Pagisa is committed to protecting and respecting your privacy.
We want you to feel safe when we process your personal data. Our Privacy Notice explains how we ensure that your personal data is handled in compliance with applicable legislation and it applies to our processing of personal data, in the capacity of data controller relating to our customers and users of our services, visitors to our websites, and to other business contacts. If you are a user of our services, you either use our services as:
i) a consumer user (”Consumer User”), for example, if you have signed up for our services yourself, visiting our website, or if you apply for a job; or
ii) a user invited to use a service by a company or other entity which is a customer of ours (“User of Company Subscriber”), for example, if you are invited to use the services by your employer.
Please note that some of our processing of personal data differs depending on if you are a Consumer User or a User of Company Subscriber, which is why we ensure to always state in our Privacy Notice if the processing only applies for a particular group of users. If you are a User of a Company Subscriber, we process your personal data in the capacity of data processor, when providing our services to our company subscriber (i.e., the entity that invited you to use the service, for example, your employer). In relation to such processing, the company subscriber is data controller and hence responsible for providing information to you about its processing of personal data.
We only use your personal data for the purposes specified in this Privacy Notice and not in any manner that is incompatible with those purposes.
1. General
Pagisa AB, reg. no. 559467-9200, (“Pagisa,” ”us,” “we,” or ”our”) is committed to protecting and respecting your privacy. We want you to feel that we respect your privacy when we process your personal data. This Privacy Notice (“Privacy Notice”) explains how we ensure that your personal data is handled in compliance with applicable legislation and applies to all of our processing of personal data relating to our customers and users of our services, visitors to our websites, and to other business contacts. We use your personal data to be able to operate our business and meet our obligations and responsibilities in relation to applicable legislation and good industry practice.
2. Data controller
Pagisa AB is the data controller for the processing of your personal data and is responsible for ensuring that the processing is carried out in accordance with applicable legislation. If you have any questions regarding the processing of your personal data, you will find our contact details at the end of this Privacy Notice.
3. Processing of Personal Data
3.1. Website Users
3.1.1. Description of the purpose
Enabling a functioning visit of our website(s). Please note that there may be dedicated portals for candidates respectively clients on some of our websites. If this is the case, sections 3.2. respectively 3.3. also apply to the data entered there.
3.1.2. Potential Data Subjects
Any user of our website(s).
3.1.3. Potentially concerned Personal Data
- IP address
- Host name of the accessing computer
- Website from which the website was accessed
- Date and time of access
- Websites accessed via the website
- Visited page on our website
- Message whether the retrieval was successful
- Amount of data transmitted
- Information about the browser type and version used
- Operating system
3.1.4. Origin and recipient
We may receive the data from:
- Data Subject
The data may be forwarded to:
- IT service providers
3.1.5. Legal basis
The temporary storage of the above mentioned data is necessary for the technical functionality of a website visit. Further storage in log files is carried out to ensure the functionality of the website and the security of the information technology systems. These purposes constitute our legitimate interests in data processing (Art. 6 (1) f) GDPR).
3.1.6. Retention period
Subject to section 3.1.9 below, the data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For website visits, this is when the relevant session is ended. The log files are kept up to 24 hours directly and exclusively accessible to administrators. After that, they are only available indirectly through the reconstruction of backup media and are permanently deleted after the end of that routine.
3.1.7. Cookies
This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us and how we process personal data in our Privacy Notice
3.1.8. Plug-ins for social media
The Website does not automatically send your personal data to social media service providers like Facebook, Instagram, YouTube, Twitter, Xing, LinkedIn and the like. This may only happen if you have agreed in your cookie settings to it (see section 3.1.7).
3.1.9. Website forms
Any data you send to us via a form on our websites will be received by our marketing team who will then forward it to the responsible person. Depending on the subject matter of the content, the respective sections of this Privacy Notice apply. The forms are technically operated by external service providers.
3.1.10. External data processors
We may use external data processors to purposes like:
- Virus and spam scanning of internet traffic and email traffic
- Online email
- Sending of newsletters (if subscribed)
- Analysis of visitors and targeted commercials (if cookie popup accepted)
- Hosting of servers with data (databases and webservers)
- Sending push messages to apps (for those using our app, all notifications will go through Google Firebase, plus for iOS devices they will also go through Apple)
- Processing of payments (as applicable)
- Control and revision of accounting
As data controller we will ensure that any data processors protect your information as well as ourselves, and that they are bound by the same limitations as we are regarding the use of your data.
3.2. Candidates
For the sake of clarification, candidates are experts that are stored in our data base for potential vacancies. In contrast, consultants are experts who are placed with a client.
3.2.1. Description of the purpose
Adding professional experts to our database and maintaining the data in order to match consulting resources with the needs of our clients.
