Privacy policy recruitment

Sector Alarm will collect and process personal data about you in relation to the recruitment process. The personal data will be collected from you as well as from other available sources to the extent relevant and permitted by law. Depending on the circumstances, the following personal data may be processed:

• Individual data: name, date of birth, preferred language and nationality 
• Contact details: email address, telephone number and postal address  
• Application data: application, CV, certificates, attestations and statements from references   
• Interview and assessment data: internal assessments/reports from interviews, assessments of capabilities, credit or background checks, depending on the position you are applying for, and where necessary for the recruitment activities    
• Test data: information and results from personality and ability tests that you perform during the recruitment process  
• Technical data: When you access Sector Alarm services online, our web servers automatically create records of your visit. Typically, these records include : IP address, access time, pages visited , linked sites and used features , the content Viewed or requested, browser type and Chosen language. In relation to this, please see our [Cookie Policy].  

The following data is processed only in specific situations:  

• Certificate of good conduct: If you are offered a position at Sector Alarm, we might for some positions require a certificate of good conduct. The document is to be sent via encrypted email to a dedicated email address for this exact purpose. The document will not be stored anywhere else and it will be deleted immediately if you do not meet the screening criteria. 
• Sensitive data: We normally do not and cannot collect sensitive personal data in relation to the recruitment process. However, if you have physical limitations or special needs that require us to make specific considerations during the recruitment process, we may process relevant information to enable our candidates to apply for jobs with us and to ensure that we comply with regulatory obligations placed upon us regarding our hiring. Because email communications are not always secure, we encourage you to not include sensitive data in your emails to us.  

Website recruitment system: For the purpose of receiving and managing job applications via the website recruitment service, we use the services of Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA (“Greenhouse Software”). In the webservice, you and may apply for job openings and submit and/or upload related personal information, such as name, email address, LinkedIn-profile, CV and personal documents.  

Such data will only be processed on servers outside the European Union (EU) and provided to Sector Alarm or the Greenhouse Software after you clicked the respective ‘submit application’ button on the website recruitment service. The privacy policy of Greenhouse Software may be found here: http://www.greenhouse.io/privacy-policy.  

Legal basis for the processing:  

Your personal data is processed based on legitimate interests, cf. GDPR art. 6. (1) f). We have a legitimate interest in carrying out the processing for the purpose of managing and completing the recruitment processes that is not overridden by your interests, fundamental rights, or freedoms. We need to make sure that we hire the right person and we must document that the process has been performed correctly.  

If any tests are completed by you as a part of the employment process, the processing of personal data in this case will be based on a legitimate interest of Sector Alarm.  

We may also process your personal data based on your consent, in which case we have obtained your prior and written express consent to the processing of your personal data. This legal basis is only used in relation to process that is entirely voluntary, it is not used for processing that is necessary or obligatory. Your written consent can always be withdrawn by contacting us or through your online profile.  

In certain cases, the processing may also be necessary for compliance with legal and regulatory obligations. The legal basis for processing certificates of good conduct is GDPR art. 10. The respective national law is described below: 

National law Norway 
Installers and sales representatives: Section 34-7 second paragraph of the Criminal registration Regulations (politiregisterforskriften).  

Security management:  
Section 3 paragraphs three and four in the Act relating to security guard services (Lov om vaktvirksomhet av 2001.01.05 nr. 1), cf. Section 4 of the Security Guard Services Regulations (vaktvirksomhetsforskriften).  

Security guards and related positions:  
Section 8 in the Act relating to security guard services (Lov om vaktvirksomhet av 2001.01.05 nr. 1), cf. Section 5 of the Security Guard Services Regulations (vaktvirksomhetsforskriften). 
 
National law Sweden
This applies to all employees in Sector Alarm Sweden, regardless of position in the company: 
Sveriges Rikes Lag: Lag (1998:620) om belastningsregister, 9 § (Swedish text). 
Before employment, all employees are informed that they will make an extract from the workload register. Then they receive an oral approval from the person. For future employees at the alarm center, does Sweden receive a written approval.  
 
National law Finland
Employees at the Alarm Receiving Centre are required to have security guard licence admitted by police. Sector Alarm does not handle the process.  

Employees that work with Sector Alarm alarm systems or client system data are required to obtain safety licence due to the nature of their work. License is admitted by the police authority and the process does not go through Sector Alarm.  
 
National law Ireland
Employees at the Alarm Receiving Centre are regulated by the private security authority and need to have license to work with PhoneWatch. In order to get the license the employee has to complete garda vetting. They contact the guards directly to complete this process and it does not go through PhoneWatch.  
 
