emagine's Privacy Policy

Privacy policy

1 Introduction

This Privacy Policy provides you with information on the processing of personal data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and other data protection provisions.

The nature, scope and purpose of our processing of personal data is set out below as follows:

2 Data Controller and Data Protection Contacts

Data Controller, Data Protection Officer (DPO) and related contact data

3 Processing of Personal Data

Sets out the potential Data Subjects, Personal Data, Processing purpose, Origin and Receipt, Legal Basis and Retention Period for the categories below.

Website UsersRelevant if you use our Website.
CandidatesRelevant if you provide us directly or indirectly Personal Data for the purposes of finding a suitable consulting opportunity with our clients.
ConsultantsRelevant if you have accepted a consulting opportunity
with one of our clients.
ApplicantsRelevant if you apply for employment with us.
SuppliersRelevant if you supply goods or services to us and are not a Consultant or Employee.
ClientsRelevant if we supply goods or services to you.

4 Transfer of data

Overview of Personal Data transfer to our affiliated companies and processors.

5 Data Subject Rights

A detailed explanation of your rights as a Data Subject.

We have tried to keep this document as concise and user-friendly as possible, however, if any matter is not clear then please contact us.

2. Data Controller and Data Protection Contacts

2.1. Controller

The Controller is the entity which determines the purposes and means of the processing of personal data. For all the purposes named under section 3 the controller is:

emagine AS
Schweigaards gate 16b
0191 Oslo
Norway

Phone: +47 22 33 20 20
E-mail: info @emagine.no

(hereinafter referred to as "we", "us" or "emagine")

2.2. Contact e-mail of the responsible person for data protection:

dataprotection @emagine.org

3. Processing of Personal Data

Jump to section:

3.1. Website Users

3.1.1. Description of the purpose

Enabling a functioning visit of our website(s). Please note that there may be dedicated portals for candidates respectively clients on some of our websites. If this is the case, sections 3.2. respectively 3.3. also apply to the data entered there.

3.1.2. Potential Data Subjects
Any user of our website(s).

3.1.3. Potentially concerned Personal Data

- IP address
- Host name of the accessing computer
- Website from which the website was accessed
- Date and time of access
- Websites accessed via the website
- Visited page on our website
- Message whether the retrieval was successful
- Amount of data transmitted
- Information about the browser type and version used
- Operating system

3.1.4. Origin and recipient

We may receive the data from:

- Data Subject

The data may be forwarded to:

- IT service providers

3.1.5. Legal basis

The temporary storage of the abovementioned data is necessary for the technical functionality of a website visit. Further storage in log files is carried out to ensure the functionality of the website and the security of the information technology systems. These purposes constitute our legitimate interests in data processing (Art. 6 (1) f) GDPR).

3.1.6. Retention period

Subject to section 3.1.9 below, the data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For website visits, this is when the relevant session is ended. The log files are kept up to 24 hours directly and exclusively accessible to administrators. After that, they are only available indirectly through the reconstruction of backup media and are permanently deleted after the end of that routine.

3.1.7 Cookies

3.1.8. Plug-ins for social media

The Website does not automatically send your personal data to social media service providers like Facebook, Instagram, YouTube, Twitter, Xing, LinkedIn and the like. This may only happen if you have agreed in your cookie settings to it (see section 3.1.7).

3.1.9. Website forms and data collection

Any data you send to us via a form on our websites will be registered in our CRM tool, HubSpot. The forms are technically operated by external service providers.

Any cookies placed by HubSpot are defined in the cookie section - see section 3.1.7.

Depending on the subject matter of the content, the respective section from 3.2 to 3.6 of this Privacy Policy applies.

3.1.10. External data processors

We may use external data processors to purposes like:

- Virus and spam scanning of internet traffic and email traffic
- Online email
- Sending of newsletters (if subscribed)
- Analysis of visitors and targeted commercials (if cookie popup accepted)
- Hosting of servers with data (databases and webservers)
- Sending push messages to apps (for those using our app, all notifications will go through Google Firebase, plus for iOS devices they will also go through Apple)
- Processing of payments (as applicable)
- Control and revision of accounting

As data controller we will ensure that any data processors protect your information as well as ourselves, and that they are bound by the same limitations as we are regarding the use of your data.

