Privacy policy

How XP MGMT (XP Mgmt Consulting Group AB) handles your personal data

We at XP MGMT respect your personal privacy and want you to feel secure about how your personal data is processed by us. Below you will find information about what information about you that XP MGMT processes, for what purposes, the legal basis for the processing, how long the data is saved and your rights.

All consultants who are a paying part of the XP MGMT Community undertake not to share sensitive personal or business information received from other consultants in the network without permission. 

Data Controller and Data Protection Officer
Xp Mgmt Consulting group AB (559399-1788, Karins Väg 80, 444 61 Stora Höga) is the data controller for the processing of your personal data.

The Data Protection Officer for XP MGMT is Per-Olof Wikman. If you have any questions regarding the processing of your personal data, please email info@xpmgmtconsulting.com.

Whose data do we process?
XP MGMT processes personal data for various stakeholders. The following stakeholders are affected by us:

Candidates/members (chapter 1) – People we are in contact with regarding jobs with us or with our customers. This group includes those who have actively applied for a job, those who have registered in our member database without having applied for a job, those who have visited our website and viewed jobs and those who are potential candidates that we have found through outreach activities (search).

Employees (chapter 2) – People who are employed or have been employed in our consulting business and in our offices.

Suppliers/subcontractors (chapter 3) – Contact persons at companies from which we purchase services and products and subconsultants who carry out assignments through XP MGMT.

Customers (chapter 4) – Contact persons at companies that purchase our services and products.

Potential customers (chapter 4) – Contact persons at companies that we process for marketing purposes.

Other stakeholders (chapter 5) – People who do not belong to any of the categories above but who we have contact with for various reasons. These can be references for a candidate, emergency contacts for an employee (close relatives) or people we have contact with in various forums such as salespeople from other companies where we are not a customer, people in professional networks, media contacts, etc.

How do we use and protect personal data?
Depending on which stakeholder group it concerns, we process different types of personal data for different lengths of time and for different reasons. See how we do this under each chapter.

1. Members/Potential members

1. What do we use your personal data for?

Handle your application for a job, which means that we may evaluate your skills – both professional, talent-related and personality-related.
Offer you assignments related to your wishes and/or your skills and to provide you with personal offers, information or invitations that we consider interesting to you via email, digital and/or social media. Your name and email may become visible to others in connection with our activities.
Ongoing communication about the assignments you have applied for via XP MGMT.
Other statistical purposes, e.g. to maintain and develop the quality of our services.

2. What personal data may we collect?

Name
Email address
Mobile phone number
Skills and previous experience obtained through your CV, your LinkedIn or Facebook profile (if you have registered your application via any of these channels), through interview and based on the knowledge and experience you register in your account.
Test results, if you have performed tests as part of our unbiased recruitment process.
Photograph, if you have included one in your CV.
Social security number, if you are a final candidate in a process, we need to be able to verify your identity.
In some cases, we may, in connection with a recruitment process, obtain a so-called background check regarding you. This includes information about income, cases with the Swedish Tax Agency and the Swedish Enforcement Authority, marital status, driving license, cases with courts and any convictions. Before we obtain the aforementioned information, you will be asked to give your explicit written consent. Please note that the above information is not saved with us.
Other personal data that you choose to share with us in your CV and any other uploaded documents*
* We advise you not to share with us sensitive personal data regarding ethnic origin; political opinions; religious or philosophical beliefs; union membership, information about health and information about gender. We therefore reserve the right to delete all of the information above, as well as personal data concerning others than yourself, without your consent.

3. How have we collected your personal data?

We have received the information from you when applying for an assignment and when registering with XP MGMT.
We have collected the information from others – e.g. references, customers and job sites such as LinkedIn and Monster.
We have collected the information automatically when you visit our website by saving jobs or chatting with us
We have collected the information via LinkedIn, Facebook, Messenger or Instagram by commenting on something or asking us questions via these media.
We have collected the information when you have emailed, called us about something or provided contact information in e.g. a survey that we conducted where you requested contact.

 

4. Who do we share information with?

We work with clients who hire their own consultants, which means that we share your information with our clients when filling consulting assignments or jobs. You will always be informed before we share information about you as a person.

We share your personal data with third-party suppliers that we hire to perform services on our behalf (such as technical, administrative, marketing or other services) when necessary for the purposes mentioned above. These third-party suppliers may not use your personal data for their own purposes, which we have regulated in agreements with these suppliers.