National law Spain
Gathering criminal data of a candidate or employee in Spain is regulated in the State Law. Specifically, in article 10 of Organic Law 3/2018 of December 5 on the Protection of Personal Data and guarantee of Digital Rights. 

National law France
The National collective agreement for prevention and safety companies of 15 February 1985, defines the specific labor rules within the Security Sector in France, see Article 6, Employment. The article shows that S.A France has the authorization to ask for an extract of the criminal record during the recruitments face. There are only a few sectors in France that can do so, it is usually forbidden.  

We may share your personal data with third parties only when it is necessary as part of our contract with you, for the conduct of business or when there is a legal or statutory obligation to do so. Whenever we disclose your personal data to third parties, we will only disclose that amount of your personal data necessary to meet such business need or legal requirement. Otherwise, your personal data will not be disclosed to others unless you have given your consent to this, for example in connection with a benefit/special offer or bonus program, or if we are legally obligated to make such disclosure. 

Below is a list of the categories of recipients we share personal data with. When sharing personal data, we will always ensure that we have proper agreements and confidentiality undertakings in place. We do not sell your personal data to any third party for commercial purposes.  

Group companies 
We are part of the European Sector Alarm Group, in which the Norwegian entity Sector Alarm Holding AS is the controlling entity. The group IT function administers all of our IT applications on our behalf as our data processor, and we have a data processing agreement in place for this purpose. This means that personnel from group IT has access to the personal data we have stored in our IT applications. Other group functions may also request access to personal data in order to perform analysis and to generate reports on sales statistics, customer satisfaction surveys and similar topics in order to ensure reporting to our group management and board of directors. All accesses to our IT applications are granted on a strict need-to-know basis and limited to what is strictly necessary only.  

Suppliers
We use suppliers that provide services to us, where processing of personal data is necessary for the supplier to deliver such services. If the supplier processes personal data on our behalf, they are a data processor. We will only use data processors who can guarantee compliance with applicable data protection laws and our technical and organizational requirements, and we will always have a data processing agreement in place to govern our instructions to such data processor. We have the following key categories of suppliers: 

• IT application providers: These suppliers may perform service and maintenance on the IT applications they provide to us. To the extent they have access to, or are otherwise processing, personal data on our behalf as data processor, we have a data processing agreement in place. They may also store data on their servers or in a cloud service provided by them, and if so they are our data processors  
• Partners: We collaborate with partners who generate potential candidates to us, such as recruitment agencies and temporary hire agencies. These parties share share your information with us on the basis of their agreements or consents with you 
• Marketing providers: We use Google Inc and Facebook Inc for marketing placement of open positions on the internet and in social media. For more information, see our Cookie Policy.  

International Data Transfers 
By default, we always strive to ensure that your personal data is processed within the European Economic Area (EEA). However, some of our suppliers are based outside the EEA or have servers or group companies located outside the EEA. In such cases, we will ensure to have a valid transfer mechanism in place, namely adequacy decisions made by the EU Commission, Binding Corporate Rules or the EU Standard Contractual Clauses. In addition, we will implement additional safeguards to ensure that your rights and freedoms as a European citizen are adequately protected also in the case of such transfers of data outside the EEA. You may find a copy of the EU Standard Contractual Clauses we use by clicking here. We may revise or update our transfer mechanisms to adhere to changes in data protection law or the requirements of the European Commission; if we do so, we shall update this Privacy Policy accordingly. 
 
Specifically, Sector Alarm use Greenhouse Software for managing the recruitment webservice as described above. The processing of personal data is based on EU approved Standard Contractual Clauses. In addition, we show job advertisements on social media platforms like Facebook, Instagram, Snapchat and LinkedIn. All of these providers process personal data outside the EEA. Please note that your use of those social media platforms is subject to the platforms’ separate terms of use and privacy policies.  

As a data subject, you are afforded several rights and freedoms under applicable data protection laws and regulations. To exercise such rights, please contact our Data Protection Officer at dpo@sectoralarm.com. In order to ensure that we do not share personal data with unauthorized third parties, we will request that you confirm your identity before we respond to your request. Provided that we have confirmed your identity, we will respond as soon as possible and normally within 30 days. If we are not able to respond within 30 days, we will notify you of the delay and the reason for it in due course and prior to the 30-day deadline. Below is an overview of your rights. You may read more about this on the website of the Norwegian Data Protection Authority.  

