Privacy Policy – Recruiting for Sam Media

1 Information about the processing of personal data

Your data security is important to us, and we, therefore, take great care to ensure that your personal data is handled responsibly. Below you can read how Sam Media (hereinafter “Company”, “we”, “us” or “our”) process personal data about you when we act as the data controller. You can also read about your rights in relation to our processing.

This Privacy Policy applies to all applicants of the Company.

2 Company’s role as data controller

When you apply for a position with us, we receive and process a range of personal data about you, which we will use for the purposes described in this document.

The information processed as part of the recruitment process is required for us to contact you and to determine whether you are the right candidate for the vacant position. Information provided to us will only be used to consider your application and in connection with subsequent employment.

During the recruitment process, we will process general personal data about you, but we may also process sensitive personal data, and information about your national identification number.

In this Privacy Policy, you can read more about the information we process about you when you apply for a position with us.

If you have any questions regarding our processing of your personal data, please contact us.

Sam Media BV
Van Diemenstraat 356
1013 CR Amsterdam
The Netherlands
Email: hr@sam-media.com

2.1 When we receive your application

In order to process your application, we will process the information appearing from your application, your CV and any enclosed documents.

This includes the following information: Name, address, date of birth (if provided by the applicant), gender, phone number, email address, educational background, professional qualifications, career history, language qualifications and other relevant qualifications and written recommendations/references.

Our legal basis for processing is the performance of the employment contract with you, cf. Article 6(1)(b) and/or our legitimate interests in Article 6(1)(f) of the General Data Protection Regulation (“GDPR”) as the legal basis for processing, because we have legitimate interests to process this information in order to determine whether you are the right candidate for the position.

2.2 When we consider your application

We specifically consider each applicant’s qualifications in relation to the open position. This is done manually. Once we have read the applications, we will select candidates for job interviews. The candidates that are not selected for an interview will be notified and their applications will be deleted in accordance with section 3 below unless the application is stored in accordance with section 4 below.

If we agree on a job offer, we will register your name, address, date of birth, phone number, email address, national identification number, education(s), professional qualifications, career history, language qualifications and other relevant qualifications and if you have provided it, written recommendations/references.

Our legal basis for processing is the performance of the employment contract with you, cf. Article 6(1)(b) and/or our legal obligations, cf. Article 6(1)(c) and/or our legitimate interests when the processing is necessary to manage the employment relationship in 6(1)(f) of the GDPR. We may also, depending on the circumstances, use Article 6(1)(a) or Article (9)(2)(a).

Diversity at the Company

We can also register information about your citizenship. It is optional, whether you want to provide that information. We process such information in order to comply with our diversity policy to seek diversity at the Company. Our legal basis for processing is our legitimate interest in complying with diversity requirements and preserving a culture of diversity, cf. Article 6 (1)(f) (legitimate interest).

2.3 At job interviews

During the recruitment process, we conduct job interviews focusing on both your professional and your personal qualifications, the contents of the position and our business as a workplace. We will make a note of some of the information disclosed during the interview(s) for the purpose of the final evaluation of the applicants for the position. We will only process relevant information and will only use relevant information when determining whether to offer you a job.

Our legal basis for processing is the performance of the contract, cf. Article 6(1)(b) and our legitimate interests, cf. Article 6(1)(f) of the GDPR. It is necessary for us to process such information as we have legitimate interests to determine whether you are the right candidate for the position.

2.4 Information from social media

When recruiting for positions with us, it may be relevant to obtain additional information from the Internet, including social media, e.g. LinkedIn, Facebook, Instagram, Twitter, etc. We do that in order to determine if your profile suits our business and the specific position.

Our legal basis for processing is our legitimate interests, cf. Article 6(1)(f) and/or Article 9(2)(e) of the GDPR for personal data made public by the data subject when we obtain information about applicants from social media. It is necessary for us to process such information in order to determine whether you are the right candidate for the position.