3.2. Candidates

For the sake of clarification, candidates are experts that are stored in our data base for potential vacancies. In contrast, consultants are experts who are placed with a client.

3.2.1. Description of the purpose

Adding professional experts to our database and maintaining the data in order to match consulting resources with the needs of our clients.

3.2.2. Potential Data Subject

Candidates (professional experts seeking temporary consulting projects)

3.2.3. Potentially concerned categories of data

- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- photograph
- date of birth
- nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- information on services offered
- email correspondence and short minutes of conversations

3.2.4. Origin and recipient

We may receive the data from:

- Data Subject
- business social networks
- website visits
- other Group companies

The data may be forwarded to:

- clients
- other Group companies
- governmental agencies

3.2.5 Legal basis

The storage of your data with us is made to fulfil our obligations under agreement with you. Before you enter your data, you will be informed and expressly accept that this involves a mandate for us to find client requests that match your profile.

Therefore, the legal basis for the processing is the performance of a contract [Art. 6 (1) b) GDPR]. If you have never contractually mandated us as mentioned above (this is especially the case for candidates sourced from our entities in France, Germany and UK before 12th September 2022), the legal basis for the processing is our legitimate interest in accordance with Art. 6 (1) f) GDPR: We assume that as a personnel service provider we have a legitimate and recognisable interest in successfully placing a seeker of a consulting role or other market participants.

3.2.6. Retention period

Records of candidates are retained in the database for up to five years from the last business contact with that person.

3.2.7 Newsletters and automated communications

We may use third party system, Active Campaign, to send nudge/service mails. This entails that your personal data is transferred to the USA under prevailing law.

In addition there may be a service that you can optionally subscribe to our newsletters, also administered by Active Campaign, with invitations to events held by emagine (such as Christmas party and seminars), special activities (such as satisfaction surveys or games for consultants with active contracts) and general consultant news.

The legal basis is the consent you have provided to us in accordance with Art. 6 (1) a) GDPR. You can subscribe to these on the website and unsubscribe via links in the emails sent under this category. The personal data pertaining to newsletter subscriptions will be deleted 2 years after the last newsletter was sent, or earlier if you have unsubscribed from the newsletter.

It may also be offered to optionally subscribe to our job agent on the job site. This will provide you with relevant jobs that relate to you your job agent setting straight in you inbox. It can be unsubscribed via the link in the sent email. The legal basis for this processing is article 6(1)(b) of the GDPR as the processing is necessary for us to fulfil our agreement with you regarding sign-up to the job agent.

Note: We sometimes send our newsletters to a subset of our consultants, so being subscribed is no guarantee that you receive all mailings.

3.3. Consultants

For the sake of clarification, consultants are experts who are placed with a client. In contrast, candidates are all experts that are stored in our data base for potential vacancies. Therefore, section 3.2 on candidates also applies to each consultant.

3.3.1. Description of the purpose

Deploying professional experts on temporary consulting roles with our clients.

3.3.2. Potential Data Subjects

- Consultants (experts who have contracted with us for a consulting role)

3.3.3. Potentially concerned categories of data

- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- photograph
- date of birth
- nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- information on services offered
- email correspondence and short minutes of conversations
- identification documents
- background check results
- VAT identification number
- Social/tax attestations
- bank details
- contracts, invoices and related documentation

3.3.4. Origin and recipient

We may receive the data from:

- Data Subject
- other Group companies
- business social networks
- pre-employment screening intermediaries

The data may be forwarded to:

- clients
- other Group companies
- governmental agencies
- professional advisors

3.3.5. Legal basis

The data must be processed for the preparation, follow-up and execution of contracts for potential future business. The legal basis for this processing is Art. 6 (1) b) GDPR.

3.3.6. Retention period

Personal Data of Consultants are retained per tax, legal and regulatory requirements which may be for up to six (6) years from the end of the year in which the contractual relationship terminated.

3.4. Applicants

For clarification, applicants for temporary work, as a subset of general applicants, are also candidates for future placements with clients. Therefore, section 3.2 on candidates applies to each temporary work applicant, too.

