Zmarta’s Processing of Personal Data in Connection with Recruitment

Privacy Notice to Candidates, last updated April 2024

This document outlines how the companies within the Zmarta Group handle personal data of job candidates for recruitment purposes, as well as the rights of the candidates.

Controllers of Data:

• Zmarta Holding AB (Sweden)
• Zmarta AB (Sweden)
• Zmarta Försäkring AB (Sweden)
• Elskling AB (Sweden)
• Zmarta AS (Norway)
• Freedom Rahoitus Oy (Finland)

Hereafter, these companies will be referred to as “Zmarta”, “us”, “we”, or “ours”.

Purpose – Why Do We Process Your Personal Data?
We process your personal data to:

• Recruit suitable candidates.
• Manage potential candidates.
  Your data will be used to:
• Identify, evaluate, and communicate with candidates.
• Screen, select, and assess candidates for open positions.
• Maintain contact with candidates for future opportunities.

Processed Data – What Types of Data Do We Process?
We process personal data including:

1. Basic candidate information.
2. Contact information.
3. Employment and educational history.
4. References and contact details.
5. Information on skills and competences.
6. Recruitment documentation.
7. Photographs.

We do not request sensitive personal information such as ethnic origin or political opinions.

If a candidate proceeds in the recruitment process and receives a job offer, we may also process information on previous salary, social security number, and insurance solutions.

For specific positions, where legally required, we conduct background checks.

How Data Is Collected:
We collect data submitted by candidates through our recruitment system (Jobylon).
We process assessment results from our candidate assessment system.
We may also process information provided on LinkedIn for screening purposes.

Who Has Access to Your Personal Data?
We may share your information with carefully chosen third parties to carry out services on our behalf.
Data may be shared with other entities within the Zmarta Group for shared functions.
Third-party service providers may include recruitment agencies and testing providers.

Legal Basis:
Processing for evaluating candidates and preparing employment contracts is based on contract.
Processing for documenting recruitment processes, screening, and evaluating candidates not actively applying for jobs is based on legitimate interest.
Processing for conducting suitability assessments required by law is based on legal obligation.

Retention Period:
Personal data is retained as needed depending on the purpose and legal obligations.
Application data via Jobylon is retained for a maximum of two years, unless the applicant requests deletion.
Test results from assessments are retained for a maximum of two years.
Background checks are retained for a minimum of three years or longer if necessary to fulfill legal obligations.

Security Measures:
We implement technical and organizational security measures to protect personal data from unauthorized access.
Access to applicant information is restricted to relevant employees such as the HR department and managers.

Your Rights:
You have the right to access, correct, and delete your information.
You may withdraw consent for data processing at any time.
You have the right to request temporary cessation of data processing.
You can object to data processing based on legitimate interest.
We will provide reasons for refusing any requests.
If you believe your data is processed unlawfully, you may contact Zmarta's Data Protection Officer or the Data Protection Authority.

For more information, contact:

• Zmarta’s Data Protection Officer: [email protected]
• Data Protection Authority: [email protected]
  More information is available on the DPA website: www.imy.se.