2.5 Test assessment

When recruiting for certain positions, you may be invited to take a test assessment, language test and/or a logical test. We will always consider whether it is relevant that you take such a test in relation to the relevant position. The purpose of the test is to evaluate your qualifications as a potential employee and to consider whether your profile suits our business and the specific position. The test will never stand alone but will be part of the general basis for selecting the right person for the position.

The legal basis for processing is our legitimate interests in assessing whether you are the right candidate for the position, cf. Article 6(1)(f) of the GDPR. We may also, depending on the circumstances, use your consent, cf. Article 6(1)(a) and Article (9)(2)(a) of the GDPR. If so, you will be asked to give your consent before such a test is made.

2.6 Work and residence permit

For employees with another citizenship than the country you apply for a job in, it is a requirement for the employment that the applicant has a valid work and residence permit. In order to ensure this, we may ask for a copy of your passport in connection with the employment.

If your citizenship requires you to have a valid work and residence permit, or other necessary documents which legalize your stay and work legally in the country, in order to work legally in the country, we will also request a copy of your work and residence permit from you. We will obtain it both when you are employed and when it is to be extended.

Our processing of information in connection with our checking of your work and residence permit is based on Article 6(1)(c) of the GDPR, as we are obliged to ensure that you have a valid work and residence permit.

Our processing of information in connection with our checking of your work and residence permit is based on Article 6(1)(c) of the General Data Protection Regulation.

2.7 Credit information

To the extent where you are to undertake a position of trust, including if you are to undertake a position as a manager with financial responsibility or accounting and bookkeeping tasks, we may obtain information about your credit rating from a credit rating agency. If, during the recruitment process, information is obtained about your credit rating, we will notify you separately.

The legal basis for processing is our legitimate interests in determining whether you are the right candidate for the position, cf. Article 6(1)(f) of the GDPR.

2.8 References

For some positions, it is necessary to obtain references from former employers. We do that in order to check that the information you have provided to us during the employment process is correct and true. If we obtain references from one or several of your former employers, we might register that we have talked with a referee.

The legal basis for processing information and communicating directly with referees is our legitimate interest, cf. Article 6(1)(f) of the General Data Processing Regulation, as we have legitimate interests in determining whether you are the right candidate for the position.

3 Storage and erasure of information processed during the recruitment process

If you are not offered the position you applied for, we will delete any information registered about you within 6 months. The purpose of the storage is to document the recruitment process and the reason for not offering you the position.

If you are employed with us, we will retain the information from the recruitment process as part of your employee portfolio during your employment that is relevant in order to document your employment history. You will receive separate information in this regard in connection with your employment with us.

4 Storage for the purpose of recruitment at a later time (CV database)

In certain situations, we would like to keep your application even though it has been turned down for the purpose of recruitment at a later time. If we want to keep your application, we will ask for your consent.

We will keep your application for 6 months after the end of the recruitment procedure for this position for this purpose if you have given your consent.

The legal basis for processing is your consent, cf. Article 6(1)(a) of the GDPR.

5 Recipients of your personal data

The Company can transfer your personal data to other suppliers and/or service providers in connection with the normal operation of our business as well as to our group companies.

The Company can also transfer your personal information to a public authority in situations where we are specifically obliged to disclose your personal information pursuant to legislation and notification obligations to which we are subject.

In connection with your application for employment with us, other parties may process your personal data. It may for instance be necessary to disclose information about you to the following recipients:

– Personio SE & Co. KG
– Thomas International Ltd

We will not disclose your personal data to other recipients unless required.

We try to limit the disclosure of personally identifiable information and thus the disclosure of information that can be attributed to you personally.

The Company also discloses your personal data to data processors. Our data processors only process your personal data for our purposes and under our instructions. We enter into written data processing agreements with our data processors.

6 Transfer of personal data to countries outside the EU/EEA

In connection with our processing of your personal data, we may transfer such information to countries outside the EU/EEA.