Within the limitations set out in applicable law, you have the following privacy rights: 

• Right to information: you have the right to obtain further information on our use of your personal data. 
• Right of access: You may request access to a copy of the personal data we process about you. Please note that there are some exceptions to this right, for example if the access infringes on the rights of others (for example it reveals personal information about a third party) or if it pertains to business secrets. If we make any exceptions to your right of access, we will inform you of this specifically 
• Right to rectification: It is important for us to ensure that we only process personal data which is correct and up to date. If you see that any of the personal data we process is incorrect, then you have the right to demand rectification.  
• Right to data portability: You may obtain an electronic copy of the personal data you have provided to us in a digital format either directly to you or to a third party designated by you 
• Right to be forgotten: We only store personal data for the time needed to fulfill the purposes it was collected for. If you are of the opinion that we are storing information that should have been deleted, you may request that we delete such personal data. Please be advised however, that legal obligations such as tax reporting and book keeping may result in us being obligated to not delete the personal data until the statutory retention period has expired. For more information about our retention times, please refer to the section How long do we store your personal data below 
• Right to objection: You may object to our processing of your personal data if your particular situation so requires. Please note that this may lead to us not being able to continue processing of your job application.  
• Right to restriction of processing: You have the right to request that we restrict the processing of your personal data for example if you are of the view that we are processing your data illegally or if you do not want us to delete data that are due for deletion 
• Automated decisions and profiling: We do not use automated decisions pertaining to you for recruitment purposes. For the purpose of marketing of open positions, we use segmentation techniques and perform analysis in order to optimize our marketing efforts and to tailor such marketing to our candidates’ preferences and needs. Such analysis may influence our marketing decisions, but are not applied in a manner which may result in legal or similar significant effects for you. 

We store all personal data as long as it is necessary to fulfill the purposes set out in this Privacy Policy. These are our main retention periods: 

All personal data that is collected and stored based on our legitimate interest, is erased within one year. The storage time is counted in days from the date you were told a candidate was awarded the position you applied for. Where applicable, this include all the information in the categories specified above, i.e.: Individual data, Contact details, Application data, Interview and assessment data, Test data and Technical data  

The following personal data may be erased at any time through your online candidate profile: CV, certificates, application and attestations.  

As specified above, any certificates of good conduct are deleted immediately if you do not meet the screening criteria. If screening criteria are met, the certificates are deleted as soon as the recruitment process is finalized.  

Sometimes we may ask if you want us to keep your personal data for a longer period, for example if you do not qualify for a position but we would like to be able to keep you in our database for other potential future vacancies. You may at any time withdraw any consents to storage and processing of your personal data in your candidate profile.  

In addition to what is set out above, we may on a case-by-case basis need to store personal data for a longer period of time if this is necessary in order to comply with legal obligations, enforce contracts or engage in dispute resolution.  

We have implemented top-notch technical and organizational security measures in order to protect your personal data and to ensure the availability, integrity and confidentiality of your personal data. Our highly qualified IT and security experts are ensuring that our applications are kept safe by only using providers that can guarantee compliance with applicable security standards and laws.  

However, you may also help protect your data by observing these simple safeguards: 

• Do not send confidential or sensitive information by unencrypted e-mail. We will never ask you to send us your bank account details by e-mail. 
• You should always use a strong password, i.e. a password comprising of both small and capital letters, numbers and a special character 
• Do not click on links in any e-mails you receive unless the e-mail is from a trusted sender. Always check the e-mail address of the sender of e-mails that requests any information from you – often the fraudsters use e-mail addresses that are similar to the original. E-mails from us will always be sent from post@sectoralarm.no 
• Make sure your contact information is updated so that we can reach you in case there is suspicion of fraud 
• Keep your online devices updated in order to ensure that you always have the latest version of security settings installed, as these may contain patches for formerly identified security weaknesses 
• If you observe any suspicious activity or think that you have been subject to identity theft or fraud, contact our customer support center immediately at +47 915 03033  

Sector Alarm has company accounts on Instagram, Facebook and LinkedIn, and the processing of personal data on such platforms is managed by the Terms of Use and Privacy Policies applicable to each platform. We use these accounts to promote and improve our services and to promote our company to prospective and current customers and employees, and the legal basis for this is legitimate interest as per GDPR article 6(1)(f). If you contact us on one of these accounts or if you like or share any of the content we publish, we will be able to see your basic user account information such as name and e-mail address. We will respond to you within the same platform and process your personal data in connection with such communication. We ask that you kindly do not share any confidential personal information on any of these platforms.  

You may always unfollow our accounts or delete your comments and messages. Please note that unfollowing our account will not delete your personal data. Please note that all of these providers have international data transfers to the USA. We encourage you to read their Privacy Policies for more information about their processing of your personal data.  

Furthermore, when using Facebook, we receive aggregated statistical reports from Facebook through a service called Facebook Insights. This service allows us to monitor the activity related to our account. These reports do not comprise any personal data and is anonymous to us, but we are acting as joint controllers with Facebook Inc for the purposes of this service. You may find more information about Facebook Insights here.