Below you can read about how NorthHouse Partners (NHP) processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Act on Processing of Personal Data specifically applicable to Denmark.
This document provides you with information about the following aspects:
Our data protection policy for job candidates and our recruitment database.
Our data protection policy for clients
Our data protection policy for NHP staff
Website and cookies
Physical locations of NHP
In the event of a security breach
We use Tresorit which is one of the most secure cloud-based ‘end-to-end encrypted’ solutions for global synchronisation and sharing of our data and documents. This solution is the optimal solution for us because we want to ensure process efficiency in addition to high data security and regulatory compliance.
DATA PROTECTION POLICY FOR NETWORK CONSULTANTS
Why do we store and process personal data?
As a management consulting company, NHP stores and works with personal data for the purpose of hiring the ideally-qualified consultant for project positions with our clients. With this in mind, we process your CV and other personal documents and data in our recruitment database in Tresorit.
Which data do we store?
Your original CV, but without the sensitive personal data (please see below)
If relevant, an NDA
Your CV on paper with the NHP letterhead and your anonymised miniature CV
Your profile photo
Your references, acquired with your consent and according to reference data provided by you
Relevant case notes.
Which data do we not store?
We do not store sensitive personal data such as:
Your full civil registration number
Your racial or ethnic origin
Biometric data for unequivocal identification
Data about your political, religious or philosophical beliefs
Data about union membership, if applicable
Data about your health or sexual aspects
Data about criminal offences.
Specifically concerning criminal records:
Whenever relevant, we will ask for your criminal record. You will be asked to give NHP your consent although you will have to personally acquire a copy of your criminal record. You will also be asked to allow us to share your criminal record with our clients. We will delete the copy of your criminal record in NHP’s care after it has been forwarded to our client.
If we identify CVs or files containing the above sensitive data or semi-sensitive data when reviewing the database, any such data will be deleted.
In what way, for how long and where do we store data?
We will store your CV for 18 months. After this period, it is our opinion that the CV will need to be updated anyway and a new CV will be stored with your renewed consent.
We will send you a reminder by e-mail to enquire whether you would like to continue in our network database. You will have to give your consent, otherwise we will delete your data.
NorthHouse Partners (NHP) is the data controller. Tresorit is the data processor.
We use Microsoft Office 365 for standard e-mails
Communication between NHP and our network consultants will be deleted after five years. Communication containing candidate data and exchanged by NHP with companies will be deleted after five years.
E-mails will be stored with Microsoft Office 365 data centres. You can keep up-to-date with Microsoft’s terms and conditions for online service as you desire.
When printing your data
Only on the rare occasion do we make printed copies. We make a sincere effort to be a paper-free company. Should we print your data, the prints will be stored securely at our offices and will be shredded at the latest six months after their use.
Consent to contact references – how do we contact your references?
We will only get in touch with references whose contact data you have provided to NHP and only references where you have given NHP consent to contact. We will contact your references by telephone and make written notes to be deleted when we no longer need them.
You may withdraw your consent to contact your references at any time.
Consent to hand over your data when presenting you to a company
NHP will only hand over your CV and other data to a company after we have discussed a specific position/project with you and you have granted your written consent to exchange your data.
Once your data has been forwarded to the client, that company is responsible for complying with the personal data storage regulations.
Extended consent for transfers to third countries outside the EU/EEA
For companies residing in a country outside the EU/EEA – also known as third countries – we comply with the guidelines issued by Danish Data Protection Authority concerning transfer of personal data to third countries.