Our Privacy Notice

This Privacy Notice is a guide to our use of the personal information we have about you.

Who are we and what do we do?
We are Hoist Finance AB (publ) a publicly listed company based in Sweden. We are the parent company of the Hoist Finance Group of companies.
What information do we hold, why do we process it, & how long do we keep it for?
This Privacy Notice outlines the different processing activities we as controllers perform with your personal data as part of our operations.

Processing activities in the Job Application Process

When you apply for a job at Hoist Finance AB or any other company within the Hoist Group, either directly via our website or through external recruitment agencies we are required to process your personal data. The purpose of the processing of your personal data is the administration of received job applications and the selection of suitable candidates for open positions at Hoist Finance or any other company within the Hoist Group. 

In order to properly fulfil the aforementioned purposes, the following categories of personal data will be processed:

Type of information Reason for processing Legal basis for processing How long we keep your information for
Contact information, such as name, title, home address, telephone number, personal email address, contact information to refereesCV data, such as employment history, date of birth, gender, qualifications, nationality, profession, professional memberships, educational achievements, diplomas, transcripts, languages, computer skills, identification number, cover letter.

The administration of received job applications and the selection of suitable candidates for open positions at Hoist Finance

Performance of a contract 5 years post end of recruitment (successful candidates), 2 year post end of recruitment (unsuccessful candidates)
Referee data, i.e. any data provided to us by your referees

To ensure that the job applicant is suitable for the applied position

Performance of a contract 5 years post end of recruitment (successful candidates), 2 year post end of recruitment (unsuccessful candidates)
Background check data, such as national identification number, CV-verification, Information from the national registrar, tax information and internet searches, credit information, information from the Enforcement Authority, information on corporate commitments and property possessions as well as information on civil proceedings and tax surcharges

To ensure that the job applicant is suitable for the applied position

Performance of a contract, legal obligation End of recruitment

How we use particulary sensitive personal data 

We will use your sensitive personal data only in so far as we are permitted by law to do so:

  • We will use data about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • We will use data about your nationality or ethnicity, to assess whether a work permit and a visa will be necessary for the role.

Where do we get the information from?

We collect personal data about candidates from the following sources:

  • You, the candidate.
  • Your named referees, from whom we collect the following categories of data: full name, periods of previous employment, performance during previous employment.
  • From publicly accessible sources, such as LinkedIn etc., where we collect your full name, email, work history, and other data included on your profile.
  • From third parties (such as recruitment agencies) that have introduced you to us or you may have directly applied for a vacancy at our company on their website. Those third parties are data controllers for the data which they collect and process for their own purpose. More information about how they process your personal data can be found in their respective privacy notices on their websites.
  • From third parties (such as pre-employment screening companies) that will perform checks on candidates in last stage of the recruitment process.

Disclosure of your information

We will only share your personal data within Hoist group of companies including subsidiaries and branches.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with data protection law and data processing is limited to EU/EEA area. Contractually, if transfers outside the EU/EEA or to countries without an adequacy decision by the European Commission occur in the future they will be based on standard data protection clauses adopted by the European Commission. 

Processing activities in our subscription service

Processing activities in our subscription service

When you sign up to our website subscription service for the purpose of being provided with press releases, interim reports, annual reports, and calendar reminders we process your personal data. The data will only be processed to provide you with this service.

In order to properly fulfil the aforementioned purposes, the following categories of personal data will be processed:

Type of information

Reason for processing

Legal basis for processing

How long we keep your information for

Contact information, such as name, adress, Zip/Postal code, City of residence, country, Phone number, e-mail adress,

To provide you with our subscription service

Performance of a contract

30 days post end of subscription

How we use particulary sensitive personal data 

For the provision of our subscription service no special categories of data will be processed.

Where do we get the information from?

All personal data we process for the purpose of providing you with our subscription service are collected from you. The data is collected during the registration process or when you add information while logged in at our Investor Relations website.

Disclosure of your information

We will only share your personal data within Hoist group of companies including subsidiaries and branches and with the third party providing us with our subscription service.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with data protection law and data processing is limited to EU/EEA area. Contractually, if transfers outside the EU/EEA or to countries without an adequacy decision by the European Commission occur in the future they will be based on standard data protection clauses adopted by the European Commission. 

Data Security 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable authority of a suspected breach where we are legally required to do so.

Your statutory data protection rights

Right to access: You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please contact us. We will respond to your request within one month.

Right to rectification: We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We may ask that you provide reasonable proof to verify your request.

Right to restrict processing: If you believe the personal information we hold is inaccurate, unlawful, or that we do not have a legitimate interest to process it, you can request that we restrict any processing until this is rectified.

Right to object to processing: Where your particular situation merits that we no longer process your information for the performance of a task carried out in the public interest or based on our legitimate interest, you have the right to object to the processing.

Right to data portability: This right allows you to obtain in a structured, commonly used format, and to reuse the information you have provided to us for your own purpose and have it transmitted directly to different services. This applies only to information we use based on your consent or on a contractual basis.

Rights related to automated decision making and profiling: You have the right to safeguards against the risk of potentially damaging decisions being taken without human intervention. This right applies where a decision is based solely on automated processing and produces a legal effect or similar significant effect. If this is the case, we must ensure you are able to obtain human intervention, to express your point of view, and to have the opportunity to challenge it. We will also explain the logic behind the decision.

Profiling is defined as any form of automated processing intended to evaluate certain personal aspects of an individual in order to analyse or predict aspects of their personal circumstances, behaviours or abilities. Processing must be fair and transparent, use appropriate mathematical or statistical procedures, use appropriate controls to minimise inaccuracies and secure personal data.

We do not use any such automated individual decision making.

Right to erasure (“right to be forgotten”): You may ask us to delete the information we hold on you where it is no longer necessary for the purpose for which it was collected; where you withdraw any consent you provided for its processing; where you object to our processing of it (see above); or where our processing is unlawful. Please note, however, that we are also subject to certain legal obligations that prevent us from immediately deleting all of your information. For example, we are legally obliged to keep certain data for anti-money laundering purposes for at least five years. However, any data we are prohibited from deleting will be blocked and, when we are no longer obliged to keep it, erased.

Right to lodge a complaint: You have the right to lodge a complaint with the Swedish data protection supervisory authority, the Swedish Authority for Privacy Protection.  

Changes to this Privacy Notice

We regularly review this Privacy Notice. We will notify you of any substantial updates and any updates that affect you 2 weeks in advance. Minor changes to the Privacy Notice, such as making it clearer, will be implemented without directly notifying you.

This privacy policy was last updated: 28 October 2021.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you or the basis upon which we process such information:

 

Address: Hoist Finance AB (publ)

Att: Head of Data Protection
P.O. Box 7848
SE-111 21 Stockholm
Sweden

 

E-mail: dpo@hoistfinance.com