How we process your personal data
Approved by: | Approval date: | Last revised: | Document owner: |
Board | 2021-10-27 | 2021-10-27 | Group CEO |
Transcendent Group AB (the Company) together with its subsidiaries (the Group) is a consultancy company within Governance, Risk and Compliance (GRC) services. The Company’s Board of Directors works to ensure that the Group has good governance and internal control. The Board of Directors shall establish internal rules and policies to ensure that these procedures are followed and regularly monitored and evaluated within the business.
The policy framework in the Group applies to all legal entities and employees, as well as vendors and subcontractors that are engaged to support us in delivering value to our customers.
It is the responsibility of each CEO in the Group to ensure that this policy is implemented and complied with where relevant within his/her respective area of responsibility.
If any employee violates any of the regulations within the Company’s internal governance framework, this should immediately be reported to the CEO for further action.
At Transcendent Group, we respect your privacy and want you to feel safe with how your personal data is being processed. Below you will find information about what personal data Transcendent Group processes, for which purposes, the lawful basis for processing, how long we retain personal data and your rights in accordance with applicable legislation.
The Group was founded in Stockholm in 2001 and has since inception been a value-driven company. We hand-pick our employees, and only recruit experienced consultants within GRC. Today, the Group has grown to become a management consulting business with offices throughout Europe.
The Group consists of Transcendent Group AB as parent company with each local office as a wholly-owned subsidiary. As per Q3 2018, the group Transcendent Group consists of the following companies:
As our parent company Transcendent Group AB is headquartered in Sweden, Swedish legislation sets forth the minimum requirements regarding handling of personal data within the Group. In addition, each Group Company shall comply with applicable local law regarding the processing of personal data in its country or territory.
Data controller
Transcendent Group AB (corporate identity number: 559005-1164, Address: Transcendent Group AB, Lästmakargatan 20, 111 44 Stockholm, Sweden) acts as data controller regarding the processing of your personal data by the Group.
Joint controller
In certain circumstances, Transcendent Group AB may act as a joint controller with another data controller where both parties jointly determine the means and purposes of processing, such as in certain joint activities performed in conjunction with a Group vendor or supplier.
The Group processes personal data of individuals in the following categories:
For each category of data subject, we process different kinds of personal data for different periods of time and for different purposes. This is further specified for each category below.
Why do we process your personal data?
What kind of personal data do we process?
How do we collect your personal data?
With whom do we share the information?
Your personal data is processed by our organization in order to create or maintain a professional relationship with the organization you represent. In the event of an assignment involving more than one Group company, we may share your personal data between Group companies if it is necessary to fulfill our assignment.
We may share your personal data with third party suppliers that we hire to perform services on our behalf (such as technical, administrative, market-related or other services), when such is required for administrating our relationship or if in our prospecting of you or your organization as a potential customer. We will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal data as required by applicable data protection laws. These third party suppliers are prohibited from using your personal data for their own purposes as stipulated our governing agreements.
Why do we process your personal data?
When you enter in to an employment agreement with a Group company, we are required as your employer to process your personal data in order to comply with applicable regulations and to fulfil our employment agreement with you, including paying your salary, ensuring that you follow our internal policies and the like. Examples of applicable law requiring the processing of your personal data include legislation regarding workplace environment, discrimination, workers’ compensation, vacation and tax regulations.
What kind of personal data do we process?
Please note that the list is not exhaustive, and that other personal data may be processed for the purpose(s) set forth above.
How do we collect your personal data?
With whom do we share the information?
If you are employed at a Group company, your personal data may be shared with consultants, customers, suppliers and other parties who may be relevant to communicate with regarding your role. If you are a consultant in the Group, we may also share certain personal data with our customers to grant you access to physical and/or IT-systems, for the customer to perform background or security checks on you and other processing that is necessary for the assignment. The customer will in turn share information to the Group regarding your performance during and after the assignment.
We share your personal data with third party suppliers that we hire to perform services on our behalf when such is required for administrating your employment, including IT service vendors, payroll administrators and insurance carriers. We will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal data as required by applicable data protection laws. These third party suppliers are prohibited from using your personal data for their own purposes as stipulated our governing agreements.
Your personal data may also be shared where required by law, such as with relevant tax authorities or other authorities.
