Data Protection Policy
ToFindOut AB, organization number 556720-7500, (ToFindOut) is committed to protecting the privacy and integrity of your personal data. The purpose of this Data Protection Policy is to clearly and transparently account for the ways in which ToFindOut processes your personal data in accordance with the EU General Data Protection Regulation (GDPR). Down below you will find information regarding what personal data ToFindOut processes, for which purposes, the lawful basis for our processing, for how long your personal data is stored, and your rights as a data subject.
Who is the controller?
ToFindOut is the controller of the data processing and is therefore responsible for making sure that the processing of your personal data is done in accordance with applicable regulation. ToFindOut’s Data Protection Officer (DPO) is Jesper Larsson. If you have any questions regarding our processing of your personal data, please contact us at firstname.lastname@example.org. For more contact details, please see the heading “How to contact us”.
What personal data do we collect?
Regarding candidates undergoing background screenings, we collect, inter alia, the following data.
Contact details: Name, address, phone number, and e-post address.
Personal details: Income information, license information, matters at Swedish authorities and courts, and any eventual convictions.
Please note that all personal data and the sources we use are exactly specified in the consent form which the candidate receives before a background screening is initiated. Also note that ToFindOut never processes what GDPR defines as “sensitive data”, i.e. data which inter alia discloses ethnic origin or a person’s sexual orientation. ToFindOut never collects data about minors.
Regarding our customers, we collect the following data.
Contact details: Name, position, phone number, e-post address, and address.
How do we collect your personal data?
Regarding candidates undergoing background screenings, we collect data in the following way.
From customers: We collect data about you from our customers, e.g. personal data that you have chosen to include in your resume and/or other documents. Please note that we discourage you from including sensitive personal data in such documents.
From third parties: We collect data about you from publicly available sources at Swedish authorities or from companies and/or educational institutions listed in your resume.
Regarding our customers, we collect data mainly from the customer himself/herself.
Why do we collect personal data?
Regarding candidates undergoing background screenings, we process personal data mainly for the purposes listed below.
For administration and delivery of background screenings: ToFindOut processes your personal data in order to be able to produce and deliver our services, i.e. background screenings.
For mailings and communication: ToFindOut processes your personal data in order to communicate relevant information to you whilst the background screening is ongoing, and to be able to send you a survey once the screening is completed.
Regarding our customers, we process personal data mainly for the purposes listed below.
For marketing: ToFindOut processes your personal data in order to provide information/marketing via e-mail, text, or other means of communications once you have an active customer relationship with us, and to enable targeted offers and services.
For the delivery of our service: ToFindOut processes your personal data primarily to enable the delivery of our service, and to fulfill our agreement with you, i.e. provide background screenings.
For business development: ToFindOut processes your personal data in order to generate statistical data about the usage of the service. This analysis never identifies individuals, but rather takes place at an aggregated level. The analysis is performed in order to develop, deliver, and enhance our products and services.
Lawful basis for processing
Regarding candidates undergoing background screenings, ToFindOut refers to the written consent that the candidate submits before the initiation of such a background screening. The consent form used always clarifies exactly what personal data is collected and where from. Regarding personal data related to C-level executives or equivalent positions, ToFindOut refers to either legitimate interest or consent as the lawful basis for processing. Please note that you may revoke your consent at any time by contacting us. For contact details, please see the heading “How to contact us”.
Regarding existing and future customers, ToFindOut refers to the fulfillment of a contract as the lawful basis for processing.
Transferal of personal data
Personal data relating to candidates undergoing background screenings is never disclosed to anyone but the party/parties which the candidate consents to. Contact details to customers are never disclosed.
Transferal of personal data to countries outside the EU/EEA is only done in the individual case when the background screening is carried out in the country in question. If your personal data is transferred to a third country which is not specified in the Commission’s list over countries with adequate level of protection, ToFindOut will ensure that all appropriate safeguards have been adduced or that you have explicitly consented to the transferal after having been informed about the possible risk of such transfer.
ToFindOut ensures that our processing of personal data is done in accordance with applicable regulations, which means that your personal data is not stored longer than necessary with regards to the purposes of the processing. Regarding candidates undergoing background screenings, all personal data is erased 14 days after completed delivery.
Regarding our customers, your personal data is stored for as long as you remain our customer. The data is erased when it is no longer relevant or necessary for the purposes for which it was collected, e.g. direct marketing or analysis. However, some data may be retained longer if required with regards to legal requirements, such the Swedish Bookkeeping Act (1999). Your personal data is always handled with maximum safety and confidentiality.
As a data subject, you have several rights regarding your personal data, and you can influence your information and what we store.
Right to rectification and erasure: ToFindOut will at your request or after our own initiative rectify or complete any of your personal data that is found to be untrue, incomplete, or misleading. You have the right to have your data erased without undue delay, if the consent with which it was obtained is revoked.
Registry extracts: After undergoing a background screening, you will have access to all your personal data we have processed for a period of 14 days. Since all your personal data is erased at the end of this period, registry extracts cannot be retrieved after this point. However, during this period, you have unlimited access to all your personal data by logging in to your user account at www.tofindout.se.
Objections: You may at any given time object to the processing of personal data for direct marketing purposes by choosing to unsubscribe in any mailings. If you need further assistance regarding our communication or marketing, please contact us. See the heading “How to contact us” for more details.
Withdrawal of consent: If we process your personal data with your consent as our lawful basis, you always the right to withdraw your consent. If you decide to do so, ToFindOut will immediately cease processing your personal data. However, please note that such a withdrawal does not affect the legality of the processing of your personal data before the revocation of the consent.
Data portability: You have the right to data portability, i.e. you have the right to receive your personal data in a structured and machine-readable format and the right to transmit those data to another controller. Your personal data is always available to you during the 14 days we keep them and is clearly summarized in a downloadable report.
Complaints: If you believe that your rights are not respected by ToFindOut, please contact us. You also always have the right to lodge a complaint with the supervisory authority Datainspektionen if you feel that ToFindOut processes your personal data in violation with applicable legislation. Such complaints can be submitted via e-mail, email@example.com, or by letter to Datainspektion, Box 8114, 104 20 Stockholm. Read more at www.datainspektionen.se.
Cookies and links to other websites
Personal data may be collected when you use our websites, which means that information about your usage and which sites you visit is stored. Such storage may include technical information about your device and internet connection such as operating system, browser version, IP address, cookies, and unique identifiers. When you visit our websites where our services are provided, certain techniques may be used to recognize you so we can learn more about our users. This can be done directly or through the usage of third party technology.
In order to use our website fully, you must accept cookies, which can be done through your browser’s settings or in the footer of your computer or mobile phone. If you do not want to accept cookies, you can turn off cookies via your browser’s security settings. However, this means that the website will not work as intended.
Please note that if our website contains links to third party websites or materials published by third parties, these links are for informational purposes only. Since ToFindOut lacks control of these websites and its materials, we are not responsible for its contents. Furthermore, ToFindOut is not liable for any damages or losses that could arise when using these links.
How to contact us
If you need any further information, please contact us at:
111 23 Stockholm
E-mail address: firstname.lastname@example.org
Phone number: 08-611 10 20
Changes to this Data Protection Policy
This Data Protection Policy was last revised February 5, 2019 (version 2019.1).