In KRM we respect your privacy and therefore all members of the KRM group of companies (“KRM
affiliates”) are committed to protect information that identifies or is capable of identifying an individual (“personal data”), which it collects, uses and/or has access to, and thus all KRM affiliates have implemented appropriate technical and organisational security measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Your comments and feedback are always welcome.
1. Our contactdetails
1.1.Identity of the controller(s)
Unless otherwise specified elsewhere, the legal entity being responsible for the collection and
KRM Danmark A/S Østergade 55
1100 København K
If you have any questions or need to get in contact with us we urge you to contact us either;
By e-mail: firstname.lastname@example.org
By phone: +45 33 33 86 94
By letter: Frederiksberggade 154, 1459 København K.
1.2.Contact details for the data protection officer
Our appointed data protection officer can be contacted either by;
By e-mail: legal@KRM.com
By phone: +45 7491 1733
By letter: ECCO Holding A/S, Legal Department, Industrivej 5, 6261 Bredebro, Denmark
2. How we use your personal data
In this section you can find relevant information about how we collect and use your personal data when you apply for a position within KRM, including information about i) the purposes for which the personal data is being processed; ii) the source of the personal data that is not obtained directly from you; iii) the general categories of personal data being processed; and iv) the legal basis for the processing.
If you apply for a position within KRM we will for the purpose of our recruitment process (including processing your application, assessing your qualifications for positions within KRM and offering you a contract, if we would like to hire you etc.) Collect and use personal data about you.
The personal data about you may include;
We will clearly indicate, which information we consider mandatory in order for you to be taken into account for a position with KRM. If you refrain from disclosing information, which we deem as mandatory, it may have as a consequence, that we will not be able to take you into account for a position with KRM.
The legal basis for the above processing are under normal circumstances;
1. GDPR art. 6(1) (b) (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”)
2. GDPR art. 6(1) (f) (“the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in
particular where the data subject is a child”) the legitimate interests pursued by us are namely general personnel, work, and business administration and conducting qualified recruitment and human resource management.
We urge you not to provide us with personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data or sex life or sexual orientation or similar (“special categories of personal data”), unless we specifically request such information. We will only request it in special situations, and only if it is necessary for the recruitment process. The legal basis for the processing of the special categories of personal data are under normal circumstances either of the following;
A. GDPR art. 9(2) (a) (“the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”)
B. GDPR art. 9(2) (f) (“processing is necessary for the establishment, exercise or defence of legal claims”)
3. How we share your personal data with others
As part of the recruitment process we might have to disclose and transfer your personal data to other KRM affiliates and other third parties. We will only do this to the extent it is necessary for the recruitment process.
Please be ensured that we will not sell or rent your personal data to third parties for them to be able to use your personal data for marketing purposes or similar.
When using data processors to process your personal data on our behalf we require, that they only process your personal data in accordance with our instructions. We also require that the data processors signs relevant contracts providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the data processing will meet the requirements of the applicable data protection regulation and ensures an appropriate protection of your rights.
In case we disclose your personal data to third parties, who will not be acting as a data processor under our instructions, but as independent data controllers, then we do our outmost to ensure that they are trustworthy and have implemented appropriate
Technical and organisational measure to protect your data, and provides us with clear commitments not to use the personal data received from us for other purposes, than providing agreed services and making statistical analysis in an anonymised manner.
3.1.Categories of recipients
The main categories of potential recipients of your personal data are:
Service providers we may share your personal data with our trusted third party service providers, who,on our behalf, operate, maintain, and/or support our it systems and it infrastructure, communication platforms, our websites, provides us with recruitment services, psychometric tools, legal and tax advisors and perform other important services for us.
Other KRM affiliates we may disclose your personal data to other companies, which are owned or controlled by KRM ag or owns or controls KRM ag (“KRM affiliates”) in order for them to provide us with relevant services or in case it is necessary due to the organizational setup within the KRM group.
Legal successors a transfer of your personal data to another legal entity may occur as part of a transfer of our business or parts thereof in form of a reorganization, sale of assets, consolidation, merger or similar.
Other disclosures in addition to where you have consented to a disclosure of the personal data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, personal data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defence of legal claims.
3.2.Transfer of data to third countries
The use of service providers and disclosure of your personal data to other KRM and KRM affiliates and other recipients might imply a transfer of your personal data to countries, which might not have data protection regulation as protective as in your jurisdiction and might not be considered ensuring an adequate level of protection of personal data by the eu commission or a national data protection authority (so called “unsafe third countries”). Such countries include, but is not limited to, the United States, Canada, China, Vietnam, Singapore, Thailand, Malaysia, Japan, South Korea, Indonesia, Australia and New Zealand.
We require that all recipients of your personal data provide appropriate safeguards to protect your personal data, when it is transferred to “unsafe third countries”, through the adherence to standard data protection clauses adopted by the eu commission cf. The GDPR article 46(2). Please refer to the
following link to obtain more information about the standard data protection clauses we use here. If the recipient is certified under the us privacy shield this is also considered as providing appropriate safeguards to protect your personal data cf. The eu general data protection regulation article 46(2).
Please click here to obtain more information about the us privacy shield.
If you have any questions, please contact us in accordance with section 1 (our contact details).
4. How we retain and delete your data
Your personal data will be held by us and kept in a form, which permits identification of you for no longer than is necessary for the purposes for which the personal data is collected and legitimately processed.
This implies that we normally will delete your personal data 6 (six) months after the recruitment process has ended unless either of the following situations apply:
A. you explicitly have informed us, that you would like us to keep your data for a longer period of time in order to be taken into account for other positions within KRM. In such case the retention period will be extended accordingly.
B. you have accepted a position offered to you. In such case we will retain your personal data for aslong as is necessary for the employment relationship. You will receive more information about the processing of your personaldataduring and after the employmentrelationship, if you are employed byus.
C. we reasonably believe that it will be necessary to retain your personal data for a longer period in order to establish, exercise and/or defend legal claims.
Thereafter, we will either delete your personal data or anonymise it so that it no longer can be used to identify you.
If you provide us with a written request, we will also erase or anonymize your personal data without undue delay, unless we have a valid legal ground to continue to keep your personal data. Please also refer to section 5 (your rights).
5. Your rights
You have certain rights according to the applicable data protection regulation. Some of the rights are rather complex and include exemptions, accordingly you are recommended to read relevant laws and guidance from the regulatory authorities for full explanation of these rights. However, you can find a summary of your rights below in this section.
We do our best to ensure that we protect your personal data, keep you informed about how we process your personal data and comply with the applicable data protection regulation. In case you are not satisfied with the processing and protection of your personal data or the information you have received from us, then we urge you to inform us in order for us to improve. Please also do not hesitate to contact us, if you want to make use of your rights.
Please contact us through the points of contact listed in section 1 (our contact details). Please also provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request without undue delay.
Summary of your rights:
5.1.The right to access
You have a right to obtain the confirmation as to whether or not your personal data are being processed by us. In addition, you have a right to obtain more detailed information about the personal data kept and the processing undertaken by us and under certain circumstances the right to receive a copy of this personal data.
5.2.The right to rectification
You have the right to have inaccurate personal data about you rectified, and, taking into account the purpose of the processing, to have incomplete personal data completed.
5.3.The right to erasure
In some cases, you have the right to erasure of your personal data without undue delay. Those circumstances include; i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ii) you withdraw consent to consent-based processing; iii) the processing is for direct marketing purposes and iv) the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary; i) for the exercising the right of freedom of expression and information; ii) for compliance with legal obligation; or iii) for the establishment, exercise or defence of legal claims.
5.4.The right to restriction of processing
In some cases, you have the right to restrict the processing of your personal data. Where processing has been restricted, we may continue to store your personal data. However, we will only otherwise process it i) with your consent; ii) for the establishment, exercise or defence of legal claims; iii) for the protection of the rights of another natural or legal person; or iv) for reasons of important public interest.
5.5.The right to data portability
To the extent the legal basis for the processing is your consent, and such processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
5.6.The right to object
You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for i) the performance of a task carried out in the public interest or in the exercise of any official authority vested in KRM; or ii) the purpose of legitimate interests pursued by us or a third party. In such case we will cease processing the personal data, unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
5.7.The right to withdraw consent
To the extent that the legal basis for the processing is your consent, you have the right to withdraw from that consent at any time.
In case you withdraw from a consent given, then we will cease to process your personal data, unless and to the extent the continued processing is permitted or required according to the applicable personal data regulation or other applicable laws and regulations. The withdrawal from your consent will in no event effect the lawfulness of processing based on consent before its withdrawal.
If you refrain from providing required consents, or later on withdraw from the consents, it might have as a consequence that you may not be able to benefit from some of the service offerings provided by us.
5.8.The right to complaint to data protection supervisory authority
You may always lodge a complaint with your local data protection supervisory authority. The data protection supervisory authority in Denmark is
The Danish Data Protection Agency, Borgergade 28,5.,
1300 Copenhagen K, Denmark www.datatilsynet.dk