Your personal data may also be disclosed when required by law, such as the Discrimination Act or to the data protection authority.

5. What rights do you have?

Deletion of personal data

If you have registered your profile with XP MGMT, either when you applied for an assignment through us or if you registered to be searchable by our recruiters, you can end your participation in XP MGMT at any time by deleting your profile with us. You do this by contacting us and requesting that we delete your profile and personal data that we have collected about you. When your profile is deleted, it disappears completely, along with all information about you in our systems.

Please note that there is an exception to complete deletion; if you have applied for a job/assignment through us, we need to save your application documents for 24 months after the recruitment process has been completed, with reference to the Discrimination Act. If you delete your profile within 24 months, after the recruitment process has been completed, your documents will be saved anonymized and hidden and can only be retrieved by the Data Protection Officer at XP MGMT. After 24 months, your data will be automatically deleted if you choose to no longer be a member of XP MGMT.

Right to object

You have the right to object to our use of your personal data, for example, you can choose not to receive match mail or newsletters from us on your profile under My Pages.

Correction of personal data

You have the right to request that we correct or delete data that is incorrect or incomplete. You can quickly do this yourself by logging into My Pages and correcting and deleting your own information.

Access to your personal data – register extract

You have the right to access the categories of personal data we process that apply to you, via a register extract. Register extracts are free of charge once a year, if you wish to have a Register extract more than once during the same year, we will charge an administrative fee of SEK 395 per occasion.

6. How long do we keep the information?

You own the information registered on your profile and can choose whether you want us to delete parts of the information or your entire account.

If you as a member have not been in contact with us for a period of three (3) years, your account will be automatically deleted. We will remind you shortly before these three (3) years have passed so that you have the chance to update your account if you wish to remain with XP MGMT.

If you contact us and wish your information to be deleted, we will do so unless we are legally obliged to retain the information. See exceptions described in point 5 above.

We reserve the right to delete user accounts if we see that the account is being misused in any way. This may be because the account was created for purposes other than seeking employment and being part of our professional network, or if the registrant has in any way threatened our staff or otherwise behaved inappropriately.

 

2. Employees

1. What do we use your personal data for?

When you become an employee at XP MGMT, you enter into an agreement with us as an employer. In this relationship, we as an employer are required to process a larger amount of personal data as we must comply with a larger number of laws that employers in Sweden are required to follow. Examples of these can be work environment legislation, discrimination legislation, sick pay law, the holiday law, tax legislation, etc.

2. What personal data may we collect?

Name
Address
Telephone number
Personal identity number
Email address
Bank account number
Salary, pension and benefits
Gender
Employment history and time reporting
Medical history
Photographs
Family relationship – Next of kin as emergency contact. Number of children and their year of birth if you have small children for whom you are entitled to compensation from the Swedish Social Insurance Agency
Allergies and hypersensitivity to food.
Information linked to your performance such as performance reviews and courses completed.
Please note that the list above is not exhaustive and other data may be processed.

3. How have we collected your personal data?

You have provided this yourself in the recruitment process and in connection with the commencement of your employment.
The data has been generated in connection with your employment.
The data has come from other sources such as authorities, third-party suppliers who perform services for us (salaries) and from references and customers.

4. With whom do we share the information?

If you are employed as a consultant, we share certain personal data with our customers so that they can assign you permissions in the customer’s IT system, gain access to the customer’s premises, so that the customer can carry out any security checks on you and other things that follow from the assignment. The customer in turn shares information with us regarding your performance on the assignment you are working on.

If you are employed at one of our local offices, your contact information may be shared with consultants, customers, candidates, suppliers and other stakeholders who have contact points with the service you have at XP MGMT.

We share your personal information with third-party suppliers that we engage to perform services on our behalf (such as technical, administrative, marketing-related or other services) when necessary for the purpose of managing your employment. These third-party suppliers may not use your personal information for their own purposes, which we have regulated in agreements with these suppliers.

Your personal information may also be disclosed when required by law.

5. What rights do you have?

Correction and deletion of personal information
You have the right to request that we correct or delete information that is incorrect or incomplete. It can even be seen as an obligation for you to notify us if your information is incorrect, as otherwise we may have difficulties paying wages, contacting you regarding your employment and the like.

