GENERAL INFORMATION
ToFindOut AB, organization number 556720-7500, (ToFindOut) is committed to protecting the privacy and integrity of your personal data. The purpose of this Data Protection Policy is to clearly and transparently account for the ways in which ToFindOut processes your personal data in accordance with the EU General Data Protection Regulation (GDPR). Down below you will find information regarding what personal data ToFindOut processes, for which purposes, the lawful basis for our processing, for how long your personal data is stored, and your rights as a data subject.
WHO IS THE CONTROLLER?
ToFindOut is the controller of the data processing and is therefore responsible for making sure that the processing of your personal data is done in accordance with applicable regulation. If you have any questions regarding our processing of your personal data, please contact us at dataprotection@tofindout.se. For more contact details, please see the heading “How to contact us”.
WHAT PERSONAL DATA DO WE COLLECT?
Regarding candidates undergoing background screenings, we collect, inter alia, the following data.
Contact details: Name, address, phone number, and e-post address.
Personal details: Income information, license information, matters at Swedish authorities and courts, and any eventual convictions.
Please note that all personal data and the sources we use are exactly specified in the consent form which the candidate receives before a background screening is initiated. Also note that ToFindOut never processes what GDPR defines as “sensitive data”, i.e. data which inter alia discloses ethnic origin or a person’s sexual orientation. ToFindOut never collects data about minors.
Regarding our customers, we collect the following data.
Contact details: Name, position, phone number, e-post address, address and, in some cases, personal identity number (non mandatory).
HOW DO WE COLLECT YOUR PERSONAL DATA?
Regarding candidates undergoing background screenings, we collect data in the following way.
From you: We collect data that you provide in various situations, such as authorizations, e-mailing, calling, connecting with us on social media, signing up for newsletters, updating your details on your account at www.tofindout.se, or when visiting us at our websites (including, but not limited to, traffic data, location data, web logs and other communications data, as well as e.g. the IP address, type of device, operating system and browser type used for the visit). For more information about our handling of newsletter distribution, see the section titled “Newsletter.”
From customers: We collect data about you from our customers, e.g. personal data that you have chosen to include in your resume and/or other documents. Please note that we discourage you from including sensitive personal data in such documents.
From third parties: We collect data about you from publicly available sources at Swedish or foreign authorities or from companies and/or educational institutions listed in your resume.
Regarding our customers, we collect data mainly from the customer himself/herself.
WHY DO WE COLLECT PERSONAL DATA?
Regarding candidates undergoing background screenings, we process personal data mainly for the purposes listed below.
For administration and delivery of background screenings: ToFindOut processes your personal data in order to be able to produce and deliver our services, i.e. background screenings.
For mailings and communication: ToFindOut processes your personal data in order to communicate relevant information to you whilst the background screening is ongoing, and to be able to send you a survey once the screening is completed.
Regarding our customers, we process personal data mainly for the purposes listed below.
For marketing: ToFindOut processes your personal data in order to provide information/marketing via e-mail, text, or other means of communications once you have an active customer relationship with us, and to enable targeted offers and services.
For the delivery of our service: ToFindOut processes your personal data primarily to enable the delivery of our service, and to fulfill our agreement with you, i.e. provide background screenings.
For business development: ToFindOut processes your personal data in order to generate statistical data about the usage of the service. This analysis never identifies individuals, but rather takes place at an aggregated level. The analysis is performed in order to develop, deliver, and enhance our products and services.
LAWFUL BASIS FOR PROCESSING
Regarding candidates undergoing background screenings, ToFindOut refers our customers’ legitimate interest as the lawful basis for the processing of personal data. The approval form used always clarifies exactly what personal data is collected and where from. Please note that you may revoke your approval at any time by contacting us. For contact details, please see the heading “How to contact us”.
Regarding existing and future customers, ToFindOut refers to the fulfillment of a contract as the lawful basis for processing.
Regarding the processing of personal data for marketing purposes, ToFindOut refers to consent as the legal basis.
TRANSFERAL OF PERSONAL DATA
Personal data relating to candidates undergoing background screenings is never disclosed to anyone but the party/parties which the candidate consents to. Contact details to customers are never disclosed.
Transferal of personal data to countries outside the EU/EEA is only done in the individual case when the background screening is carried out in the country in question. If your personal data is transferred to a third country which is not specified in the Commission’s list over countries with adequate level of protection, ToFindOut will ensure that all appropriate safeguards have been adduced or that you have explicitly consented to the transferal after having been informed about the possible risk of such transfer.