3.4.1. Description of the purpose

Personal Data is collected, processed and used for the purpose of assessing the suitability for and establishing employment relationships. As soon as an employment contract is closed, further information on the data processing will be given together with the contract documents.

3.4.2. Potential Data Subjects

- applicants for general employement
- temporary work applicants
- applicants for deployment as trainees/interns/students/volunteers

3.4.3. Potentially concerned categories of data

- surname, first name (if applicable: birth name)
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- photograph
- date of birth
- nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- identification documents
- background check results
- driving licence
- social security number
- marital status
- partners and dependents
- bank details
- tax identifiers/codes
- health status
- performance reviews
- payroll and social data
- benefits data

3.4.4. Origin and recipient

We may receive data from:

- Data Subject
- employment agencies
- pre-employment screening intermediaries
- governmental agencies
- benefits providers
- other Group companies

The data may be forwarded to:

- governmental agencies
- benefits providers
- professional advisors
- other Group companies
- clients
- suppliers

3.4.5. Legal basis

Insofar as the personal data are required for the preparation of the employment contract, the basis for their processing is Art. 6 (1) b) GDPR. With regard to special categories of data (e.g. health status), processing may be necessary and therefore permissible under Art. 9 (2) b) GDPR with regard to the rights and obligations of the controller under labour and social law. Otherwise, pursuant to Art. 9 (2) a) GDPR, express consent must be obtained.

3.4.6. Retention period

Employed applicants will receive further information on the processing and retention of their personal data with their contractual documents. Data of rejected applicants will be retained for up to six (6) months after the rejection.

3.5. Supplier contacts

3.5.1. Description of the purpose

Purchasing/receiving goods and/or services (other than consulting services we offer to our clients) that are required to maintain or improve our company and its operations.

3.5.2. Potential Data Subjects

- Suppliers (if they are a natural person)
- Supplier employees

3.5.3. Potentially concerned categories of data

- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs

3.5.4. Origin and recipient

We receive the data from the Data Subject or its public advertisements and we may recommend it to third parties if we are satisfied with the Data Subject's performance.

3.5.5. Legal basis

Insofar as personal data must be processed for the preparation, follow-up and execution of contracts, the basis for their processing is Art. 6 (1) b) GDPR. If we store the data to have it available for future demand, we do this on the basis of legal interest (Art. 6 (1) f) GDPR) because that data was already publicly available.

3.5.6. Retention period

The retention period depends on the relevance of the supplier for emagine's business. As long as a contractual relationship is ongoing or conceivable, the data will be retained.

With respect to contractual data, the retention period depends on the contractual period and tax, legal and regulatory requirements thereafter or generally for up to six (6) years from the end of the year in which the contractual relationship terminated.

3.6. Client contacts

3.6.1. Description of the purpose

The provision of advice or professional services as a consultant or intermediary.

3.6.2. Potential Data Subjects

- client employees

3.6.3. Potentially concerned categories of data

- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- photograph

3.6.4. Origin and recipient

We may receive the data from:

- Data Subject
- business social networks
- website visits

The data may be forwarded to:

- Candidates
- Consultants
- professional advisors

3.6.5. Legal basis

Insofar as personal data must be processed for the preparation, follow-up and execution of contracts, the basis for their processing is Art. 6 (1) b) GDPR. Insofar as client's data is collected and stored in our data base for potential future business, the basis for this is our legitimate interest in accordance with Art. 6 (1) f) GDPR: We assume that as a personnel service provider we have a legitimate and recognisable interest in successfully placing job seekers or other market participants.

3.6.6. Retention period

Your data will be retained for as long as we have a contractual relation for the purposes originally envisaged in that relation. In addition, and however, the retention period will be contingent upon tax, legal and other regulatory requirements which in some instances demand storage for up to six (6) years from the end of the year in which the contractual relationship ceased.

 

4. Transfer of data

4.1. Sharing of data

emagine is an international organization with cross-border business processes, management structures and technical systems. We are part of the emagine Group. Each entity of that group is joint controller of the data. Within the group we may share amongst each other information about you in connection with identified uses (see above: section 3) and in accordance with this privacy policy.