However, you do not have the right to have your personal data deleted during the course of your employment and also not within seven (7) years after your employment has ended. This is with reference to Swedish legislation (Accounting Act, preferential rights according to LAS, etc.). When you end your employment with us, the personal data that is no longer needed will be deleted, the rest will be saved and deleted automatically after seven (7) years have passed.

Access to your personal data – register extract

You have the right to access the categories of personal data we process that apply to you – via a register extract. Register extracts are free of charge once a year, if you wish to have a Register extract more than once during the same year, we will charge an administrative fee of SEK 395 per occasion.

6. How long do we keep the information?

As long as you are employed by us, we will handle your personal data. When your employment ends, a large part of your personal data will be deleted automatically. However, we will need to save certain information longer as required by Swedish legislation. Your information will be saved for a maximum of seven (7) years after termination of employment.

 

3. Suppliers/Subcontractors

1. What do we use your personal data for?

The personal data we process regarding our suppliers are those that we need to have in order to be able to maintain our professional relationship. This may include personal data regarding account managers, support functions, service personnel, the finance department or other key personnel.

2. What personal data may we collect?

Name
Title
Work telephone number
Work email address
Other information related to you as a subconsultant performing an assignment via XP MGMT (price, address, etc.)

3. How have we collected this personal data?

We have received the information from you.
We have received the information from your employer or colleague.
We have found the information on your company’s website.
We have signed an agreement with you or your company.
Notes about our collaboration and/or dialogues

4. Who do we share the information with?

Your personal data is used within our organization in order to be able to maintain our business relationship with you as suppliers.

If an external party asks for a possible recommendation about companies within your company’s industry, we may share contact information with you.

5. What rights do you have?

Correction and deletion of personal data
You have the right to request that we correct or delete information that is incorrect or incomplete. If you have changed positions at the company or are no longer working there and if we have a new contact person, we will see to it that this information is also made available to us.

Access to your personal data – register extract

You have the right to access the categories of personal data we process that apply to you – via a register extract. Register extracts are free of charge once a year, if you wish to have a Register Extract more than once during the same year, we will charge an administrative fee of SEK 395 per occasion.

6. How long do we keep the information?

As long as you are an important person to us in our professional relationship, we will save your information. If we become aware that your job duties at your company change or that you have changed employers, the information will be deleted.

 

4. Customers and potential customers

1. What do we use your personal data for?

Customer: If you work for one of our customer companies, as a client or as a contact person, e.g. as an employee in an accounting department, we process certain personal data in order to maintain our professional relationship, and to comply with Swedish legislation, e.g. the Accounting Act and tax legislation.

Potential customers: In order to be able to offer our services to companies that do not know us, we collect contact information for key people at companies that we want to be able to contact and process for marketing purposes.

2. What personal data may we collect?

The personal data we may process concerning you;
Name
Title
Telephone and mobile phone number for work
Email address for work
IP address
Notes about our collaboration and/or dialogues

3. How have we collected this personal data?

We have received this from you.
We have received this from your employer or colleague.
We have received this from you by visiting our website, registering for and attending one of our events, expressing interest in being contacted or subscribing to newsletters regarding external monitoring and information about unbiased recruitment.
We have searched for the information on the Internet. This may be from the company’s website or on job sites such as LinkedIn.
We have received personal data from our sister companies within the Key People Group group.
We have purchased information from external parties.

4. With whom do we share the information?

Your personal data is used within our own organization so that we can maintain or obtain the conditions to create a business relationship.

We share your personal data with third-party suppliers that we engage to perform services on our behalf (such as technical, administrative, marketing-related or other services) when necessary for the purpose of being able to manage our collaboration or so that we can process you as a potential customer. These third-party suppliers are not allowed to use your personal data for their own purposes, which we have regulated in agreements with these suppliers.

5. What rights do you have?

Correction and deletion of personal data

Customer: You have the right to request that we correct or delete information that is incorrect or incomplete. If you have changed positions at the company or are no longer working and if we have a new contact person, we would be happy to receive this information.

As an ordering contact, we cannot completely delete your personal data as your information may need to be saved in invoice documents and accounting.

Potential customer: If you do not want to be included in our CRM system as a potential customer, you can either let us know or unsubscribe from mailings and further contact. In order for us to avoid contacting you after you unsubscribe, we must still save either your name or email address in a so-called blacklist. If you ask to be completely forgotten, there is a high risk that we will find your contact information again and contact you again.