Why do we process your personal data?
If you are interested in a position at a Group company or if you have a professional profile that may be relevant to us, we may process your personal data to communicate with you, administer your application or suggest that you apply for a position, all subject to an applicable lawful basis as detailed below in section 6. During a recruitment process, we will evaluate your competence related to your work history, professional skills and personality. In the final steps of the recruitment process, we may use your personal data to verify your identity or work status in order to offer you a position if relevant. We also process your personal data for other statistical purposes, for example to maintain and develop the quality of our services and to measure requirement process efficiency.
What kind of personal data do we process?
* The Group advises you to not share with us any sensitive information (also referred to as “special category personal data”) at this stage about your ethnic origin, political views, religious or philosophical beliefs, trade union membership, health or sexual orientation, or any personal data about individuals other than yourself.
Please note that the list is not exhaustive, and that other personal data may be processed for the purpose(s) set forth above.
How do we collect your personal data?
With whom do we share the information?
We do not share personal data regarding candidates with anyone outside of the Group except in cases where we utilize a recruiting agency in the recruitment process.
Your personal data may also be shared where required by law, such as with relevant tax authorities or other authorities.
Why do we process your personal data?
The personal data we process regarding our suppliers is restricted to only that which is necessary to maintain our professional relationship. This may include personal data of the supplier’s personnel including support functions, service personnel, finance department or other key individuals.
What kind of personal data do we process?
How do we collect your personal data?
With whom do we share the information?
We may share your personal data with third party suppliers that we have engaged to perform services on our behalf when such is required for administrating our professional relationship with you as a supplier (e.g., invoice management). We will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal data as required by applicable data protection laws. Our suppliers are prohibited from using your personal data for their own purposes as stipulated our governing agreements.
Why do we process your personal data?
As a subcontractor to a Group company, your personal data is processed in order to facilitate the purpose of your engagement, such as supporting a Group customer or project. The personal data we process regarding our subcontractors is restricted to only what is necessary to fulfill the engagement.
What kind of personal data do we process?
Please note that the list is not exhaustive, and that other personal data may be processed for the purpose(s) set forth above.
How do we collect your personal data?
With whom do we share the information?
As a subcontractor, your personal data may be shared with our customers to grant you access to their physical offices and/or IT-systems, for the customer to perform background or security checks on you and other processing that is necessary for the assignment. The customer may share information with the Group regarding your performance during and after the assignment.
We share your personal data with third party suppliers that we hire to perform services on our behalf when such is required for administrating your subcontractor agreement. We will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal data as required by applicable data protection laws. These third party suppliers are prohibited from using your personal data for their own purposes as stipulated our governing agreements.
Your personal data may also be shared as otherwise required by law.
Why do we process your personal data?
This category includes all other individuals whose personal data is processed by the Group that are not included in any of the previous categories, such as professional references in a recruitment process, a contact in a professional network, an industry colleague and sales personnel from other organizations. Below you will find examples of processing that involve this category of individuals.
What kind of personal data do we process?
How do we collect your personal data?
With whom do we share the information?
When governing with whom we share this category of personal data, we distinguish between persons that are in contact with us either in a personal or professional capacity.
For personal contacts, we are more restrictive with our processing of personal data and do not share this type of data with any external stakeholder.
Personal data you share with us when representing an organization is viewed as less sensitive information and subject to lower scrutiny. We are therefore not as restrictive in this processing and share certain personal information within professional networks for the professional development of company and corporate growth.
We use third party suppliers that we hire to perform services on our behalf (such as technical, administrative, market related or other services) when such is required for administrating contacts with other stakeholders. We will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal data as required by applicable data protection laws. These third party suppliers are prohibited from using your personal data for their own purposes as stipulated our governing agreements.
Generally, we retain personal data only as long as it is relevant and necessary for each processing activity, including within our ongoing assignments for customers, in our professional collaboration with a supplier or customer, in a recruitment process or in managing our employees.
However, we are obligated to retain specific personal data for a stipulated period of time in line with applicable legislation within the countries we operate. This legislation can include, for example, accounting laws and regulations against discrimination. The retention times vary across the applicable legislation in each county we operate. Because our parent Company is headquartered in Sweden and is subject to Swedish law, we store personal data for accounting purposes for at least seven (7) years in line with law in that country. In addition, we retain personal data provided in the performance of our services for ten (10) years.
