The purpose of the Personal Data Protection Policy is to document how Folk performs its role as data controller of personal data, and that we do so in accordance with the requirements set out in applicable legislation.
Folk AS is the data controller for all the personal data we register and process, which are mainly related to the following categories of data subjects:
Folk AS is the data processor for the personal data we register and process, which are mainly related to the following categories of data subjects:
We register and process the following personal data:
If you apply for a position with us, we may also collect the following personal data:
When you acquire the status of ‘Employee’, we will also collect the following information:
Sensitive personal data
Processing of sensitive personal data; cf. the General Data Protection Regulation, Article 9:
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
Paragraph 1 shall not apply if one of the following applies:
a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
We encourage all applicants and employees to review their CVs, applications and any other documentation that has been uploaded to Recruitment Manager, and to remove sensitive personal data that are unnecessary when applying for positions in Folk.
Separate consent will be sought for sensitive personal data beyond that which you have personally shared with Folk in your profile.
Personal data that are registered and subsequently processed by us are obtained from two sources:
This concerns personal data which you personally choose to register with us. This may happen directly through our online recruitment management systems, by telephone, letter post, e-mail or in face-to-face meetings, and may subsequently be registered by us in our recruitment and HR systems.
When you visit our website, we may collect certain information automatically via cookies (information capsules), web beacons and web server logs. Information collected in this manner can include IP addresses, unique identifiers, web browser properties, device properties, operative systems, language settings, referring URLs, website visitor behaviour, date and time of visits to our website and other user statistics.
Personal data that are provided directly by individuals are used for the following purposes:
If you are an employee or are applying for a position, we will also use the information described above in connection with:
Personal data that are registered indirectly and automatically are used for the following purposes:
Should we collect and/or wish to use personal data in ways other than those mentioned above, we will inform you accordingly and, if required by law, obtain your personal consent to do so.
We share no personal data with third parties beyond that specified below.
We share personal data with third parties if, on our instructions, they are going to perform services related to our agreement with you; for example with customers who have job vacancies or who are interested in considering you for a position, with our suppliers in connection with verifying CVs, and in connection with payroll and accounting systems.
You should be aware that the personal data legislation imposed on customers in other countries with whom we share your personal data, may deviate from that in Norway.
Moreover, we may be legally obliged to disclose your personal data to Norwegian legal authorities or to other Norwegian government bodies. The same applies if we deem it necessary or appropriate to do so to prevent physical damage or financial loss, or in connection with suspected illegal activity.
We reserve the right to transfer your personal data to another legal person if we reorganise, sell, terminate or transfer all or part of our activity. In such cases we are obligated to obtain documentation that the acquiring legal person undertakes to meet the requirements for protecting personal data under Norwegian law.
We maintain administrative, technical and physical security measures that have been developed to protect the personal data you provide against accidental, unlawful or unauthorised deletion, loss, alteration, access, disclosure or use.
We have entered into data processor agreements with our IT system providers. We use access control matrices to ensure that only those with a need to access our systems can do so. We have sound procedures in place for securely processing personal data, and for correcting and deleting information.
Dataoppdrag AS operates and maintains our cloud-based system. To ensure that registered personal data are processed in compliance with our personal data protection policy and the law, Dataoppdrag only grants access rights to employees who need access in order to provide the agreed services. Employees with access rights are also subject to internal procedures for processing personal data, and all Dataoppdrag employees have signed
You have the right to access, update, correct and delete your personal data, in accordance with the Act relating to the Processing of Personal Data.
You may make corrections or delete your entire profile in Recruitment Manager until you acquire the status of «Employee» in our system.
When you acquire the status of «Employee», you may correct and delete anything you have personally registered or uploaded. You may do this without involving or asking Folk. The rest of your employee profile will contain documentation about payroll history, employment contracts, and job descriptions for the assignments you have carried out as an employee of Folk, and will be retained for up to five years after your final pay
disbursement, due to the Accounting Act and the company’s need for historical data.
After this period you entire profile will be deleted.
If your profile in Recruitment Manager, our candidate management system, has been passive for 12 months, you will receive notification of deletion four weeks before deletion is carried out. To avoid deletion, you must log into your profile by the deadline so that it continues to be registered as active. You may also delete your profile yourself.
You can protect your personal data interests at all times by contacting us. For example, you may request:
By contacting us, you can choose from the options we provide to decide:
You can enquire about these issues by sending an e-mail to our GDPR coordinators Ida Marie Lien (firstname.lastname@example.org) or Tone Hundvin (email@example.com). Alternatively, you can e-mail your point of contact here at Folk or call us on telephone (+47) 55 19 80 70.
Our personal data protection policy will be updated as required by law or to accommodate revisions to our personal data protection policy. Notification of any major changes will be clearly published on our website.