We operate all over the world, but we are domiciled in Sweden. Our name, corporate ID-number, postal address and e-mail is: Bambuser AB (org. nr 556731 - 3126) Regeringsgatan 55, 111 56 Stockholm, Sweden.
Data Protection Officer
Of course we have a DPO. To get in touch, send an e-mail to: firstname.lastname@example.org
Purposes for processing
The purpose of our processing of your personal data is to determine whether we think our way of working and the open posts we have are suitable for you. If the answer is yes, we will offer you a job.
Legitimate interest: We have a legitimate interest in ensuring that we hire the candidates we believe are best suited for the positions available. We will not process any data on this ground, if that legitimate interest would be overridden by your interests or fundamental rights and freedoms.
Consent: This legal ground is only used if a formal background check is necessary. In such a case, we will inform you of the information we want to secure and verify, and ask for your permission to conduct the check. You are in your full right to refuse. However, should you refuse that we conduct a background check, the recruitment process stops and you will no longer be eligible for the position in question.
Legal obligation: it is possible that in individual cases we have to process certain personal data due to an obligation under law or regulation. Should this apply to your case, we will inform you of this, provided that no other law or regulation prohibits it.
Camera surveillance at our Swedish office
If you visit us in Stockholm, we want you to know that our entrance doors are under camera surveillance.
The reason for this processing is to prevent and investigate crime and unathorized access. The legal ground is our legitimate interest in keeping our office safe from undesired visits. Since the scope of processing is very narrow and you would be an invited and desired guest if you should visit us, the balancing test shows that the processing does not violate your fundamental rights and freedoms and that our legitimate interest carries more weight. Thus, the indicators are in favour of the processing. The video is deleted after 12 months, unless it is part of an ongoing investigation.
We present this as a separate point, because it concerns a completely different subject matter compared to all other processing in our relation.
Categories of data
In order to fulfill the purposes of our processing activities we need to process the following types of personal data: Name, physical address, electronic contact data, phone number, salary claim, social security number (in Sweden, personnummer), professional and educational background, references and leisure activities.
Depending on the risk level of the potential position, we need to conduct a formal background check. This would typically include the processing of criminal records, credit reports, verification reports (e.g. identity, previous employment, education, social security number), and reference checks. There may also be other categories relevant to only a specific post. Not every category of data is processed in each individual case, it depends on the risk level of the position in question. Further, formal background checks are only carried out in the final rounds of the recruitment process and only after the candidate in question has been informed about the check, what it contains and authorizes it. The checks are used to reinforce a hiring decision and not as a way to disqualify someone or reduce the number of applicants for a position.
In your application and communication with us, you may also provide us with personal data that we have not asked for. Since we cannot know in advance if this will be the case or not, or what that data would be, we categorize it as personal data not requested.
Categories of recipients of data
Internally, the data is handled on a need to know basis. This normally includes our talent acquisition lead, the hiring manager, the team lead, a peer, a C-level or People Operations Manager, and our Hiring Committee.
External recipients would be relevant processors and authorities. The need to know approach also applies for external recipients. Concerning authorities, we only provide data that we are legally obliged to provide.
You are always free to get in touch with us and ask what personal data we have about you. You may ask for their rectification or erasure, that the processing should be restricted or ceased and that your data should be transferred to somebody else. We will do what you ask us to do, provided that no other laws or rules prevent us. In any case, we will get back to you and reply to your demand and we will tell you what measures we have taken and on what grounds. We use automatic reply functions, but no automated decisions and no profiling.
Transfers to third countries
We keep the maximum of our personal data processing within the EU/EES, but this is not always possible. If it is necessary in order to handle your application, then we may transfer data to third countries. For the same reasons, it may also be necessary to store data in third countries. The legal ground for such transfers will be either article 49.1(a) or (b) GDPR.
The right to lodge a complaint
We believe that the way we process personal data complies with the GDPR. Should you be of another opinion, we would appreciate it if you tell us what you believe is wrong. You are also free to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten, IMY. If it is more convenient to you, you may lodge your complaint with another supervisory authority.
Ready to reach all-new records?
Whether you’re 100% prepared to scale your e-commerce or need more info, Team Bambuser are ready to tailor to your perfect needs.Request a Demo