Access to your personal data – register extract

You have the right to access the categories of personal data we process that apply to you – via a register extract. A register extract is free of charge once a year, if you wish to have a Register Extract more than once during the same year, we will charge an administrative fee of SEK 395 per occasion.

6. How long do we keep the information?

Customer: If you, as a representative of a company, have ordered a service from us, and your name has been the reference used for the current assignment, we will save your personal data for seven (7) years in order to comply with the Accounting Act.

Customer and potential customer: We will continuously update our CRM database. This means that we are continuously working to have an updated and current database with current and correct contact information. This will be done through contacts with you by telephone, email, social media and in personal meetings, but also through external monitoring.

 

5. Other stakeholders

1. What do we use your personal data for?

The category Other stakeholders includes all individuals who are not included in any of the other categories. This group can consist of references in a recruitment process, a contact in a professional network, an industry colleague, salespeople from other companies, etc. It is therefore difficult to describe and cover exactly what we use the information for in each case. However, we make an attempt below with example groups that are probably not comprehensive. References in a recruitment process. When a candidate is relevant for a position/assignment, people who can provide information about how the candidate has functioned in another workplace are contacted. In order for us to contact the reference, their name and telephone number are required. In most cases, we also need to know what position the person has and what relationship they have had with the candidate (e.g., their boss).
Emergency contacts/next of kin to employees. When someone becomes employed by us, we take on a so-called emergency contact, i.e. a close relative of the employee who we can contact if something happens during working hours or on commitments/travels that take place within the framework of the job.
People who contact us on social media, through our switchboard, website (including chat) and by email.
If you as an individual have contacted us with a question, or on another matter, we may save your personal data in order to be able to get in touch with you later.

Collaboration partners, colleagues in our industry, salespeople and key people at other companies, people in professional networks, media contacts and the like.

We may save your contact information for future communication. We as a company must be able to save this information in order to be able to operate effectively in the market and create relationships that promote the growth of our and other companies.

2. What personal data may we collect?

The personal data we may process concerning you;
Name
Title
Telephone number
Email address
Other personal information that you have given us in your communication with us.

3. How have we collected this personal information?

We have received personal information from job seekers for reference purposes.
We have received personal information from you personally, by email or business card.
We have received personal information from your employer or colleague.
We have received this from you by expressing an interest in being contacted or by contacting us via telephone, social media, website (including chat), info-mail or personal mailboxes.
We have the information in our own individual networks on LinkedIn, for example.

4. With whom do we share the information?

We distinguish between people who are in contact with us as a private individual and people who are in contact with us on behalf of a company. We are more restrictive with personal information in the first case and generally do not share this information with anyone externally. When it comes to personal information for professionals, we are not as restrictive as sharing contacts within professional networks promotes business and the growth of companies. We also do not consider personal information where you represent a company to be as privacy-sensitive as personal information concerning a private individual.

We use third-party suppliers that we engage to perform services on our behalf (such as technical, administrative, marketing or other services) when necessary for the purpose of managing contacts with other stakeholders. These third-party suppliers may not use your personal data for their own purposes, which we have regulated in agreements with these suppliers.

5. What rights do you have?

Correction and deletion of personal data

You can contact us and request that your personal data be corrected or deleted. If we have no purpose or purpose for retaining your personal data, we will delete it. In some cases, we may retain the data despite your request, which may be if, for example, you have been a reference in a job application, in which case we will rely on a legitimate interest.

Access to your personal data – register extract

You have the right to access the categories of personal data we process that apply to you – via a register extract. A register extract is free of charge once a year. If you wish to have a register extract more than once during the same year, we will charge an administrative fee of SEK 395 per occasion.

 

6. How long do we keep the information?

References in a recruitment process

The reference’s contact information will only be saved for the candidate who has been hired or has become a member of XP MGMT. We save the information, together with the candidate’s other documents, for as long as the candidate is a member of XP MGMT.

Emergency contacts/next of kin of employees

Saved as long as someone is employed. The employee is responsible for ensuring that the information is correct and up-to-date.

People who contact us on social media, through our switchboard, website, chat and by email

Saved as long as the information is needed to enable and maintain communication.

Collaboration partners, colleagues in our industry, salespeople and key people at other companies, people in professional networks, media contacts and the like

Information is saved as long as it can be seen to have a purpose and purpose.

