Navigio

Privacy Policy

 

Navigio always strives to protect the privacy and Personal Data of customers, candidates, clients and suppliers in the best possible way. It is Navigio’s goal to comply with all applicable laws and regulations regarding Personal Data protection. This privacy policy will help you to understand what kind of data Navigio collects, how it is used and what rights you have.

.

Fundamental principles

 

One of Navigio’s central principles is to always show respect for the individual. According to our values and the General Data Protection Regulation (EU) 2016/679 (”GDPR”). The integrity of the individual is a fundamental right.

 

 

1.   Definitions and concepts

 

Cookies: A cookie is a text file that the browser creates when you visit a website.

 

Contact Information: Information regarding the Data Subject’s name, surname, email, telephone number, address, or personal URL for eg. LinkedIn profile URL etc.

 

Data Processing Agreement: Agreements between Personal Data Controller and Personal Data Processor, outlining the obligations and liabilities between the parties to ensure compliance with the GDPR during the contractual period.

 

Data Subject: The person whose Personal Data is being Processed.

 

Legal Basis: Valid reason required under the GDPR for Processing Personal Data; consent, performance of a contract, legal obligation, protection of fundamental interest, exercise of official authority and task in the public interest and Legitimate Interest.

 

Legitimate Interest: A situation where the Personal Data Controller’s interest in carrying out the Processing of Personal Data outweighs the interests and fundamental rights and freedoms of the Data Subject, making the interest considered legitimate.

 

Personal Data: Any information relating to an identified or identifiable natural person.

 

Personal Data Controller: Physical or legal person, public authority, or other entity responsible for determining the purposes and means of the Processing of Personal Data.

 

Sensitive Personal Data: The following Personal Data is considered sensitive according to the GDPR: information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data Processed solely to identify a human being; health-related data; data concerning a person’s sex life or sexual orientation.

 

Retention Period: How long the Personal Data Controller keeps the Personal Data

 

Third Country Transfer: When Personal Data is transferred to a third country, i.e. outside the EU/EEA.

 

 

2.   Executive Search and when you apply for a job at Navigio

 

If you apply for a position where the recruitment Process takes place via Navigio, you will, through the application, provide us with information about you. See the table below for an overview of the Processing, its purpose and the Legal Basis on which the Processing is based at different stages of the Recruitment Process.      

                

Registration of interest:

 

Personal Data: Contact Information and other voluntarily provided information.

 

Purpose of Processing: We collect and Process this data in order to contact you regarding recruitment for potential positions.

 

Legal Basis: Legitimate Interest (Art. 6.1f GDPR)

 

Retention Period: If you have been involved in a recruitment process with us, we keep the recruitment file related to your application up to three years.

 

Search of candidate profiles:

 

Personal Data: Contact Information professional category, work experience, education details and geographical location and other publicly available information.

 

Purpose of Processing: In order for us to provide recruitment services to our customers and for you to be searchable for our recruiters, available for interviews, knowledge tests, reference taking and for other communication with us and to be able to match you with relevant current positions and those that may be relevant to you in the future.

 

Legal Basis: The Processing is based on a Legitimate Interest (Art. 6.1f GDPR) prior to the first contact with us and the initial calibration.

 

Retention Period: If you have been involved in a recruitment process with us, we keep the recruitment file related to your application up to three years.

 

Recruitment process:

 

Personal Data: Details of skills, CV and salary requirements. Documentation from interviews during the process as well as information about you as a referee.

 

Purpose of Processing: We collect and Process Personal Data to qualify you as a candidate in our recruitment process and collect information on how and in what way you as a candidate meet the requirements of the recruitment process.

 

Legal Basis: Legitimate Interest (Art 6.1f GDPR) in order to meet the requirements, we and our customers place on the applicant.

 

Retention Period: If you have been involved in a recruitment process with us, we keep the recruitment file related to your application up to three years.

 

Personality and knowledge test:

 

Personal Data: Results of tests during the recruitment process.

 

Purpose of Processing: If you attend interviews and undergo knowledge and personality tests as part of the recruitment process, we collect additional information to ensure the qualification process of the recruitment.

 

Legal Basis: Consent (art 6.1a GDPR)

 

Retention Period: If you have been involved in a recruitment process with us, we keep the recruitment file related to your application up to five years. Test results are kept longer for statistical purposes.

 

Background check:

 

Personal Data: In some cases, simple background checks are carried out. For some direct recruitment, we may use external partners for deeper background checks.

 

Purpose of Processing: For the purpose of carrying out background checks during the recruitment process to meet customer requirements.

