privacy policy

Introduction

Steen Gerhardt Executive Services (SGES) processes your personal data and we therefore give you the information below (Privacy Notice):

Steen Gerhardt Executive Services A/S (SGES) is obliged to protect the confidentiality, integrity and accessibility of our clients’, suppliers’, collaborators’ and employees’ data including their personal data. We are strongly committed to the protection of personal data and we work continuously to ensure compliance with the data protection legislation including the General Data Protection Regulation.

When we process personal data at SGES in connection with the provision of consultancy and advisory services we see ourselves as processors because we process data on behalf of and under instructions from our clients. In these cases, we enter into a data processing agreement with our clients containing instructions and conditions for the processing of personal data.

Our data processing operations

In the following paragraphs you can read more about the categories of data we process for different purposes and the reasons why we use them.

Cooperation with clients and candidates

We basically perform two kinds of tasks for our clients, i.e. strategic recruitments and project work. We collect and process personal data in our cooperation with clients and candidates. We only collect the personal data that are necessary for the agreed purposes and we ask our clients and candidates to only share personal data when necessary for these purposes.

 

We thus collect and process the following categories of personal data:

  • Name, address, telephone number, email address, billing address;
  • The personal data you have given us – e.g. in connection with the forwarding of your CV;
  • Assessments of persons, clients, owners etc.

 

We process ordinary personal data in order to fulfil our agreements with clients and candidates including:

  • Recruitment processes (interviews, assessments, preparation of contracts etc.);
  • If desired, onboarding processes and other post recruitment activities;
  • Follow-up and other contractual obligations.

 

At SGES we also need to process data in order to pursue commercial interests and to administer, control and develop our business and services including:

  • Controlling our cooperation with clients and candidates;
  • Developing our business and services;
  • Administration and financial management;
  • Employee management.

 

The purpose of the collection and processing of personal data concerning clients and candidates should be seen in relation to one or more of the following needs:

  • Provision of our products and services;
  • Answers to any questions or objections you might have;
  • Transfer of your personal data to our client upon your consent;
  • To inform you about changes of our services;
  • To pass on information about products and services which you have previously purchased from us or made inquiries about;
  • To improve security and prevent fraud and misuse;
  • To store personal data for which SGES has a professional need – e.g. according to the Danish Bookkeeping Act and other legal obligations.

 

The basis for processing your data:

  • For the sake of our clients SGES needs to process data in order to fulfil a contract to which you are a party.
  • For the sake of our candidates and on the basis of your consent data are processed for specific purposes such as employment or project participation.
  • SGES needs to process data to pursue its commercial interests, in particular to improve service and security and to prevent fraud and misuse.
  • SGES needs to process data in order to comply with legal obligations under current law.

 

Storage of your personal data takes place according to the following guidelines:

  • Where data processing is necessary for the fulfilment of contractual obligations we store your personal data until such obligations have been fulfilled.
  • Where data processing takes place on the basis of your consent SGES stores your personal data until you withdraw your consent.
  • SGES stores your personal data as long as it is objectively justified and for no longer than two years after completion of the job/cooperation.
  • SGES also stores your personal data when necessary according to legal obligations – e.g. for five years according to the Danish Bookkeeping Act.

Suppliers and collaborators

We collect and process personal data about suppliers and collaborators. We only process ordinary non-sensitive personal data including contact details.

We process data for contractual management and to receive services from our suppliers and collaborators and, where relevant, to offer professional services to our clients.

Visitors at our offices

We collect and process personal data about visitors, including clients, candidates and other visitors. In general, we collect and process data such as the visitor’s name, title and company and the name of the host at SGES.

SGES processes your personal data in order to ensure high quality services and integrity. We only keep the registered data about our visitors for a short period of time. Our register/calendar of visitors is stored in a secure manner and it is only scrutinised if necessary – e.g. in connection with incidents – and only for selected persons.

Visitors at www.steengerhardt.com

We collect the personal data which you provide via our homepage (submission of CV) or for which we have your consent.

When you visit www.steengerhardt.com, we inform you about the collection of your personal data.