6. Legal basis

In order for us as a company to be able to save the personal data of various individuals, we must have a legal basis for this. If we do not have a legal basis, we cannot process your personal data. There are six legal bases under GDPR and four are relevant to us:

Consent – ​​You as an individual have given us your explicit permission to process your personal data for certain purposes that you have been clearly informed about. This should preferably be in writing. You can withdraw your consent at any time and then we must stop the specific processing.
Agreement – ​​You have entered into an agreement with us. We may process your personal data to fulfill the terms of the agreement.
Legal obligation – We as a company must process your personal data in order to comply with other legislation.
Legitimate interest – Our interest in processing your personal data outweighs your interest and the risk of your personal data being compromised is very small.

What legal basis do we base our processing of your personal data on?

Candidates/Consultants

As a member of XP MGMT, our processing is based on the legal basis of consent, which is requested when you apply for membership. However, you may provide specific consent for background checks. This activity is therefore not included as part of the membership.

Employees

As an employee of ours, you have an employment contract written between us, legal basis Agreement. When you later terminate your employment, we must, according to Swedish law, continue to process some of your personal data for seven (7) years, in which case our processing is subject to a legal basis Legal obligation.

Suppliers and Customers

In cases where you purchase a product or service, you enter into a contractual relationship, therefore we can base the processing carried out between us and another party on a legal basis Agreement. If the contract expires for a customer, we must, according to Swedish law, still process certain information concerning the ordering party for a further seven (7) years after the performance of the service under a legal basis Legal obligation.

Potential customers

When we market ourselves to other companies and process personal data for employees of these companies, we rely on legitimate interest as a legal basis.

Other interest groups

The legal basis for processing personal data for this group may vary depending on the context in which our contact has arisen. In most cases, we will initially use legitimate interest as the legal basis. If we see that the individual whose personal data we process falls within one of the other interest groups, the legal basis applicable to that group will apply.

7. About cookies

Personal data may be collected when you use our website and information about your use and which pages are visited is stored. This may be technical information about your device and internet connection such as operating system, browser version, IP address, cookies and unique identifiers. When visiting our website, various technologies may be used to recognize you and learn more about you in order to offer a better and more personalized user experience. This may be done directly or through the use of third-party technology. This may include the use of, for example, cookies.

 

What is a cookie?

There are two types of cookies. One type saves a text file for a longer period of time, but has an expiration date. This cookie is intended, for example, to tell you what is new since your last visit. The other type of cookie is a so-called session cookie, which has no expiration date. The text file is saved temporarily as long as you are browsing a page, and helps, for example, to keep track of which language you want to use. As soon as the browser is closed, the text file is also deleted.

Why do we use cookies?

At XP MGMT, we use cookies to, for example, keep track of which jobs you have saved. We also use cookies to obtain web statistics. We need these statistics to further develop the website to create a better user experience. The information is not available to parties other than XP MGMT.

In order to be able to use our websites fully, you must accept cookies, and you do this through your browser settings or in the footer of your computer or mobile phone. If you do not want to accept cookies, you can turn off cookies via your browser’s security settings. However, this means that the website will not function as intended. You can read more about cookies on the Swedish Post and Telecom Agency’s website.

8. Our contact details

If you want to get in touch with us at XP MGMT regarding your personal data, you can send an e-mail to info@xpmgmtconsulting.com.

At the same address, you can:

Request a register extract, request changes or deletion of your personal data. Report if you suspect that your personal data has in any way been obtained without authorization through our processing or through the processing of our third-party suppliers.
Submit comments or suggestions regarding our Privacy Policy. Ask questions about our processing of your personal data. 

If you would rather contact us by post, please send your comments to:
XP Mgmt consulting group, Karins Väg 80, 444 61 Stora Höga.

9. Supervisory authority

If you believe that XP Mgmt consulting group AB has in any way violated our handling of your personal data, you can report this to the Swedish Data Protection Authority. They are the supervisory authority for personal data processing and data protection.

Contact details:

Telefon: 08-657 61 00
E-post: imy@imy.se

Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm 

See more at www.imy.se for information about the General Data Protection Regulation – GDPR.

Gothenburg, Sweden

+46 708 98 64 06
info@xpmgmtconsulting.com

Corporate identity number:
559399-1788

Update cookies preferences