For marketing purposes, the information you have consented to may be shared with MailChimp, which handles the information in the USA. This transfer is limited to personal data you have provided through our contact forms or to receive newsletters from ToFindOut. If such a transfer occurs, ToFindOut will ensure that all appropriate safeguards are in place to guarantee that your personal data is handled in accordance with applicable legislation.
STORAGE
ToFindOut ensures that our processing of personal data is done in accordance with applicable regulations, which means that your personal data is not stored longer than necessary with regards to the purposes of the processing. Regarding candidates undergoing background screenings, all personal data is erased 14 days after completed delivery.
Regarding our customers, your personal data is stored for as long as you remain our customer. The data is erased when it is no longer relevant or necessary for the purposes for which it was collected, e.g. direct marketing or analysis. However, some data may be retained longer if required with regards to legal requirements, such the Swedish Bookkeeping Act (1999). Your personal data is always handled with maximum safety and confidentiality.
YOUR RIGHTS
As a data subject, you have several rights regarding your personal data, and you can influence your information and what we store.
Right to rectification and erasure: ToFindOut will at your request or after our own initiative rectify or complete any of your personal data that is found to be untrue, incomplete, or misleading. You have the right to have your data erased without undue delay, if the consent with which it was obtained is revoked.
Registry extracts: After undergoing a background screening, you will have access to all your personal data we have processed for a period of 14 days. Since all your personal data is erased at the end of this period, registry extracts cannot be retrieved after this point. However, during this period, you have unlimited access to all your personal data by logging in to your user account at www.tofindout.se.
Objections: You may at any given time object to the processing of personal data for direct marketing purposes by choosing to unsubscribe in any mailings. If you need further assistance regarding our communication or marketing, please contact us. See the heading “How to contact us” for more details.
Right to terminate the process: You have the right to terminate the process. Upon your request, ToFindOut will immediately cease processing your personal data. However, please note that such a withdrawal does not affect the legality of the processing of your personal data before the revocation of the approval.
Complaints: If you believe that your rights are not respected by ToFindOut, please contact us. You also always have the right to lodge a complaint with the supervisory authority Integritetsskyddsmyndigheten if you feel that ToFindOut processes your personal data in violation with applicable legislation. Such complaints can be submitted via e-mail, imy@imy.se, or by letter to Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm. Read more at www.imy.se
NEWSLETTER
If you consent to receive newsletters or fill out a contact form on our website, we will save your name, email address, and if you choose to provide it – the organization you work for. ToFindOut uses the service MailChimp to manage subscriptions to our newsletters, so the personal data you provide will also be processed by MailChimp as a data processor. MailChimp is not permitted to use the personal data for any purposes other than performing the tasks they have agreed to with ToFindOut according to the agreement between ToFindOut and MailChimp. ToFindOut never sells your personal data to third parties for marketing purposes.
The legal basis for ToFindOut’s processing of personal data in connection with newsletter management is based on the consent given when you agree to receive our newsletter. Giving consent is voluntary, and you have the right to withdraw your consent at any time. Withdrawal of consent can be done by contacting ToFindOut via the address, email, or phone number provided below, or via a link in each newsletter. A withdrawal does not affect the legality of the processing carried out before the consent was withdrawn.
COOKIES AND LINKS TO OTHER WEBSITES
Personal data may be collected when you use our websites, which means that information about your usage and which sites you visit is stored. Such storage may include technical information about your device and internet connection such as operating system, browser version, IP address, cookies, and unique identifiers. When you visit our websites where our services are provided, certain techniques may be used to recognize you so we can learn more about our users. This can be done directly or through the usage of third party technology.
In order to use our website fully, you must accept cookies, which can be done through your browser’s settings or in the footer of your computer or mobile phone. If you do not want to accept cookies, you can turn off cookies via your browser’s security settings. However, this means that the website will not work as intended.
Please note that if our website contains links to third party websites or materials published by third parties, these links are for informational purposes only. Since ToFindOut lacks control of these websites and its materials, we are not responsible for its contents. Furthermore, ToFindOut is not liable for any damages or losses that could arise when using these links.
HOW TO CONTACT US
If you need any further information, please contact us at:
ToFindOut AB
Barnhusgatan 3
111 23 Stockholm
E-mail address: dataprotection@tofindout.se
Phone number: 08-611 10 20
CHANGES TO THIS DATA PROTECTION POLICY
This Data Protection Policy was last revised June 18, 2024 (version 2024:1).