Data protection policy

NorthHouse Partners data protection policy

May 2018

Below you can read about how NorthHouse Partners (NHP) processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Act on Processing of Personal Data specifically applicable to Denmark. 

This document provides you with information about the following aspects:

  • Our data protection policy for job candidates and our recruitment database.
  • Our data protection policy for clients
  • Our data protection policy for NHP staff
  • Website and cookies
  • Website copyrights
  • Physical locations of NHP
  • In the event of a security breach

We use Tresorit which is one of the most secure cloud-based ‘end-to-end encrypted’ solutions for global synchronisation and sharing of our data and documents. This solution is the optimal solution for us because we want to ensure process efficiency in addition to high data security and regulatory compliance.

Data protection policy for network consultants

Why do we store and process personal data?
As a management consulting company, NHP stores and works with personal data for the purpose of hiring the ideally-qualified consultant for project positions with our clients. With this in mind, we process your CV and other personal documents and data in our recruitment database in Tresorit.

Which data do we store?
We store:

  • Your original CV, but without the sensitive personal data (please see below)
  • If relevant, an NDA
  • Your CV on paper with the NHP letterhead and your anonymised miniature CV
  • Your profile photo
  • Your references, acquired with your consent and according to reference data provided by you
  • Relevant case notes.

Which data do we not store?
We do not store sensitive personal data such as:

  • Your full civil registration number
  • Your racial or ethnic origin
  • Biometric data for unequivocal identification
  • Data about your political, religious or philosophical beliefs
  • Data about union membership, if applicable 
  • Data about your health or sexual aspects
  • Data about criminal offences.

Specifically concerning criminal records:

Whenever relevant, we will ask for your criminal record. You will be asked to give NHP your consent although you will have to personally acquire a copy of your criminal record. You will also be asked to allow us to share your criminal record with our clients. We will delete the copy of your criminal record in NHP’s care after it has been forwarded to our client.

If we identify CVs or files containing the above sensitive data or semi-sensitive data when reviewing the database, any such data will be deleted.

In what way, for how long and where do we store data?

We will store your CV for 18 months. After this period, it is our opinion that the CV will need to be updated anyway and a new CV will be stored with your renewed consent. 

We will send you a reminder by e-mail to enquire whether you would like to continue in our network database. You will have to give your consent, otherwise we will delete your data.

NorthHouse Partners (NHP) is the data controller. Tresorit is the data processor.

We use Microsoft Office 365 for standard e-mails

Communication between NHP and our network consultants will be deleted after five years. Communication containing candidate data and exchanged by NHP with companies will be deleted after five years. 

E-mails will be stored with Microsoft Office 365 data centres. You can keep up-to-date with Microsoft’s terms and conditions for online service as you desire.

When printing your data
Only on the rare occasion do we make printed copies. We make a sincere effort to be a paper-free company. Should we print your data, the prints will be stored securely at our offices and will be shredded at the latest six months after their use.

Consent to contact references – how do we contact your references?
We will only get in touch with references whose contact data you have provided to NHP and only references where you have given NHP consent to contact. We will contact your references by telephone and make written notes to be deleted when we no longer need them.

You may withdraw your consent to contact your references at any time.

Consent to hand over your data when presenting you to a company
NHP will only hand over your CV and other data to a company after we have discussed a specific position/project with you and you have granted your written consent to exchange your data.

Once your data has been forwarded to the client, that company is responsible for complying with the personal data storage regulations.

Extended consent for transfers to third countries outside the EU/EEA
For companies residing in a country outside the EU/EEA – also known as third countries – we comply with the guidelines issued by Danish Data Protection Authority concerning transfer of personal data to third countries.

The right to have data deleted
You can always ask NHP to delete your data with us. Please contact Birgitte Bugge by e-mail to bbu@northhousepartners.comor telephone +45 2010 1898.

 

NorthHouse Partner's data protection policy and our clients

NHP uses the online CRM system Pipedrive
We process and store company data and client data using Pripedrive for marketing and collaboration purposes. 

We use this system to store standard client data, this list is not exhaustive:

- The company’s main data and industry listing
- Names of contacts and their contact data
- Appointments with clients
- Dialogue and purchase histories

Data concerning non-active clients is stored up to five years.

We use Microsoft Office 365 for standard e-mails
Communication exchanged by NHP with companies will be deleted after five years.

E-mails will be stored with Microsoft Office 365 data centres. You can keep up-to-date with Microsoft’s terms and conditions for online service as you desire.

Our data protection policy for NorthHouse Partner's staff

During your employment with NHP, we store your data in our employee system using Tresorit. Tresorit is one of the most secure cloud-based ‘end-to-end encrypted’ solutions for global synchronisation and sharing of our data and documents. This solution is the optimal solution for us because we want to ensure process efficiency in parallel with high data security and regulatory compliance. We use employee data exclusively for the purpose of staff administration.


We store the following data about you:

  • Your name, address, civil registration number
  • Your CV and your application
  • Your employment contract
  • Your job description and agreed performance measures
  • Your appraisal talks and similar data
  • Copies of your sick notices and any other documents that we may have used for reporting purposes.

In addition to the above data, we also record working hours, bank account (for taxation and pension purposes). 

On the Company tab we keep you photo and contact data to enable our clients and business partners to identify NHP staff. We need your consent to display your personal data on our website.

Data controller and data controller:
NorthHouse Partners (NHP) is the data controller. Tresorit and Danløn are the data processors storing your data.

Website og Cookies
Vores website leverandør er One.com. Dataansvarlig for hjemmesiden er NorthHouse Partners. Databehandler for hjemmesiden er one.com

Vores hjemmeside er SSL sikret og vi indsamler ikke cookies.

©Copyright
All contents of this website are protected by copyright. Pursuant to the Act of Copyright, the materials on this website may not be copied, reproduced or distributed – neither fully nor in part – without the prior written consent of NorthHouse Partners.

Photos and/or texts may be downloaded or copied only by prior written consent of NorthHouse Partners.

Trademarks
The names of products and companies presented on this website may be registered trademarks and protected company names. All trademarks and trade names are property of their respective owners.

Physical locations of NorthHouse Partners
The locations of NHP are securely protected. We have no databases at our premises and no servers at our office addresses. There no computers at our locations outside working hours. All our computers are laptop models with password protection. We – laptops and mobile phones alike – are protected by Webroot services. In addition to this, access to all systems is password protected.   

We aim to be a paper-free company. However, if sensitive data is printed, the prints will be stored in locked cabinets and shredded after no more than six months.

Our staff also pay serious attention to exhibit the required discretion in the event of guests entering NHP.

In the event of a security breach
Should we detect a personal data breach which endangers the rights of physical persons or rights of freedom, we will report the breach to the Danish Data Protection Authority without undue delay and, if possible, at the latest 72 hours after we have learnt of the breach. In parallel with this, we will also notify the affected persons.

Questions?
To answer any queries please contact Birgitte Bugge by e-mail to bbu@northhousepartners.com or telephone +45 2010 1898.