Applicant Privacy Notice

Last update: 1 August 2024

This Applicant Privacy Notice describes the information that Dixa ApS and its affiliated legal entities (hereinafter “Dixa,” “us” and “we”) as the data controller may collect for the purposes of the recruitment process, how we use and disclose your personal data, and the measures we take to protect it. By submitting your application, you accept the practices described in this Policy.

Our entities include:

Dixa ApS
Artillerivej 86, st. tv.,
2300 Copenhagen S,
Denmark

Dixa Ltd.
Knotel, Clerks Court
18-20 Farringdon Ln
London EC1R 3AU
United Kingdom

Dixa Inc.
Att: Soeren Dam Hansen
211 East 43rd Street
7th Fl – PMB #AV104
New York, NY, 10017
The United States

Elevio Pty Ltd
Level 6, 43 Hardware Lane
Melbourne, 3000 Victoria
Australia

Dixa GmbH
Friedrichstraße 114
A10117 Berlin
Germany

Miuros SAS
92 Cours Lafayette – CS 53515
69489 Lyon CEDEX 3
France

As part of the recruitment activities, we process (e.g. collect, analyse, store, use, consult, anonymise or delete) different types of personal data based on either our legitimate interest (i.e pre-contractual measures), for the establishment, exercise or defence of legal claims, and/or with your prior consent. Furthermore, your personal data may be processed in order to comply with legal obligations.

General personal data

Dixa may process the following general personal data:

  • Full Name
  • Address
  • E-Mail address
  • Phone number
  • LinkedIn Profile link (optional)
  • Any other information you provide, such as information in CV or cover letters
  • Employment history
  • Right to work documentation (e.g. visa, work permit)
  • Competence assessment results
  • Current base salary and salary expectation, if applicable
  • Personal data provided to us about you by references, if applicable
  • Criminal record, if relevant for position

System Information

Dixa, or its system provider vendors, may collect certain personal data on you and your device when you use the systems in order for them to function and in order to be accountable in relation to security and data protection compliance, this includes:

  • Log Data (IP-Address, browser type, browsing history on the website, date and time stamps etc.)
  • Location data (General geographic area)

For further details, please consult https://www.personio.com/privacy-policy/.

2. Collection of your personal data

We may collect your personal data either directly from you, or third parties, such as professional networks as Xing and LinkedIn, or receive them from assessment providers (e.g. personality test providers), or employment agencies. We also may collect additional information about you through third parties such as former employers, however only with your prior consent.

3. Usage of personal data

We will use the personal data we collect about you to:

  • Assess your suitability for the position
  • Communicate with you about the recruitment process
  • Conduct background or reference checks (if applicable)
  • Check your entitlement to work in the country you have applied for
  • Comply with our legal requirements

4. Storage/Retention

We keep your application and any other information you have provided to us until the recruitment process has been completed. Your personal data will be stored beyond this period for the purpose of allowing us to respond to legal claims to be established, asserted or defended, for the period of 3 years. We will also process your personal data if you wish to be considered for further job openings, provided that you have given your prior consent. After the retention period has passed we will delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.)

Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment. 

5. Sharing & disclosure of personal data

We may share your personal data with our employees involved in the recruitment process on a business need-to-know basis. Furthermore, your personal data may be shared with third parties who assist us in the recruitment process, such as providers of assessment tests. In these circumstances, however, we make sure that your personal data is limited to the extent necessary. All our third-party service providers are required to take appropriate security measures to protect your personal data. Additionally, we restrict our third-party service providers to use your personal data for their own purposes and they are only permitted to process your personal data for specified purposes that are in accordance with our instructions. Lastly, your personal data may be shared if we are required to do so in order to comply with the law or court order.

At this time we use an external Human Resource Information System to manage applications. Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio. 

6. Security

We have implemented technical and organisational measures which ensure that your personal data is kept securely and protected against unauthorised access or unlawful processing. Our carefully selected service providers also safeguard your data according to the state of the art with technical and organisational measures. We will notify you and any applicable supervisory authority of a suspected data breach whenever we are legally required to do so.

7. Third country transfers

In certain cases, Dixa may transfer your personal data to a third country outside the EU/EEA, which does not offer the same level of protection of your personal data, as the laws in the EU/EEA do. In connection with such transfers Dixa will ensure that an appropriate level of protection is ensured. Such appropriate level of protection is currently ensured through EU Standard Contractual Clauses, an EU Commission adequacy decision and/or Binding Corporate Rules.

8. Your rights

You have the following rights in relation to your personal data being processed by Dixa, however under certain circumstances some rights are subject to limitation:

Right of access:
You may request access to the personal data processed by Dixa.

Right of rectification:
You may request that your personal data is corrected in case it is incorrect.

Right of objection:
If you believe Dixa is processing your personal data unlawfully or you do not otherwise believe Dixa is entitled to process some of your personal data, you may send an objection.

Right of erasure:
You may request that Dixa deletes your personal data

Right of data portability:
You may ask Dixa to export some of your personal data

Right to revoke your consent:
You can at any time revoke a consent you have given to process your personal data. This will however only affect future processing and does not affect the lawfulness of previously processed personal data.

9. Who can I get in contact with?

If you have questions regarding this policy or you wish to exercise your rights, you can contact the following departments in writing:

Privacy or DPO

  • privacy@dixa.com
  • dpo@dixa.com

10. Complaint

You can generally complain to Dixa or the Danish Data Protection Authority in relation to the processing of your personal data as governed by this privacy notice.

In relation to local labour specific processing activities, pertaining to the relationship between you as the applicant and the local Dixa entity/subsidiary who is in the application process with you, you may also submit a complaint to that local data protection agency:

Dixa ApS – DK Danish Data Protection Authority https://datatilsynet.dk/kontakt/skriv-til-os

Dixa Ltd. – UK Information Commissioner’s Office https://ico.org.uk/make-a-complaint/