Privacy Policy

PRIVACY POLICY

1 INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

Your data security is important to us, and we therefore take great care to ensure that your personal data is handled responsibly. Below you can read how Frontmatec Kolding A/S (hereinafter Frontmatec, "we", "us" or "our") process personal data about you when we act as data controller. You can also read about your rights in relation to our processing.

2 FRONTMATEC'S ROLE AS DATA CONTROLLER

When you apply for a position with us, we receive and process a range of personal data about you, which we will use for the purposes described in this document.

The information processed as part of the recruit- ment process is required for us to contact you and to determine whether you are the right candidate for the vacant position. Information provided to us will only be used to consider your application and in connection with subsequent employment.

During the recruitment process, we will process general personal data about you, but we may also process sensitive personal data, information about your civil reg. no. and/or information about criminal acts.

Here you can read more about the information we process about you when you apply for a position with us.

If you have any questions regarding our processing of your personal data, please contact Frontmatec here:

Frontmatec Group ApS Platinvej 8
6000 Kolding
Denmark

E-mail: dk.job@frontmatec.com

3 WHEN WE RECEIVE YOUR APPLICATION

In order to process your application, we will pro- cess the information appearing from your application, your CV and any enclosed documents.

This typically includes the following information (the list is non-exhaustive): Name, address, date of birth, gender, phone number, email address, phone number, employment history, education history, professional and personal qualifications and other relevant qualifications and written recommendations/references.

In general, we use Article 6(1)(b) of the General Data Protection Regulation and Article 6(1)(f) as the legal basis for processing because we need to process this information in order to determine whether you are the right candidate for the position.

4 WHEN WE CONSIDER YOUR APPLICATION

We specifically consider each applicant's qualifications in relation to the open position. This is done manually. Once we have read the applications, we will select candidates for job inter- views. The candidates that are not selected for an interview will be notified.

5 AT JOB INTERVIEWS

During the recruitment process, we conduct job interviews focusing on both your professional and your personal qualifications, the job content and our business as a workplace. We will make a note of some of the information disclosed during the interview(s) for the purpose of the final evaluation of the applicants for the position. We will only use relevant information when determining whether or not to offer you a job.

In general, we use Article 6(1)(b) of the General Data Processing Regulation and Article 6(1)(f) of

the General Data Protection Regulation as the ba- sis for processing. It is necessary for us to process such information in order to determine whether you are the right candidate for the position.

6 INFORMATION FROM SOCIAL MEDIA

When recruiting for positions with us, it may be relevant to obtain additional information from the Internet, including social media, e.g. LinkedIn, Facebook, Instagram, Twitter, etc. We do that in order to determine if your profile suits our business and the specific position.

We use Article 6(1)(f), Article 9(2)(e) of the General Data Protection Regulation as the legal basis for processing when we obtain information about applicants from social media. It is necessary for us to process such information in order to deter- mine whether you are the right candidate for the position.

7 PERSONALITY TESTS

When recruiting for certain positions, you may be invited to take a personality analysis and/or a logical test. We will always consider whether it is relevant that you take such test in relation to the relevant position. The purpose of the test is to evaluate your qualifications as a potential employee and to consider whether your profile suits our business and the specific position. The test will never stand alone but will be part of the general basis for selecting the right person for the position.

The basis for processing is our legitimate interests in order to determine whether you are the right candidate, cf. Article 6(1)(f) of the General Data Protection Regulation. We may also, depending on the circumstances, use your consent, cf. Article 6(1)(a) and Article (9)(2)(a) of the General Data Protection Regulation. If so, you will be asked to give your consent before such test is made.

8 CRIMINAL RECORD CERTIFICATE

When recruiting for certain positions, it is necessary to obtain a criminal record certificate. We will always consider for each position if it is necessary to obtain a criminal record certificate.

The purpose is to ensure the security of the company. If relevant, we will ask you to obtain the criminal record certificate and present it to us. When we have seen the criminal record certificate, we will delete it immediately. Thus, we do not store information about any criminal acts.

