer require the information, or if you believe your legitimate interests were prior to the data controller’s legitimate interests. If it is found in your favour that our treatment should be limited, we must then only treat the information with your consent, or with a view to a legal demand that must be established, be validated or defended, or to protect a person or important societal interests. - The right to transmit data (data portability)
You have the right to receive personal data that you have made available to us, and those that we have collected from other parties on the basis of your consent. If we treat data about you as a side of a contract where you are a party, you can also be sent your data. You also have the right to transfer your personal data to another service provider. You can also ask us to have the information sent directly from the data controller to another authority or company. If you wish to use your right to data transfer, you will receive your personal data from us in a commonly used and machine-readable format. - Right to object
You have the right to object to our treatment of your personal information. You can also object to the disclosure of your data for marketing purposes. You can use the contact information at the top of this document to send an objection. If an objection is legitimate, we will ensure that the treatment of the information is terminated. - Right to obtain information for new purposes
If we would like to use information about you for new purposes that we have previously held about you, for example, in the privacy policy, you have the right to have information about this before we disclose this information for the other purpose. - The right to withdraw consent
If our treatment of your information occurs on the basis of your consent, you can withdraw your consent at any time. If you withdraw your consent, we may no longer treat your information. Withdrawal of consent does not affect the legality of the treatment that is based on the consent prior to the withdrawal. If there is another legal basis for the treatment than the consent with an independent aim - for example the storage of information in relation to compliance with the regulations regarding bookkeeping - the treatment can continue to take place.
If you are not satisfied with our answer, you have the opportunity to complain to the Danish Data Protection Agency. In general, if you are not satisfied with the way your personal data has been treated, you can complain to the Danish Data Protection Agency, who will investigate the case and take a decision.
You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.
NB! You can write to the Danish Data Protection Agency via Digital Post at Borger.dk, where your complaint will be sent securely (encrypted). We recommend that you use Digital Post if your complaint contains confidential or sensitive personal data.