You manage the personal data that is registered in your recruitment profile and you are free to erase all or part of the information as you wish. If you have registered a recruitment profile with us which you have not logged into or updated for at least two (2) years, your account will be erased automatically. Please note, however, that we may retain certain information contained in your profile after deletion of our account in order to comply with specific local legislation. See further information in section 5 below about exercising your rights.
We reserve the right to erase a user account that we believe has been misused in any way.
Other Categories:
You have the right to request information identifying the categories of personal data that apply to you. Please contact us with a written request or via the email address listed below.
You have the right to demand that we correct or erase your personal data by contacting us via a written request. If you have the ability to correct or erase the data yourself, e.g., as an employee or a candidate that has registered a profile in our database, you have the right to do so yourself.
As an employee or subcontractor, you are obliged to notify us if your personal data is incorrect as we otherwise may experience difficulties managing your employment, such as paying your salary or establishing contact with you.
If your personal data is processed in our CRM database as a potential customer, you can either notify us with your deletion request or unsubscribe from our newsletters and other further contact. In order for us to avoid contacting you after you have unsubscribed, we will retain either your name or e-mail address in an opt-out list.
Please observe that there are certain exceptions to your right to completely erase all of your personal data upon request due to specific legislation requirements as discussed in section 4 above. Furthermore, employees do not have the right to have all of their personal data erased during the duration of their employment.
You have the right to object to our processing of your personal data, including objecting to processing based on legitimate interest or processing for direct marketing. Further, you have a right to request restriction of the processing of your personal data under certain circumstances.
5.4 The right to data portability
You have the right to request portability of your personal data portability (e.g., transfer of your personal data to another data controller) if our processing of your personal data is based on consent or contractual obligation and is automated. Please see section 9 below for information on how to contact us.
In order to process your personal data, the Group must identify a relevant lawful basis for the processing. Applicable law in Sweden lists six (6) common lawful bases, four of which are applicable for the Group:
Which lawful bases do we base our processing of personal data upon?
The Group maintains an information security policy which governs how we ensure and protect the confidentiality, integrity and availability of our information assets. Appropriate technical and organizational security measures are taken and maintained to protect the personal data we process against accidental loss, unlawful or unauthorized access, use, disclosure, alteration or destruction.
We collect personal data when you visit our website (transcendentgroup.com), including information about your usage of the site and which pages you visit. For more information on how we use cookies and how to manage your settings, please see the Cookie Settings section of our cookie notice.
We use two types of cookies. One type saves a text file during a specified period with a set expiration date. This cookie aims to, for example, inform you of what has changed on the site since your last visit.
The other type of cookie – a so-called session cookie – is saved temporarily while you are visiting a webpage, such as displaying the page in a certain language you’ve chosen. Session cookies are deleted upon closing your web browser.
We use cookies on our website to, for example, retain which open windows you have saved. We also use cookies to receive web statistics on usage and traffic. These statistics are needed to further develop our website in order to create a better user experience.
In order for you to use our website to its full extent, you are requested to accept certain cookie usage via the cookie notice that appears when you first visit the site. Certain cookies are disabled by default, including sol-called performance and targeting cookies, for which we need your affirmative consent to use. You are free to reject use of cookies on our site, though please understand that certain website features may no longer work as intended.
If you would like to get in touch with us regarding our processing of your personal data, you can send an e-mail to info@transcendentgroup.com or to hr@transcendentgroup.com if you are a candidate, employee or former employee of a Group company.
In your correspondence, you may request any or all of the following in addition to your rights set forth in section 5 above:
Your request should contain a detailed, accurate description of the personal data you want access to. When there are reasonable doubts regarding your identity, you might be asked to provide a copy of a document to help us to verify your identity, such as your ID card or passport.
You may also contact us via mail by send your request to: Transcendent Group AB, Lästmakargatan 20, 111 44 Stockholm Sweden.
You also have the right to lodge any complaints you may have regarding our processing of your personal data to a supervisory authority. The relevant supervisory authority in Sweden is the Swedish Authority for Privacy Protection (IMY) located at www.imy.se.