PRIVACY POLICY
Novicell ApS
Business reg. no. 20297743
1. WHO ARE WE?
Novicell ApS, business reg. no.: 20297743, Søren Nymarks Vej 6, 8270 Højbjerg (”Novicell”, ”we” or ”us”) is the data controller responsible for the processing of your personal data as described in this privacy policy.
If you have any questions regarding this privacy policy or our processing of your personal data in general, you may contact us at legal@novicell.dk.
2. WE PROCESS YOUR PERSONAL DATA
We process personal data for various purposes, which you can read more about in this privacy policy.
We only disclose your personal data when necessary to comply with the purposes for which the personal data was collected or if it is necessary to comply with our legal obligations.
2.1. Contact persons with partners and customers
As part of the company’s day-to-day business operations, we process the following categories of personal data regarding business and customer contact persons. The processing activities is related to sales, handling of ongoing customer relationships, service, support, events, etc.
- Ordinary personal data, including name, contact information, employer, title and CRM-related personal data in accordance with article 6(1)(f) and (c) of the GDPR.
To the extent necessary, we disclose your personal data to business partners, suppliers, etc., including subcontractors, intra-group companies, freight companies, accountants and attorneys.
We store the above-mentioned personal data for as long as the business or customer relationship exists, or until the relevant contact person is no longer employed by our business partner, customer, etc. Personal data registered in connection with sales, delivery, invoicing, etc., is stored for five (5) years after the end of the relevant financial year.
2.2. Users of our website
We process personal data about you if you consent to cookies. The purpose for the processing is to be able to manage our website and marketing. You can read more about cookies in our cookie policy: https://career.novicell.com/cookie-policy. Depending on which categories of cookies you give us consent to place, we may process the following categories of personal data about you:
- Ordinary personal data including IP-address or which pages you visit on our or other websites in accordance with article 6(1)(a) of the GDPR.
If you consent to third party cookies, we share information about your visit to our website with Google for statistical purposes, to improve our website, measure our marketing efficiency and to target marketing.
If you consent to third party cookies, we share information about your visit to our website with social media providers such as Facebook, Twitter and LinkedIn for statistical purposes, to improve our website, measure our marketing efficiency and to target marketing. In connection with these processing activities, we are joint data controllers with the social media providers in accordance with article 26 of the GDPR.
Learn more about cookies in our cookie policy.
The retention period for our processing of your personal data depends on which categories of cookies you give us consent to place.
2.3. Applicants
We process the following categories of personal data to be able to process unsolicited application material or in connection with a job advert:
- Ordinary personal data received from you in your application material including name, contact information, job history, education, professional competences, photo, etc. in accordance with article 6(1)(b) and (f) of the GDPR.
- Ordinary personal data collected from publicly available social media platforms, for example LinkedIn, Facebook, etc. in accordance with article 6(1)(b) and (f) of the GDPR.
- Ordinary personal data collected from your references or public authorities, if you have consented hereto in accordance with article 6(1)(a) of the GDPR and section 8(2)(i) of the Danish Data Protection Act.
- Ordinary personal data processed in connection with personal tests or similar tests, if you have consented hereto in accordance with article 6(1)(a) of the GDPR.
If we process special categories of personal data (sensitive data) about you in accordance with article 9(2) of the GDPR or your CPR-number, because you provided this information on your own initiative in your application material, your submission of this information is considered as your explicit consent to our processing of the information during the recruitment process in accordance with article 9(2)(a) of the GDPR and section 11(2)(ii) of the Danish Data Protection Act.
To the extent necessary, we may disclose your personal data to our software providers or business partners, including, for example, recruitment consultants and test providers.
If your application does not lead to employment with us, we will normally store your application material for up to six (6) months after the recruitment process is complete.
There may be specific instances where we retain your personal data for a longer period of time if we deem this necessary to be able to defend ourselves against a potential legal claim in accordance with article 6(1)(c) of the GDPR.
When you send an application to us, solicited or unsolicited, we request your consent to retain your application material in our CV database for possible future vacancies for 24 months in accordance with article 6(1)(a) of the GDPR.
If you give your consent for us to retain your application material in our CV database, you will receive an email after 22 months informing you that you may extend the retention period. If you do not actively renew your consent, your application material will automatically be deleted after 24 months.
You may withdraw your consent at any time and consequently have your application material removed from our CV database by contacting us as described above under clause 1.
2.4. Direct marketing
We process the following categories of personal data about you to keep you updated with relevant news (marketing):
- Ordinary personal data such as your name and contact information, if you have consented to direct marketing in accordance with article 6(1)(a) of the GDPR and section 10 of the Danish Marketing Act.
To the extent necessary, we disclose your personal data to our software providers and business partners.
As a starting point, we process your personal data until you unsubscribe from our marketing service. You can unsubscribe from our marketing service by clicking ”unsubscribe” in our newsletters or by contacting us as described above under clause 1.
If you unsubscribe from marketing, we retain your personal data for 6 months to be able to document your consent in accordance with article 6(1)(f) of the GDPR.
3. IF YOU WOULD LIKE TO WITHDRAW YOUR CONSENT
If we process your personal data based on your consent, you can withdraw your consent at any time by contacting us as outlined above under clause 1 or follow the instructions on our website, in newsletters etc.
If you withdraw your consent, it will not affect the legality of our processing of your personal data until the time you withdraw the consent. In special cases we may be entitled to continue our processing of your personal data, e.g. to defend ourselves against a potential legal claim.
4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
To the extent necessary to comply with the purposes of the processing of your personal data, we may transfer personal data to international organizations or companies established in countries outside the EU/EEA. We only perform such transfers if we have a sufficient legal basis for this, including e.g.:
- If the European Commission has assessed that the security in the relevant third country is adequate in accordance with the nature of article 45 of the GDPR, or
- If other appropriate safeguards can be provided, including, e.g. the conclusion of the EU Commission’s standard contracts in accordance with the nature of article 46 of the GDPR.
5. SECURITY MEASURES
Your personal data security is a high priority to us, and our focus is therefore on processing your personal data in compliance with applicable data protection law.
In order to best protect your personal data, we continuously assess the risks that may be associated with our processing of your personal data. In particular, we pay attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation and confidentiality.
In the event of a data breach that involves high risk to your rights, we will notify you of the breach as soon as possible under the given circumstances.
6. YOUR RIGHTS
When we process your personal data, you have a number of rights. If you request to make use of your rights, you can contact us as described above under clause 1.
- Right of access. You are entitled to access and receive copies of the personal data, we process about you.
- Right of rectification. If we process incorrect personal data about you, you are to same extent entitled to rectification of any such incorrect personal data.
- Deletion. In specific cases, you have the right to have the personal data we process about you deleted.
- Restriction of processing. In specific cases you have the right to request that our processing of your personal data shall be limited to storage.
- Objection. In specific cases, you are entitled to object to our processing of your personal data.
- Data portability. In specific cases, you are entitled to receive your personal data in a structured, commonly used and machine readable format and to have such personal data readily transferred from one data controller to another.
Learn more about your rights at the Danish Data Protection Agency’s website: www.datatilsynet.dk.
7. AVENUES OF COMPLAINT
You have the right to file a complaint to the Danish Data Protection Agency, if you are dissatisfied with the way in which we process your personal data. However, we obviously hope that you will reach out to us first to find a solution.
The Danish Data Protection Agency’s contact information and information on complaints can be found at www.datatilsynet.dk.