3.2.2. Potential Data Subject
Candidates (professional experts seeking temporary consulting projects)
3.2.3. Potentially concerned categories of data
- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- Photograph
- date of birth
- Nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- information on services offered
- email correspondence and short minutes of conversations
3.2.4. Origin and recipient
We may receive the data from:
- Data Subject
- business social networks
- website visits
The data may be forwarded to:
- Clients
- governmental agencies
3.2.5 Legal basis
The storage of your data with us is made to fulfill our obligations under agreement with you. Before you enter your data, you will be informed and expressly accept that this involves a mandate for us to find client requests that match your profile. Therefore, the legal basis for the processing is the performance of a contract [Art. 6 (1) b) GDPR]. If you have never contractually mandated us as mentioned above (this is especially the case for candidates sourced from our entities in France, Germany and UK before 12th September 2022), the legal basis for the processing is our legitimate interest in accordance with Art. 6 (1) f) GDPR: We assume that as a personnel service provider we have a legitimate and recognisable interest in successfully placing a seeker of a consulting role or other market participants.
3.2.6. Retention period
Records of candidates are retained in the database for up to five years from the last business contact with that person.
3.2.7 Newsletters and automated communications
We may use third party system, Mailchimp, to send nudge/service mails. This entails that your personal data is transferred to the USA under prevailing law.
In addition there may be a service that you can optionally subscribe to our newsletters, also administered by Mailchimp, with invitations to events held by Pagisa AB (such as Christmas party and seminars), special activities (such as satisfaction surveys or games for consultants with active contracts) and general consultant news. The legal basis is the consent you have provided to us in accordance with Art. 6 (1) a) GDPR. You can subscribe to these on the website and unsubscribe via links in the emails sent under this category. The personal data pertaining to newsletter subscriptions will be deleted 2 years after the last newsletter was sent, or earlier if you have unsubscribed from the newsletter.
It may also be offered to optionally subscribe to our job agent on the job site. This will provide you with relevant jobs that relate to you your job agent setting straight in you inbox. It can be unsubscribed via the link in the sent email. The legal basis for this processing is article 6(1)(b) of the GDPR as the processing is necessary for us to fulfill our agreement with you regarding sign-up to the job agent.
Note: We sometimes send our newsletters to a subset of our consultants, so being subscribed is no guarantee that you receive all mailings.
3.3. Consultants
For the sake of clarification, consultants are experts who are placed with a client. In contrast, candidates are all experts that are stored in our data base for potential vacancies. Therefore, section 3.2 on candidates also applies to each consultant.
3.3.1. Description of the purpose
Deploying professional experts on temporary consulting roles with our clients.
3.3.2. Potential Data Subjects
Consultants (experts who have contracted with us for a consulting role)
3.3.3. Potentially concerned categories of data
- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- Photograph
- date of birth
- Nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- information on services offered
- email correspondence and short minutes of conversations
- identification documents
- background check results
- VAT identification number
- Social/tax attestations
- bank details
- contracts, invoices and related documentation
3.3.4. Origin and recipient
We may receive the data from:
- Data Subject
- business social networks
- pre-employment screening intermediaries
The data may be forwarded to:
- Clients
- governmental agencies
- professional advisors
3.3.5. Legal basis
The data must be processed for the preparation, follow-up and execution of contracts for potential future business. The legal basis for this processing is Art. 6 (1) b) GDPR.
3.3.6. Retention period
Personal Data of Consultants are retained per tax, legal and regulatory requirements which may be for up to six (6) years from the end of the year in which the contractual relationship terminated.
3.4. Applicants
For clarification, applicants for temporary work, as a subset of general applicants, are also candidates for future placements with clients. Therefore, section 3.2 on candidates applies to each temporary work applicant, too.
3.4.1. Description of the purpose
Personal Data is collected, processed and used for the purpose of assessing the suitability for and establishing employment relationships. As soon as an employment contract is closed, further information on the data processing will be given together with the contract documents.
3.4.2. Potential Data Subjects
- applicants for general employment
- temporary work applicants
- applicants for deployment as trainees/interns/students/volunteers
3.4.3. Potentially concerned categories of data
- surname, first name (if applicable: birth name)
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- Photograph
- date of birth
- Nationality
- presence on anti-terror and/ or sanction lists
- immigration status / work permit
- education and credentials
- professional career (CV)
- professional references
- identification documents
- background check results
- driving licence
- social security number
- marital status
- partners and dependents
- bank details
- tax identifiers/codes
- health status
- performance reviews
- payroll and social data
- benefits data
3.4.4. Origin and recipient
We may receive data from:
- Data Subject
- employment agencies
- pre-employment screening intermediaries
- governmental agencies
- benefits providers
The data may be forwarded to:
- governmental agencies
- benefits providers
- professional advisors
- Clients
- suppliers
3.4.5. Legal basis
Insofar as the personal data are required for the preparation of the employment contract, the basis for their processing is Art. 6 (1) b) GDPR. With regard to special categories of data (e.g. health status), processing may be necessary and therefore permissible under Art. 9 (2) b) GDPR with regard to the rights and obligations of the controller under labor and social law. Otherwise, pursuant to Art. 9 (2) a) GDPR, express consent must be obtained.
3.4.6. Retention period
Employed applicants will receive further information on the processing and retention of their personal data with their contractual documents. Data of rejected applicants will be retained for up to six (6) months after the rejection.
3.5. Supplier contacts
3.5.1. Description of the purpose
Purchasing/receiving goods and/or services (other than consulting services we offer to our clients) that are required to maintain or improve our company and its operations.
3.5.2. Potential Data Subjects
- Suppliers (if they are a natural person)
- Supplier employees
3.5.3. Potentially concerned categories of data
- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
3.5.4. Origin and recipient
We receive the data from the Data Subject or its public advertisements and we may recommend it to third parties if we are satisfied with the Data Subject’s performance.
3.5.5. Legal basis
Insofar as personal data must be processed for the preparation, follow-up and execution of contracts, the basis for their processing is Art. 6 (1) b) GDPR. If we store the data to have it available for future demand, we do this on the basis of legal interest (Art. 6 (1) f) GDPR) because that data was already publicly available.
3.5.6. Retention period
The retention period depends on the relevance of the supplier for Pagisa AB´s business. As long as a contractual relationship is ongoing or conceivable, the data will be retained. With respect to contractual data, the retention period depends on the contractual period and tax, legal and regulatory requirements thereafter or generally for up to six (6) years from the end of the year in which the contractual relationship terminated.
3.6. Client contacts
3.6.1. Description of the purpose
The provision of advice or professional services as a consultant or intermediary.
3.6.2. Potential Data Subjects
- client employees
3.6.3. Potentially concerned categories of data
- surname, first name
- e-mail addresses
- telephone numbers
- postal addresses
- social media IDs
- photograph
3.6.4. Origin and recipient
We may receive the data from:
- Data Subject
- business social networks
- website visits
The data may be forwarded to:
- Candidates
- Consultants
- professional advisors
3.6.5. Legal basis
Insofar as personal data must be processed for the preparation, follow-up and execution of contracts, the basis for their processing is Art. 6 (1) b) GDPR. Insofar as client’s data is collected and stored in our data base for potential future business, the basis for this is our legitimate interest in accordance with Art. 6 (1) f) GDPR: We assume that as a personnel service provider we have a legitimate and recognisable interest in successfully placing job seekers or other market participants.
3.6.6. Retention period
Your data will be retained for as long as we have a contractual relation for the purposes originally envisaged in that relation. In addition, and however, the retention period will be contingent upon tax, legal and other regulatory requirements which in some instances demand storage for up to six (6) years from the end of the year in which the contractual relationship ceased.
4. Transfer of data
4.1. Sharing of data
Pagisa AB is an international organization with cross-border business processes, management structures and technical systems.
We also involve a limited number of sub-processors in order to provide effective services. Each processor is bound by a specific data processing agreement. Our methods and procedures are designed to provide a consistent level of protection of personal data.
5. Data Subject Rights
The applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis us with regards to the processing of your personal data, about which we inform you below:
5.1. Right of access (Art. 15 GDPR)
In particular, you have a right of access to your personal data processed by us and further information as listed in Art. 15 GDPR.
5.2. Right to rectification (Art. 16 GDPR)
You have the right to have incorrect data concerning you corrected and/or incomplete data held by us completed without delay.
5.3. Right to erasure (Art. 17 GDPR)
You have the right to request the deletion of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
5.4. Right to restriction of processing (Art. 18 GDPR)
You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data which you dispute is verified in the following circumstances:
You oppose deletion of your personal data and requests restriction instead in case of unlawful processing; You require your personal data to be kept in order to establish, exercise or defend a legal claim after we no longer need these data since the purpose has been achieved; You have lodged an objection for reasons relating to your particular situation, and we are considering whether our legitimate grounds override yours. You contest the accuracy of your personal data and we are verifying it.
5.5. Right to notification (Art. 19 GDPR)
If you have asserted the right to correction, deletion, or restriction of processing vis-à-vis us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed as part of this correction, deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
5.6. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided us with in a structured, common, and machine-readable format or to request transmission of those data to another controller, insofar as this is technically feasible.
5.7. Right to withdraw consents (Art. 7 (3) GDPR)
You have the right to withdraw at any time any consent you have given to the processing of data. In the event of revocation, we will immediately delete the concerned data. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
5.8. Right to lodge a complaint (Art. 77 GDPR)
If you believe that the processing of personal data relating to you is in breach of the DPA, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.
5.9. Right to object (Art. 21 GDPR)
If we process your personal data on the basis of our legitimate interest, you have the right to object on grounds relating to your particular situation to this processing at any time.
If you exercise your right to object, we will no longer process your personal data. However, we reserve the right to keep processing of your personal data if we can prove that there are compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If your personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. You can exercise the right to object as described above.
If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.