SGES may for instance collect data such as your name, email address, occupation and other types of identification information in connection with the use of our services.

Disclosure/transfer of personal data

Transfer of your personal data to collaborators and clients will always happen in accordance with the applicable data protection law.

We reserve the right to use or transmit personal data as far as necessary for the performance of our tasks, to conform to current legislation, to examine complaints and answer requests, and in connection with investigations.

We transfer your personal data to the relevant client. We also transfer you personal data to our processors in accordance with the applicable data protection law. We have thus concluded data processing agreements with our processors to ensure that personal data are only used for the specified purposes and to comply with appropriate security measures.

The personal data we have collected from you may be transferred to countries outside of the EU/EEA. If we transfer your personal data to countries outside of the EEA we will make sure that they are either transferred to countries which have been deemed by the European Commission to have an appropriate level of security or that the transfer is based on the Commission’s standard data protection clauses.

We only transfer personal data on a legal basis and to:

 

Other third parties

We use other third parties – e.g. subsuppliers – in connection with the provision of our services. In such situations these third parties may be provided with the personal data that are necessary for them to deliver the agreed services.

SGES concludes the necessary agreements to ensure appropriate security of the personal data and to meet our data protection obligations.

 

Clients

We sometimes provide personal data to our clients and collaborators – e.g. so that they can assess and carry out recruitment activities.

 

Public authorities or third parties as required by and in accordance with the applicable legislation or regulation

We are sometimes required to provide personal data to public authorities or third parties and we do so if it is required in accordance with the applicable legislation or regulation. This may be to control that we comply with the applicable legislation or regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only meet requests for disclosure of personal data when we are obliged to do so.

Security of processing

Use and handling of personal data must take place in a safe manner and with an appropriate level of security and privacy protection. The security level must reflect the concrete risk that the information may be stolen, lost, damaged or unlawfully processed.

Emergency measures

If a personal data breach occurs in connection with SGES’s collection, processing and storage of personal data SGES must – after having become aware of it – without undue delay notify the client or the candidate as well as the Danish Data Protection Agency. Communication to the affected data subjects and the supervisory authorities must take place within 72 hours and include a description of:

  • the nature of the personal data breach including, where possible, the categories and approximate number of the subjects concerned;
  • the likely consequences of the personal data breach;
  • the measures taken or proposed to be taken by SGES to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Data sources

SGES collects personal data directly from you and/or a third party – e.g. our clients or public portals.

Your rights

As a data subject you have certain rights which SGES is obliged to respect as a controller.

You may at any time contact us via our contact details to get access to your personal data and ask us to have inaccurate information rectified, deleted or changed. You may also ask us to have the processing restricted or object to our processing of your personal data. Please contact SGES if you wish your personal data to be erased, if you wish us to restrict the processing of your personal data or you wish to object to our handling of your personal data. You may also contact SGES if you wish to exercise your right to data portability.

When we process personal data based on your consent you may at any time withdraw your consent. Please contact us if you wish to withdraw your consent to our processing of your personal data.

If you wish to complain about our treatment of your personal data you may contact the Danish Data Protection Agency.

Changes in this data protection policy

We recognise the fact that transparency is an ongoing responsibility and we will therefore review and update this data protection policy on an ongoing basis.

Contact

The controller is Steen Gerhardt Executive Services A/S, Strandvejen 104, DK-8000 Aarhus C. – CVR No.: 31423805. If you wish to exercise your rights as described above or if you have questions about the processing of your personal data or this data protection policy, please contact us at: mail@steengerhardt.com

Complaints

If you wish to complain about our processing of your personal data, please send an email with a detailed description of your complaint to mail@steengerhardt.com. We will then handle your complaint and get back to you.

You may also file a complaint with the Danish Data Protection Agency regarding your rights or SGES’s processing of your personal data. For further information about how to complain to the Danish Data Protection Agency, please visit the agency’s home page at www.datatilsynet.dk.

Rules

The rules governing SGES’s processing of your personal data can be found in:

The Danish Data Protection Act (until 25 May 2018)
The General Data Protection Regulation (after 25 May 2018)
The data protection legislation (after 25 May 2018).