Privacy Policy
PRIVACY NOTICE to job applicants and whistleblowing procedures at Nordnet
How Nordnet handles job applicants’ personal data
As a potential employer, we seek to be as transparent as possible to our potential employees. We collect and process personal data in order to find the right fit for our open positions and to manage the recruitment process appropriately and in accordance with applicable rules. We process job applicants’ personal data, where it is reasonable and proportionate, for legitimate interests as described below. It is of great importance to us that we provide thorough information on how we use personal data during the recruitment and that you feel confident that we process your personal data in a legitimate and secure manner.
Data controller and Data subjects
Data controller
Data subjects
Nordnet Bank AB
Company reg. no. 516406-0021
Alströmergatan 39
104 25 Stockholm
Sweden
You who apply for a specific position at or connect to the candidate pool with Nordnet Bank AB
Nordnet Pensionsförsäkring AB
Company reg. no. 516406-0286
Alströmergatan 39
SE-104 25 Stockholm
Sweden
You who apply for a specific position at or connect to the candidate pool with Nordnet Pensionsförsäkring AB
Nordnet Fonder AB
Company reg. no. 556541-9057
Alströmergatan 39
SE-104 25 Stockholm
Sweden
You who apply for a specific position at or connect to the candidate pool Nordnet Fonder AB
Nordnet Livsforsikring AS
Company reg. no. 914 350 956
Akersgata 45
0158 Oslo
Norway
You who apply for a specific position at or connect to the candidate pool with Nordnet Livsforsikring AS
Our data processing
Processing
Purpose
Personal data
Retention
Legal basis
Data collection to recruitment system, recordings of contacts/events during recruitment and assessment of suitability for employment.
To communicate during the recruitment process, to assess appropriate fit for a position and for entering into an employment agreement.
Identification data (first name, surname, date of birth, age, picture)
Contact data (e-mail address, telephone number)
Professional data (information in CV/cover letter, employment and educational details)
2 years after application
Legitimate interests
Storage of personal test results/profiles
To assess appropriate fit for a position (e.g. internal recruitment or promotion).
Identification data (first name, surname, social security number)
Contact data (e-mail address)
Financial data (credit reference, payment remarks, debts with the Enforcement Authority)
Criminal convictions data (criminal records)
Data on personal aspects (previous and ongoing judicial processes)
Personal attributes (personality profile, skills/cognitive test)
Two weeks reg. reports from background controls.
90 days reg. tests results and profiles.
Legal obligation
Legitimate interests
Collection and recording of references.
To verify submitted recruitment documents and assess appropriate fit for a position.
Identification data (first name, surname)
Contact details (e-mail address, telephone number)
Professional data (data in CV/cover letter, employment and educational details)
2 years after application
Legitimate interests
Handling of recruitment related claims
To assess and defend against recruitment related claims, in both extrajudicial and judicial processes.
Identification data (first name, surname, social security number)
Contact data (home address, e-mail address and telephone number)
Professional data (data in CV/cover letter, employment and educational details)
Communications (personal data entailed in the communication)
2 years after application
Legitimate interests
Where we get the personal data from
We collect the personal data from a variety of sources:
- from you, either on specific requests or during the ordinary course of the recruitment;
- from the references that you provide us with;
- from third parties who provide it to us (e.g. information service providers, recruitment agencies); and
- from public registers and online platforms (e.g. LinkedIn)
Whom we share the personal data with
The personal data that we process will be shared with trusted service providers to us. We also share the personal data with administrative authorities and any authorized representative in case of extrajudicial and judicial processes.
Personal data transfer to third countries (i.e. outside of EU/EEA)
We strive to process your personal data within the EU/EEA. We do, however, share the personal data with third country vendors, and will in such cases restrict the personal data to data centers within the EU/EEA if possible and also rely on the following transfer mechanisms, separately or combined:
- European Commission’s adequacy decisions;
- approved Binding Corporate Rules;
- officially adopted Standard Contractual Clauses; or
- other valid transfer mechanisms.
The chosen transfer mechanism(s) is accompanied by supplementary safety measures of technical and organizational nature suitable for mitigating any risk that is not efficiently mitigated by the transfer mechanism(s) at hand.
More about legitimate interest as our legal basis
We always carry out legitimate interest assessments in relation to the processing activities that are rested on this legal basis. Such assessment include a necessity evaluation and a weighing of interests. We have concluded that our interests in processing your personal data for the purposes as specified above takes precedence over your potential privacy interests and the associated impacts, based on the benefits that these processing activities provide for.
Rights as a data subject
- Right to access
You have the right to know if we are processing your personal data and in such case get information about what personal data we are processing about you.
- Right to rectification
If you find any of your personal data subjected to our processing to be incorrect or incomplete, you have the right to request amendment or supplementation of that personal data.
- Right to erasure
You have the right to have your personal data deleted. However, this is not applicable in certain cases, e.g. if the retention of the personal data is mandatory to fulfil legal obligations or if we are relying our processing on legitimate interest and we have compelling justification for the processing.
- Right to limitation of data processing
Under certain conditions, you have the right to limit our processing of your personal data to certain selected purposes or restrict our processing during a limited time period.
- Right to data portability
You have the right to obtain your personal data in a structured way or request it to be sent to a third party. However, this right is limited to the personal data that you have provided us yourself and which we are processing on the basis of your consent or our contractual relationship.
- Right to object
You can object to further processing of your personal data. However, this is not applicable in certain cases, e.g. if we can demonstrate compelling legitimate reasons for the processing that override the individual's interests, rights and freedoms or if the processing is carried out in order to establish, exercise or defend against legal claims. You always have the right to object whenever our data processing is based on you given consent or whenever your personal data is being used for direct marketing purposes.
- Right to lodge a complaint
If you are dissatisfied with our data processing, you may lodge a complaint to the supervisory authority (see contact details below).
How to exercise you rights
You can send your request to: dataprotection@nordnet.se.
For safety reasons, please do not include your social security number or any other special category/integrity sensitive data in your e-mail to us!
Contact details for questions or complaints
Nordnet’s HR department
E-mail: HR@nordnet.se
Nordnet’s data protection officer
E-mail: dataprotection@nordnet.se
Swedish Authority for Privacy Protection
Postal address:
Integritetsskyddsmyndigheten
Box 8114
SE-104 20 Stockholm
E-mail: imy@imy.se
Website: www.imy.se
Norwegian Data Protection Authority
Postal address:
Datatilsynet
P.O. Box 458 Sentrum
NO-0105 Oslo
E-mail: postkasse@datatilsynet.no
Website: www.datatilsynet.no
Version 1.2
(2022-05-05)
Whistleblowing procedures at Nordnet
Nordnet has a whistle blowing process to enable all employees, job applicants, owners and management etc. to draw attention to significant and legitimate concerns regarding matters connected with internal governance and possible misconduct. The whistle blowing process offers a possibility to alert Nordnet about suspicions of misconduct in confidence. It is an important tool for reducing risks and maintaining trust in our operations by enabling us to detect and act on possible misconduct at an early stage.
Whistleblowing can be done openly or anonymously through the whistleblowing tool. Copy and paste the following link into your browser to get to the communication tool: https://report.whistleb.com/nordnet
The whistleblowing tool allowing anonymous messaging is provided by WhistleB, an external service provider. All messages are encrypted. To ensure the anonymity of the person sending a message, the external provider does not save IP addresses or other meta-data. The person sending the message also remains anonymous in the subsequent dialogue with the Nordnet’s appointed whistleblowing contact person. If you submit a whistleblowing report through the tool you will receive unique credentials and you may log in to the tool afterwards to communicate further with the receiver of the report (Head of Compliance and other appointed members of the Compliance team) or to keep track of the progress of the case.