Data protection policy

Personal data is any kind of data that can be directly or indirectly attributed to a natural person who is alive. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (e.g. IP addresses) are personal data if they can be linked to natural persons. Personal data processing means everything that happens with the personal data. Every measure taken with personal data constitutes a processing operation, regardless of whether it is performed automatically or not. Examples of common processing are collection, registration, organisation, structuring, storage, processing, transfer and deletion. 

CoreChange Group AB org. no. 556948-4180, whose address is Kungsgatan 54, 111 35 Stockholm, is the data controller responsible for the company's processing of personal data 

We never store your personal data for longer than is necessary for each purpose. For the purpose of recruitment, we save your data for up to two (2) years. 

Right of access (so-called register extract). We are always open and transparent with how we process your personal data and if you wish to gain a deeper insight into which personal data we process about you, you can request access to the data (the information is provided in the form of a register extract with purpose, categories of personal data, categories of recipients, storage periods, information about where the data was collected from). Keep in mind that if we receive a request for access, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.  

You can request that your personal data be corrected if the data is incorrect. Within the framework of the stated purpose, you also have the right to add to any incomplete personal data. 

You can request the deletion of personal data we process about you if: The data are no longer necessary for the purposes for which they were collected or processed. You object to a legitimate interest assessment we have performed and your reason for objection outweighs our legitimate interest. Personal data is processed illegally. Personal data must be deleted in order to fulfil a legal obligation to which we are subject. Keep in mind that we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations may come from accounting and tax legislation or banking and money laundering legislation. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims. Should we be prevented from complying with a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion. 

You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request restricted processing during the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we not delete your information. If you have objected to a legitimate interest assessment that we have performed as a legal basis for a purpose, you can request restricted processing for the time we need to check whether our legitimate interests outweigh your interests of having your data deleted. If your processing has been restricted under any of the above situations, we may only, in addition to the storage itself, process the data to establish, assert or defend legal claims, to protect someone else's rights or if you have given your consent. 

In cases where we use a legitimate interest assessment as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling justified reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims. 

In addition to the data you provide to us, we may also collect personal data from others, so-called third parties, e.g. the references you provided. 

If our right to process your personal data is based either on your consent or fulfilment of an agreement with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another data controller, through so-called data portability. A prerequisite for data portability is that the transfer is technically possible and can be automated. 

We use IT systems to protect the confidentiality, integrity and access to personal data. We have taken special security measures to protect your personal data from illegal or unauthorised processing (such as illegal access, loss, destruction or damage). Only those people who actually need to process your personal data in order for us to fulfil our stated purposes have access to them. 

The Data Inspectorate is responsible for monitoring the application of the legislation, and anyone who believes that a company handles personal data incorrectly can submit a complaint to the Data Inspectorate.