We use Article 6(1)(f) of the General Data Protection Regulation as the basis for our subsequent processing of the information that we have seen your criminal record certificate as it is necessary in order to determine whether you are the right candidate for certain positions. For Danish applicants we use Section 8(3) of the Danish Data Protection Act, cf. Article 10 of the General Data Protection Regulation. We can also use Article 6(1)(c) as a legal basis to document that we have complied with our legal obligations and/or our internal security policies in connection with your employment.

9 WORK AND RESIDENCE PERMIT

For employees with another citizenship than the country you apply for work in, it is a requirement for the employment that they have a valid work and residence permit. In order to ensure this, we may ask for a copy of your passport in connection with the employment.

If your citizenship requires you to have a valid work and residence permit in order to work legally in the country, we will also request a copy of your work and residence permit from you. We will obtain it both when you are employed and when it is to be extended.

Our processing of information in connection with our checking of your work and residence permit is based on Article 6(1)(c) of the General Data Protection Regulation. For Danish applicants we use Section 11(2)(1) of the Danish Data Protection Act, cf. Section 59(5) of the Danish Aliens Act, as we are obliged to ensure that you have a valid work and residence permit.

10 HEALTH INFORMATION

In very special situations, we may request to obtain information about your health. This may be relevant in situations where illness may have a significant impact on your ability to handle the job.

If health information is specifically required, we will specify which illnesses and symptoms of ill- nesses we specifically request information on. Obviously, we respect the framework and limits provided by the Acts on Health Information in this regard. We will ask for your consent before such information is obtained.

The basis for processing is your consent, cf. Article 9(2)(a) and Article 6(1)(a) of the General Data Protection Regulation. In these special situations, it will be necessary for us to process such information in order to determine whether you are the right candidate for the position.

11 REFERENCES

For some positions, it is necessary to obtain references from former employers. We do that in order to check that the information you have provided to us during the employment process is correct and true. If we obtain references from one or several of your former employers, we will register that we have talked with a referee.

If we want to obtain information about you from your current or former employer, we will ask for your consent before obtaining such information. If you do not give your consent, we will not obtain such information.

The basis for processing is your consent, cf. Article 6(1)(a), Article 9(2)(a) of the General Data Protection Regulation.

12 STORAGE AND ERASURE OF INFORMATION PROCESSED DURING THE RECRUITMENT PROCESS

If you are not offered the position you applied for, we will delete any information registered about you within 6 months. The purpose of the storage is to document the recruitment process and the reason for not offering you the position.

If you are employed with us, we will retain the information from the recruitment process as part of your employee portfolio during your employ- ment in order to document your employment history. You will receive separate information in this regard in connection with your employment with us.

13 RECIPIENTS OF YOUR PERSONAL DATA

Frontmatec can transfer you personal data to other suppliers and/or service providers in connection with the normal operation of our business as well as to our group companies.

Frontmatec can also transfer your personal information to a public authority in situations where we are specifically obliged to disclose your personal information pursuant to legislation and notification obligations to which we are subject.

In connection with your employment with us, other parties may process your personal data. It may for instance be necessary to disclose information about you to a recruitment company.

We will not disclose your personal data to other recipients unless required. We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.

Frontmatec also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions.

14 TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU/EEA

In connection with our processing of your personal data we may transfer such information to countries outside the EU/EEA.

The data protection legislation in these countries may be less strict than the legislation applying in Denmark and other parts of the EU/EEA. We transfer personal data to third countries where the EU Commission has determined that the level of data protection is equivalent to the level of protection in the EU/EEA.

If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside the EU/EEA will take place on the basis of the Standard Contractual Clauses drawn up by the European Commis- sion and specifically designed to ensure an adequate level of protection.

15 RETENTION PERIOD, DATA INTEGRITY AND SECURITY

Your personal data will not be kept longer than necessary to fulfil the purposes for which it was collected. When your personal data is no longer needed, we will ensure that it is deleted in a secure manner.

It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

16 YOUR RIGHTS

As a data subject, you have certain rights under the General Data Protection Regulation. If you want to exercise your rights, please contact us.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is

withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when such processing is based on our legitimate interests.

Your rights also include the following: