Schain Research is committed to protect your your personal data and comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR“), and we only process your personal data on the basis of a statutory provision or if you have declared your consent.
In this data protection information, we explain which information (including personal data) are processed by us in connection with the employment relationship.
Who is responsible for the processing of personal data?
The controller responsible for the processing of personal data described in this privacy notice is Schain Research AB (Schain Research”, “we”, “us”); Grönviksvägen 14, SE-16771 Bromma, Sweden; +46 72 330 53 13; firstname.lastname@example.org; Corporate ID: 559303-2162.
Our data protection officer is Christina Jones and may be contacted at email@example.com.
Which data do we process?
The performance of your employment relationship requires the processing of personal data:
We process certain general data in relation to you and your employment relationship with us. General data include:
- Information provided by you in the course of the recruitment process or that we requested from you (e.g., name, address, telephone number, email address, date of birth, education)
- Information stored in connection with our hiring decision (in particular the details of your employment agreement and information on your position within our organization)
- Information provided for the administration of your employment (e.g. personal number, bank account details)
We process personal data collected in the course of your employment. This includes:
- Information on employee tasks, such as your work / absence times and the assessment of your performance, if applicable;
- Information on the employment relationship, such as our payments to you or other benefits or compensation;
- Personal data that are provided to us in the course of your employment by you or third parties (in particular public bodies such as social insurance bodies, (tax) authorities, unions. This may include information on sick leave, disabilities, union membership.
We may process personal data collected in the course of your employment due to your use of our company infrastructure including:
- Information regarding use of our information technology infrastructure (such as your business email account or devices provided to you);
This data may include special categories of personal data, in particular health data (e.g., the information on your inability to work due to illness). We will use your sensitive personal data only in so far as we are permitted by Law to do so (e.g. administration of leave entitlements).
For which purposes and on which legal basis do we process your personal data?
We process personal data described for the performance of your employment relationship with us on the basis of Article 6 para 1 b GDPR (processing is necessary for the performance of a contract)
We may process personal data also for compliance with legal obligations (Article 6 para 1 c GDPR). Legal obligations may in particular include the mandatory disclosure of personal data to social insurance bodies and (tax) authorities.
If the categories of data specified that contain special categories of personal data (e.g. health data), we process these for carrying out the obligations in the field of employment and social security and social protection law (Article 9 para 2 b GDPR)
Are you obliged to provide data?
The provision of the basic, performance and usage data specified is necessary for entering into and maintaining an employment relationship with us, unless specified otherwise before or at collection of the data. Without the provision of these data, we may not able to enter into and maintain an employment relationship with you.
If we collect additional data from you, we will inform you if the provision of such information is based on a legal or contractual obligation or necessary for the performance of an agreement (in particular your employment agreement).
Who obtains or has access to your data?
Your personal data are generally processed within our company. To prevent unauthorized access and ensure data accuracy, Schain Research has implemented strict guidelines for the organization regarding the processing of personal data and two-factor authentication is required to access our systems.
Depending on the categories of personal data, only dedicated personnel / organizational units with a legitimate purpose are granted access to your personal data. Such units include in particular the HR department, your managers and – if data are processed via our IT infrastructure – also our IT department. Access to personal data is limited to the functions and the extent necessary for the respective purpose of the processing.
If and to the extent permitted by law, we may transfer your personal data to recipients outside of our company.
Such external recipients may include
- affiliated companies within Schain Research to which we may transfer personal data for the purpose of internal administration of employee data (e.g. administration/salary services);
- private or public bodies, to the extent we are obliged to transfer your personal data on the basis of a legal obligation to which we are subject (e.g. tax authorities)
Are data transferred to countries outside the EU / the EEA?
Your personal data is processed only within the European Union or the European Economic Area; we do not intend to transfer your personal data to other countries (“third countries”).
Should a situation arise where the data must be processed in, and thereby transferred to, a destination outside of the EU/EEA by us or one of our suppliers or subcontractors, we will take all reasonable legal, technical, and organizational measures to ensure that your data is treated securely and with an adequate level of protection compared to and in line with at least the level of protection offered within the EU/EEA.
How long are your data stored?
We generally store your personal data as long as we have a justified interest in the retention of such data and where your interests in refraining from the further processing do not prevail. We may continue to store the data if there is a legal obligation (e.g. to comply with statutory retention obligations). We delete your personal data even without an action from your side as soon as further retention is no longer necessary for the purposes for which the data were collected, or if further retention is not permitted by law.
In general, your basic data and the additional data collected in the course of your employment are retained at least until the end of your employment. If personal data need to be stored to comply with a legal obligation, such data is retained until the end of the respective retention period.
Rights of Access, Correction, Erasure and Restriction
Your rights in connection with personal data.
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you want to review, verify or correct your personal data, request erasure of your personal data or object to the processing of your personal data, please send an email to firstname.lastname@example.org.
We have appointed a Data Protection Officer [DPO] to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact Christina Jones at email@example.com.
You have the right to make a complaint at any time to Datainspektionen, the Swedish supervisory authority for data protection issues.