1. Data controller
Norican A/S is the data controller in respect of the processing of your personal data. Our contact information is as follows:
Central Business Register no. (CVR no.) 36 45 87 71
2. Scope of processing and categories of applicant’s personal data
The basis for our data processing of your personal data as being the Job Applicant is the data provided by you in your application send forward either:
- As an open request, whether a job position is open
- Relating to a published and announced open Norican position.
As you are sending us your personal data, you as well give us consent to process your data.
The legal basis for our processing is Article 6(1)(a) of the GDPR.
We are not processing genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, race, religion etc. Should such information be included in your application, we will inform you via an e-mail, delete your application and not continue processing your application.
3. Keeping data about you correct
In case relevant data is changing while we are processing your application, we request you to inform us and provide the updated data.
We will be sharing your personal data with relevant Norican people being involved in hiring for the specific position. This could be the manager, the managers manager, colleague-employees involved in the hiring process, HR-Manager and HR-consultants.
Some managers and other involved Norican people might be employed in other Norican companies which as well could be in a third country (countries outside the EU/EEA). The legal basis for the data transfer of your personal data is our BCR – Binding Corporate rules.
The first step in hiring is often an interview with you to clarify your competences and your potential questions. More interviews and on-site visit might follow.
In case you become a candidate for the position, you might be asked to take one or more personal tests and we will inform you about the test and which personal data to be shared. Typically, only your name and e-mail address. Your personal data will be transferred to a third-party processer of the personal test software. These Data Processor solely processes the personal data on behalf of Norican A/S and in accordance with Norican A/S’s instructions.
We have high security standards, also when it comes to the protection of your personal data. Accordingly, we have a range of internal procedures and policies designed to ensure that we live up to our high security standards and thus comply with the requirements of implementation of suitable technical and organizational security measures. Thus, we do our utmost to safeguard the quality and integrity of your personal data.
6. Storage and deletion
In case you will have been hired for the job position and signing the employment contract, your personal data will be transferred into HR and used to fulfill the contract.
In case your will not be offered the job position, your application will be deleted 90 days after the deadline for handing in the application or if job-position was not published, 90 days from you handed in your application.
You will via e-mail be informed about the deletion. We might as well ask you via an e-mail whether you will consent for us to keep your application for another 90 days, should another relevant position open.
7. Your rights
You are entitled to object to any further processing of your application. We will without undue delay delete your application and confirm via an e-mail to you.
Feel free to contact us if you disagree with the way in which we process your personal data or the purposes for which we process the data. You may also file a complaint with your local data protection authority.
Write to firstname.lastname@example.org if you want us to change or delete personal data we have registered about you.
Updated March 2023
GDPR Article 6: Lawfulness of processing
1. Processing shall be lawful only if and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2. Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks