Date of publication: June 7, 2024
We at Legora manage our employer branding and recruitment process through our career site (the “Career Site”), and by using a related applicant tracking system.
In this privacy policy, we explain how we process your personal data if:
You visit our Career Site (you being a “Visitor”)
You connect with us via our Career Site, to create a profile with us and receive information about current or future vacancies with us (you being a “Connecting Candidate”)
You apply for a position with us, via our Career Site or a third party service (you being an ”Applying Candidate”)
We collect information about you from other parties, sites and services, since we believe your profile is of interest for our current or future vacancies (you being a “Sourced Candidate”)
We receive information about you from our employees or partners, since they believe your profile is of interest for our current or future vacancies (you being a “Referred Candidate”)
We receive information about you from a Candidate, who lists you as their reference (you being a “Reference”).
This privacy policy also describes what rights you have when we process your personal data, and how you can exercise these rights.
When we use the term “Candidate” in this privacy policy, we are referring to each of Connecting Candidates; Applying Candidates; Sourced Candidates; and Referred Candidates, unless it’s stated otherwise.
Personal data is all information that can be directly or indirectly linked to a living, physical person. Examples of personal data are: name, e-mail address, telephone number and IP address. Processing of personal data is any automated use of personal data - such as collecting, creating, analyzing, sharing, and deleting personal data.
There are laws and regulations on how companies may process personal data, so-called data protection laws. Different data protection laws apply to different types of use of personal data, and in different parts of the world. An example of a data protection law that is relevant for our use of your personal data, as described in this privacy policy, is the EU Data Protection Regulation (2016/679, “GDPR”).
Most obligations under the GDPR apply to the so-called data controller. A data controller is the entity that decides for which purposes personal data will be processed, and how the processing will be executed. The data controller can use a so-called data processor. A data processor is an entity that is only allowed to process personal data as instructed by the data controller, and may not use the personal data for its own purposes.
We are the data controller when we process your personal data as described in this Privacy policy.
Protect and enforce our rights, interests and the interests of others, for example in connection with legal claims.
Affected individuals: The individual(s) affected by the legal issue - this may include persons from all categories of individuals listed above.
Categories of personal data used: All the categories of personal data listed above can be used for this purpose.
Share your personal data with other recipients, for the purposes mentioned in Section 5 below.
Affected individuals: Varies depending on the purpose of the sharing, see Section 5 below.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Collect information about your use of the Career Site, using cookies and other tracking technologies, as described in our cookie policy.
Affected individuals: Visitors.
Categories of personal data used: Device information.
Maintain, develop, test, and otherwise ensure the security of the Career Site.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical data.
Analyse how the Career Site and its content is being used and is performing, to get statistics and to improve operational performance.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical data.
Provide you with updates about vacancies with us.
Affected individuals: Connecting Candidates.
Categories of personal data used: Contact details; Communications data.
Review profiles and applications sent to us. This also includes communicating with you about your application and profile.
Affected individuals: Connecting Candidates; Applying Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Collect and evaluate your professional profile on our own initiative. This also includes communicating with you regarding your profile.
Affected individuals: Sourced Candidates; Referred Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Contact you directly about specific, future vacancies with us.
Affected individuals: Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Record the interview(s) with you.
Affected individuals: Candidates.
Categories of personal data used: Communications data.
Contact you to ask for your participation in surveys
Affected individuals: Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Contact you to ask you to provide information about a Candidate, and evaluate the information you provide.
Affected individuals: References.
Categories of personal data used: Contact details; Communications data.
Our service providers. We share your personal data with our suppliers who provide services and functionality in our employer branding- and recruitment process. For example, this includes recruitment service providers and the supplier of our Career Site and related applicant tracking system.
Our group companies. We share your personal data with our group companies, when they provide us services and functionality to our employer branding- and recruitment process, such as access to particular systems and software.
Companies providing cookies on the Career Site. If you consent to it, cookies are set by other companies than us, who will use the data collected by these cookies in accordance with their own privacy policy. You can find information about which cookies this applies to in our cookie policy.
To authorities and other public actors - when we are ordered to do so. We will share your personal data with authorities and other public actors when we have a legal obligation to do so.
To parties involved in legal proceedings. If needed to protect or defend our rights, we share your personal data with public authorities or with other parties involved in a potential or existing legal proceeding. This can for example be in case of discrimination claims.
Mergers and acquisitions etc. In connection with a potential merger, sale of company assets, financing, or acquisition of all or part of our business to another company, we may share your personal data to other parties involved in the process.
To be able to process your personal data, we need to have a so-called legal basis. A legal basis is a reason for processing the personal data that is justified under the GDPR.
When we process your personal data for the purposes described in this Privacy Policy, the legal basis we rely on is normally that the processing is necessary for our legitimate interest in being able to recruit talent with the relevant competence for us. We have concluded that we have a legitimate interest in being able to perform the personal data processing for this purpose; that the processing is necessary to achieve that purpose; and that our interest outweighs your right not to have your data processed for this purpose.
You can contact us for more information about how this assessment was made. See Section 9 and 10 below for our contact information.
There may be specific circumstances when the processing is only performed if and when you provide your consent to the processing. This is for example the case if we propose to record an interview with you. Please see Section 9 below for more information about your right to withdraw your consent.
We always strive to process your personal data within the EU/EEA area.
However, some of our service providers process your personal data outside of the EU/EEA. We also use suppliers whose parent company, or whose subcontractor’s parent company, is based outside the EU/EEA. In these cases, we have taken into account the risk that the personal data may be disclosed to countries outside the EU/EEA, for example because of an authority request.
In cases where another recipient of your personal data (as described in Section 5 above) is based outside the EU/EEA, this will also mean that your personal data is transferred outside the EU/EEA.
When we, or one of our suppliers, transfer your personal data outside the EU/EEA, we will ensure that a safeguard recognized by the GDPR is used to enable the transfer. We use the following safeguards:
A decision by the EU Commission that the country outside of the EU/EEA to which your personal data is transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR. In particular, we rely on the EU Commission’s adequacy decision for the US via the so-called EU-US Data Privacy Framework, and the adequacy decision for the UK.
Entering into the EU Commission’s standard clauses with the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the GDPR still applies, and that your rights are still protected.
When your personal data is transferred outside the EU/EEA, we also implement appropriate technical and organizational safeguards, to protect the personal data in case of a disclosure. Exactly which protective measures we implement depends on what is technically feasible, and sufficiently effective, for the particular transfer.
If you want more information about the cases in which your personal data is transferred outside the EU/EEA you can contact us using the contact details in Section 9 and 10 below.
In this section, you will find information about the rights you have when we process your personal data. As described below, some of the rights only come into play when we process your personal data under a particular legal basis.
If you want to exercise any of the rights listed here, we suggest that you:
Visit the Data & Privacy page, where we offer features to let you exercise your rights;
Log in to your account with us, where you can use the settings in the account to exercise your rights; or
Contact us directly at vilgot@leya.law.
If you want to get in touch with us to exercise your rights, or if you have any questions, comments or concerns about how we handle your personal data, you can reach us by sending an email to vilgot@leya.law.
We update this privacy policy when necessary - for example, because we start processing your personal data in a new way, because we want to make the information even clearer to you, or if it’s necessary to do so in order to comply with applicable data protection laws.
We encourage you to regularly check this page for any changes. You can always check the top of this page to see when this privacy policy was last updated.