We also involve a limited number of sub-processors in order to provide effective services. Each processor is bound by a specific data processing agreement. Our methods and procedures are designed to provide a consistent level of protection of personal data.

4.2. Members of the Group that are sharing the data

emagine Consulting A/S
Sydhavnsgade 16
2450 København
Denmark

emagine Consulting AB
David Bagares Gata 3
111 38 Stockholm
Sweden

emagine AS
Schweigaards gate 16b
0191 Oslo
Norway

emagine Sp. z o.o.
ul. Domaniewska 39A
02-672 Warszawa
Poland

emagine Group SAS
4 place des Vosges
92400 Courbevoie La Défense
France

emagine Consulting SARL
4 place des Vosges
92400 Courbevoie La Défense
France

otherwise Portage SARL
4 place des Vosges
92400 Courbevoie La Défense
France

emagine GmbH
Voltastraße 1
60486 Frankfurt am Main
Germany

emagine Flexwork GmbH
Sigmaringer Str. 107
70567 Stuttgart
Germany

emagine Consulting Ltd.
33 Gracechurch Street, 6th floor
London EC3V 0BT
United Kingdom

emagine Infotech Software Private Ltd.
Safeway Plaza, #10, 27th main road, 100ft ring road, 1st stage BTM
Bangalore 560068
India

emagine Expertise Ltd.
Penrose Two, Cork
Cork T23 YY09
Ireland

emagine Consulting B.V.
Gustav Mahlerplein 2
1082 MA, Amsterdam
Netherlands

Skillspark IT Consultancy L.L.C
Office 506 Ubora Tower, Marasi Drive Business Bay
Dubai
United Arab Emirates

4.3. Processors of the emagine Group

For the avoidance of doubt: this is not an exhaustive list. If you have further enquiries, please refer to the data protection responsible (see above: section 2.2).

- Various software vendors including standard CRM, ERP and related systems
- Various professional advisors including standard payroll, HR, training, social, tax, accounting, treasury and audit services.

4.4. Legal basis

The legal basis for the data transfer within the group is legitimate interest (Art. 6 (1) f) GDPR). The shared infrastructure, the group structure and the goal to offer internationally available candidates opportunities in other countries require a data exchange within the group.

5. Data Subject Rights

The applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis us with regards to the processing of your personal data, about which we inform you below:

5.1. Right of access (Art. 15 GDPR)

In particular, you have a right of access to your personal data processed by us and further information as listed in Art. 15 GDPR.

5.2. Right to rectification (Art. 16 GDPR)

You have the right to have incorrect data concerning you corrected and/or incomplete data held by us completed without delay.

5.3. Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

Please note that deletion from a newsletter has to be demanded separately through the link in the respective newsletter mail.

5.4. Right to restriction of processing (Art. 18 GDPR)

You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data which you dispute is verified in the following circumstances:

- You oppose deletion of your personal data and requests restriction instead in case of unlawful processing;
- You require your personal data to be kept in order to establish, exercise or defend a legal claim after we no longer need these data since the purpose has been achieved;
- You have lodged an objection for reasons relating to your particular situation, and we are considering whether our legitimate grounds override yours.
- You contest the accuracy of your personal data and we are verifying it.

5.5. Right to notification (Art. 19 GDPR)

If you have asserted the right to correction, deletion, or restriction of processing vis-à-vis us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed as part of this correction, deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.

5.6. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided us with in a structured, common, and machine-readable format or to request transmission of those data to another controller, insofar as this is technically feasible.

5.7. Right to withdraw consents (Art. 7 (3) GDPR)

You have the right to withdraw at any time any consent you have given to the processing of data. In the event of revocation, we will immediately delete the concerned data. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

5.8. Right to lodge a complaint (Art. 77 GDPR)

If you believe that the processing of personal data relating to you is in breach of data protection legislation, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.

5.9. Right to object (Art. 21 GDPR)

If we process your personal data on the basis of our legitimate interest, you have the right to object on grounds relating to your particular situation to this processing at any time.

If you exercise your right to object, we will no longer process your personal data. However, we reserve the right to keep processing of your personal data if we can prove that there are compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. You can exercise the right to object as described above.

If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.