Key data protection notions
“Personal data” does not only refer to information related to your private life, but encompasses any and all information which enables to identify you either directly or indirectly even where collected in a business and/or employment context.
“Processing” means any operation which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, combination, restriction, erasure or destruction.
“Controller” means the natural or legal person which determines the purposes and means of the processing of personal data.
“Processor” means the natural or legal personal which processes personal data on behalf of the controller.
“Purpose” means the reason(s) why the controller needs to collect and further process the personal data.
Who is collecting your personal data?
Capgemini Sverige AB hereafter referred to as “Capgemini”, is collecting and further processing your personal data in their respective capacity as a data controller.
Why and on what ground is Capgemini collecting your personal data?
Capgemini is collecting and further processing your personal data for several reasons, each of which is based on a specific legal ground as defined hereunder:
|To recruit new personnel for vacant positions via Capgemini’s recruitment platform or via social networks such as LinkedIn.||Our legitimate interest to recruit the candidates best suited for vacant positions.|
|For administrative purposes, i.e. to enable management of applications and administering recruitment processes and assessments connected to such processes.||
Our legitimate interest to operate and administer an efficient recruitment system and carry out recruitment activities.
|To retain personal data in order to match suitable candidates with similar positions within the Capgemini Group.||Your consent.|
|Record-keeping for the purposes of compliance with applicable laws.||Legal obligations that Capgemini is, or may be, subject to.|
|To make assessments based on personality and logic assessments that candidates conduct via Cubiks.||Your consent.|
|To reach out to potential candidates whom Capgemini employees have recommended.||Our legitimate interest to find suitable candidates for employment.|
|To organize webinars and similar events to present Capgemini as an employer and employment opportunities at Capgemini and send you relevant communication.||Our legitimate interest to present Capgemini as an employer and be able to provide access to webinars and similar events for this purpose.|
|To send you e-mails after webinars and similar events.||Your consent.|
Which personal data is processed and how?
Capgemini usually collects your personal data directly from you when you fill in the application form on our recruitment platform. Capgemini may also collect personal data via publicly available sources, such as professional social networks (e.g. LinkedIn). Furthermore, Capgemini employees can suggest suitable candidates which will then be reached out to.
When you apply for a vacant position via the Capgemini recruitment platform, Capgemini will process the following categories of personal data: contact information, CV and information you share in the form of the questionnaire on the Capgemini recruitment platform, data generated by interviewers and personnel involved in the recruitment process, data pertaining to logic and personality assessments, documentation that is necessary as per immigration laws where applicable. When a Capgemini employee suggests a suitable candidate, Capgemini will process contact information and information such as work life experience and other qualifications for the candidate. After having been contacted by Capgemini, the candidate may provide Capgemini with the application information described above.
When you sign up for a webinar or similar event on the employment opportunities at Capgemini, Capgemini will collect your name and e-mail address and process them to provide access to the webinars and to send you relevant communication if you consent to that.
Who has access to your personal data?
Companies that form part of the Capgemini Group shall have access to your personal data. However, such access shall be strictly limited to the relevant stakeholder(s) both from a functional and geographical scope. As a result, for the above-mentioned purposes, your personal data will be shared mainly with the following functions only on a need to know basis: Human Resources personnel, relevant recruitment personnel and the competent managers.
In addition, for this project, Capgemini relies on third-party suppliers acting as data processors, which may have limited access to your personal data. Where relying on such processors, be ensured that Capgemini enters into contractual agreements to ensure that your personal data are processed safely and strictly according to Capgemini’s instructions and in accordance with applicable data protection legislations.
Furthermore, the Capgemini affiliates or the third parties accessing your personal data, may be located in third countries, thus implying a data transfer of your personal data.
- Where such a transfer takes place between a Capgemini entity in the EU and other Capgemini entities out of the EU, it will be covered by Capgemini’s Binding Corporate Rules (“BCR”). For further information on Capgemini’s BCR, please click on the following link: https://www.capgemini.com/resources/capgemini-binding-corporate-rules/
- Where such transfer takes place between a Capgemini entity in the EU and an external third-party out of the EU, Capgemini and said third-party shall enter into EU Model Clauses approved by the European Commission, to ensure the security of the personal data.
- Where such transfer takes place between a Capgemini entity out of the EU and another Capgemini or third-party entity located in a third country, the applicable legal local requirements to frame such data transfer will be implemented according to local legal requirements.
How long does Capgemini keep your personal data?
Capgemini shall keep your personal data for no longer than is necessary for the purpose(s) for which they were first collected. Capgemini shall determine the appropriate retention period taking into account the purpose(s) of the processing and the relevant applicable legal requirements. This means that the retention period will be defined locally, considering specific legal obligations. If you provide consent to Capgemini storing and matching your profile with similar positions in the Capgemini Group, Capgemini will keep your personal data for as long as Capgemini deems that you may be suitable for similar positions to the one you applied for, or until you withdraw your consent as per below. Information about potential candidates provided by Capgemini employees will be deleted without undue delay (in no event longer than 30 days) after Capgemini has contacted the potential candidate and not received consent to store the information for longer. Capgemini reaches out to such potential candidates as soon as is possible with regards to the specific recruitment process in question (and in no case, longer than 90 days after having received information about the potential candidate).
What are your rights and how to exercise them?
You can request to access, rectify or erase your personal data. You may also object to the processing of your personal data, or request that it be restricted. In addition, you can ask for the communication of your personal data in a structured, commonly used and machine-readable format. If the processing of personal data has been made on the basis of your consent, you have the right to withdraw your consent at any time by sending an e-mail to firstname.lastname@example.org.
In such case, please note that such withdrawal does not affect the validity of the processing up until the point of withdrawal.
If you wish to exercise those rights, please contact our Nordic Data Protection Office by sending an email to the following address: email@example.com
Please note that you also have the right to lodge a complaint before a data protection authority or the competent court of law.