 

Legal Basis: Legitimate Interest (Art 6.1f GDPR)

 

Retention Period: Extracts from criminal records are not retained at all.

 

Candidate database:

 

Personal Data: Contact Information, CV and other information collected during the recruitment process.

 

Purpose of Processing: To increase the number of candidates in future recruitments and to match you with positions that may be relevant to you in the future.

 

Legal Basis: Consent (Art 6.1a GDPR)

 

Retention Period: If you have been involved in a recruitment process with us, we keep the recruitment file related to your application up to five years.

 

 

3.    If you are a client or a supplier of Navigio

 

We keep Personal Data of the responsible contact person of the customer or supplier in order to be able to communicate and maintain our business relationship. This also applies to potential customers or suppliers with whom we may enter a business relationship.

 

We Process the Personal Data based on the Legal Basis fulfillment of a contract (Art. 6.1b GDPR) during ongoing assignments, and Legitimate Interest (Art. 6.1f GDPR) to maintain the long-term business relationships as well as for marketing purposes after the contractual period has ended.

 

In the scope of our Leadership Services or Strategy & Organization Services, we Process Personal Data about the participants employed by our Client in order to;

  • To fulfil our project agreement
  • To contact you during an ongoing assignment or to follow up after an assignment
  • Conduct a feedback survey

Such Processing of Personal Data is based on the fulfillment of a customer contract (Art. 6.1b GDPR) or, where applicable, the consent (Art. 6.1a GDPR) of the individual in case of individual counseling. When required according to the GDPR, Navigio will formalize a separate Data Processing Agreement with the Client including instructions for the specific assignment.

 

 

4.   Marketing, registration and participation in events

 

We Process your Personal Data to communicate with you and send you marketing information. This includes sending you information about Navigio and invitations to events and other information meetings we believe will be of interest to you. For this marketing purpose, we Process your Contact Information. When we have collected the Personal Data by other means, the Processing is based on a Legitimate Interest (Art. 6.1f GDPR) to market our services. You can opt out of marketing from us at any time by following the instructions in the communication. When participating in events or other information sessions, we may Process the following information about you:

  • Information about food preferences and allergies in connection with registration. We Process the data to be able to pre-order food for you based on your consent (Art. 6.1a GDPR).
  • We may also collect data about you in the form of images or recorded material in cases where photography or recording takes place during the event. We Process the data for the purpose of marketing our services based on a Legitimate Interest (Art. 6.1f GDPR).

 

 5.   If you contact Navigio for other purposes

 

If you contact us for reporting and communicating in connection to reporting of irregularities in the workplace (whistleblowing), we Process information based on legal obligations (6.1.c GDPR). See more information here.

 

If you communicate with us by email, post or other form of communication, we may retain such communication and the information contained therein in order to use it to respond to your request, or to deal with your complaint, query etc. The Legal Basis for such Processing is our Legitimate Interest (6.1.f GDPR).

 

 

6.   Who will we share your Personal Data with?

 

We may share your personal information with trusted third-party organizations with whom we have agreements in place to ensure your Personal Data is handled in accordance with GDPR and our Privacy Policy.

  • For Executive Search assignments we will share your data with the organizations we are working with when you are put presented for an opportunity.
  • Navigio’s entities in several locations
  • IT service providers
  • Social media platforms (LinkedIn, Meta)
  • Authorities (e.g. the Swedish Tax Agency)
  • or others with whom we cooperate if it is necessary within the Purpose of Processing your Personal Data or when needed in order to manage and respond to legal requirements.

We will never transfer your data by selling your Personal Data or otherwise make your information available for commercial purposes without your consent.

 

If required, Navigio will draft a Data Processing Agreement with the receiving party to ensure that your Personal Data is handled in accordance with the GDPR.

 

 

7.   Cookies

 

We use technologies such as Cookies to collect information about you for various purposes, including functional, statistical, and market-related collection.

 

A Cookie is a small text file that a website saves on the device you use to visit the website, such as your computer or mobile phone. Primarily, the information in the Cookie is based on information required for essential website functions and to store information as part of improving our service to you and our stakeholders.

 

Our Cookie banner allows you to choose which collection you consent to. If you want to clear your Cookies at the end of your session, you can do so in your browser settings. You can also choose to refuse all but essential Cookies.

 

For more information on which information is collected, for which service, purpose and expiry time, see our Cookie Policy [link].