The data protection legislation in these countries may be less strict than the legislation applicable in the Netherlands and other parts of the EU/EEA.

We only transfer personal data to third countries where the EU Commission has determined that the level of data protection is equivalent to the level of protection in the EU/EEA.

If we transfer personal data to countries where this is not the case, the transfer of your personal data to these countries outside the EU/EEA will take place on the basis of the Standard Contractual Clauses drawn up by the European Commission and specifically designed to ensure an adequate level of protection.

You can read more about the transfer of personal data to countries outside the EU/EEA on the European Commission’s website.

If you would like further information about our transfer of personal data to countries outside the EU/EEA, please contact us.

7 Retention period, data integrity and security

Your personal data will not be kept longer than necessary to fulfil the purposes for which it was collected. When your personal data is no longer needed, we will ensure that it is deleted in a secure manner. Furthermore, we refer you to the retention periods mentioned under section 3 and 4.

It is our policy to protect personal data by taking adequate technical and organisational security measures.

We have implemented security measures to ensure data protection for all personal data that we process. We conduct regular internal follow-ups on the adequacy of and compliance with policies and measures.

8 Your Rights

As a data subject, you have certain rights under the GDPR. If you want to exercise your rights, please contact us.

You may – unconditionally and at any time – withdraw your consent. You can do so by sending us an email (see email above). Withdrawal of your consent will not have any negative impact. However, this may mean that we cannot meet specific requests from you in the future. Withdrawal of your consent will not affect the lawfulness of the processing based on consent before it is withdrawn. Furthermore, it will not affect any processing carried out on another lawful basis.

You can also – unconditionally and at any time – object to our processing when such processing is based on our legitimate interests.

Your rights also include the following:

Right of information and access: You have the right to receive information regarding if personal data about you is being processed and in such case, you have the right to access the personal data we process about you.

Right to rectification: You have the right to obtain rectification of any inaccurate and incomplete personal data about you.

Right to erasure (right to be forgotten): In some cases, you have the right to obtain erasure of information about you before the time when we would normally delete your data. This is in case of in the following situations: i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, ii) you have withdrawn your consent on which the processing is based and there is no other legal ground for the processing, iii) you have objected to the processing and there are no overriding legitimate grounds for the processing, iv) you have objected to the processing of your data for direct marketing purposes, v) the data has been processed unlawfully.

Right to restriction of processing: In certain situations, you have the right to obtain restriction of the processing of your personal data. This is the case e.g. where you have contested the accuracy of the personal data and you have demanded a correction. When the matter is being investigated you can also demand restriction of the personal data. If you have the right to restrict the processing of your personal data, we may only process personal data in the future – apart from storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect an individual or important public interests.

Right to object: In certain situations, where we process your personal data on the legal basis of legitimate interest, you have the right to object to our processing of your personal data, and always if the processing is for direct marketing purposes. If we cannot prove that our interest weighs heavier than your interest of having your personal data protected we will cease the processing.

Right to data portability: In certain situations, where you have provided your consent to the processing of personal data or if we process your personal data based on the legal basis fulfilment of the contract, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one data controller to another if possible from a technical point of view.

Right to lodge a complaint: You can lodge a complaint at any time with the competent supervisory authority about our processing of personal data. In Denmark, it is the Danish Authority for Privacy Protection (Datatilsynet). See more at https://www.datatilsynet.dk/ where you can also find further information on your rights as a data subject.

9 Approval – amendments and exceptions

This Privacy Policy is approved by the Chief Executive Officer.

Amendments and changes to this Privacy Policy are only to be carried out if approved by the COO in collaboration with the Chief Executive Officer.

10 Update of our privacy policy

From time to time, it will be necessary to update this Privacy Policy. We will review our Privacy Policy on a regular basis in order to ensure that it is updated, valid and in accordance with current legislation and the principles for processing personal data. We will publish new versions of the policy on our website.

This policy is valid from 14 June 2024.