 

 

8.   Where is your data processed?

 

Navigio and our suppliers generally store and Process your Personal Data within the EU/EEA. In a few cases, we share your information to legal entities located outside the EU/EEA, including the USA. In these cases, we ensure that such Third Country Transfer takes place in accordance with the GDPR (articles 44-50), either by ensuring that the Processing takes place in a country that the EU Commission has decided has an adequate level of protection or through the EU Commission’s standard contractual clauses together with technical and organizational protection measures within Navigio.

 

If you would like more information about Third Country Transfers or what safeguards we have in place to protect your Personal Data, please contact us using the contact details provided at the top of this policy.

 

 

9.   How do we protect your Personal Data?

 

Navigio works actively to protect all Personal Data that we Process. We work with both organizational and technical security measures to ensure that the Personal Data we Process is handled in a safe and secure manner. We continuously work with privacy issues at Navigio to ensure that our organizational and technical security measures are up-to-date and relevant to protect Personal Data.

 

 

10.   How long do we retain your Personal Data?

 

We retain your Personal Data only as long as necessary to fulfill the purpose of the Processing. When no longer needed, or if the Processing for any other reason becomes unlawful, the data will be deleted. Please refer to the sections above for more detailed information on how long we retain your data in each specific situation. Our Retention Policy for Processing in a recruitment process is based on the GDPR guidelines outlined by the employer organization Almega.

 

 

11.   Your rights

 

In accordance with the GDPR, the person whose Personal Data is Processed (the Data Subject) has several rights. Do you want to exercise any of your rights? See below in section “Exercise your rights”.

 

Right of access to your Personal Data and extracts from registers

You have the right to contact us to know if and how your Personal Data is Processed within Navigio. If your Personal Data is Processed by us, you have the right to receive a copy of the data (with certain exceptions) and a statement with more detailed information on how your Personal Data is Processed by us (in a so-called register extract).

 

Right to withdraw consent or object to Processing

You may at any time object to our Processing of your Personal Data if this Processing is based on our Legitimate Interest or withdraw any consent you have previously given.

 

Right to be informed

You have the right to receive information from us when we Process your Personal Data in connection with the collection or otherwise when you as a Data Subject request information. The information provided to you must include information about the purposes for which the Personal Data will be Processed, the Legal Basis for the Processing, the Retention Period, who will have access to the Personal Data, how it is shared (if applicable), how you can submit complaints, etc. (read below or on imy.se).

 

Right of access to your Personal Data and extracts from registers

You have the right to contact us to find out if and how your Personal Data is Processed within the group. If your Personal Data is Processed by us, you have the right to receive a copy of the data (with certain exceptions). Upon request, you can receive a statement with more detailed information on how your Personal Data is Processed by us (in a so-called “register extract”).

 

Right to have your information deleted (right to be forgotten)

In some cases, you have the right to request the complete erasure of your Personal Data. There are some exceptions where we cannot comply with such a request, for example if we have a legal obligation to keep the data. If you wish to make such a request, we will make a specific assessment of the Personal Data Processing in your case and justify whether we may not be able to delete any information.

 

Right of rectification

You have the right to have inaccurate or incomplete data about you updated.

 

Right to restriction of Processing

You have the right to object at any time to the use of your Personal Data for direct marketing (newsletters and similar). You also have the right to object to the Processing of your Personal Data when the Legal Basis for the Processing is a balance of interests. If you wish to make such an objection, we will make a specific assessment based on your interest in relation to our interest in Processing your Personal Data for the specific purpose.

 

Right to access and move Personal Data (data portability)

Insofar as you have given your consent or the Processing is based on a contractual relationship with us, and provided that it is technically feasible for us, you have the right to receive your Personal Data in a format that allows it to be transferred to another controller (so-called data portability).

 

Update of this Privacy Policy

Navigio is committed to Processing Personal Data in a correct and lawful manner and continuously reviews our data protection work, including this policy. We may therefore update this policy from time to time to ensure that it transparently reflects how we Process your Personal Data.

 

Exercising your rights

Do you want to exercise any of your rights? You are always welcome to contact us for help or more information. Navigio handles all rights requests in a prompt and lawful manner.

 

You can either mail your request to our address:

 

Navigio KB

Nybrokajen 5

111 48 Stockholm

 

Or email us at: privacy@navigio.eu

 

Right to complain

If you feel that Navigio is Processing your Personal Data in an incorrect or unlawful manner, you have the right to report this to the Swedish Authority for Privacy Protection (IMY).

Telephone: 08-657 61 00
Email: imy@imy.se

 

‍If you would like to read more about your rights, see the Swedish Authority for Privacy Protection website. 

 

From December 17, 2023, the Swedish Whistleblower Act applies to all companies with more than 50 employees. If you wish to report a whistleblowing incident, please click here.