Privacy Policy

Jobylon AB (“we”) are committed to protecting and respecting your privacy. This policy therefore describes how we, as a data controller (meaning when we decide how we process personal data) collect and use personal data regarding the following categories:

• Potential customers
• Customers
• Former customers
• Suppliers
• Business partners
• Visitors on our website, our webinars or other events that we are a part of

What does it not cover? Data about individuals that have applied to a job at a company using Jobylon – an applicant tracking system (referred to as the Service).

This is because we only process such personal data on instructions from our customer, and any questions an applicant may have or information that they seek should be directed at the company they are applying to. Therefore, “you” hereinafter refers to you who visits our website, uses the Service or otherwise is in contact with us, e.g., as an attendee at an event or as a representative of a company. The “Company” refers to the legal entity which you are representing as an employee, consultant or similar.

Any questions?
Just email legal@jobylon.com or contact us at Jobylon AB, Sankt Eriksgatan 63B, 112 34, Stockholm, Sverige.
If you wish to specifically talk to our data protection officer, email dpo@jobylon.com.

Your rights

Right to object. You have right to object to processing based on legitimate interest. This means that we may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests. You can always contact us for more information on the balance test that has been made. Upon an objection we might have to investigate the situation further prior to a decision. You furthermore have an unconditional right to forbid that your personal data will be processed for direct marketing purposes.

Right to object. You have right to object to processing based on legitimate interest. This means that we may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests. You can always contact us for more information on the balance test that has been made. Upon an objection we might have to investigate the situation further prior to a decision. You furthermore have an unconditional right to forbid that your personal data will be processed for direct marketing purposes.

Right to transfer your data. You have the right to transfer your personal data to another controller under certain conditions.

Right to rectification. You have the right to correct inaccurate or incomplete information about yourself. We might also update the same information if we consider that it contains factual errors or is out of date.

Right to erasure. You have the right to request that we delete personal data about you, for example if the data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if there is no legal basis for processing the data. Please note that we might have to decline your request if we are legally obliged to keep the information or if the information is necessary to defend against or enforce legal claims.

Right to restriction. You are entitled to request that the processing of your personal data should be limited until inaccurate or incomplete information about you has been corrected, or until an objection from you have been handled.

Right to withdraw your consent. You may at any time withdraw any consent you have given us. However, please note that it will not affect any processing that has already taken place.

Right to complain. You have the right to lodge a complaint to the supervisory authority in the country you live or work in, if you believe that we have not complied with our obligations regarding your personal data. In Sweden the Supervisory Authority is Integritetsskyddsmyndigheten, which also is our lead supervisory authority, and you can find more information at their website: https://www.imy.se/

Please note that if you request restriction or erasure it might affect our abilities to provide Jobylon and other services etc. that you or your employer have requested. Moreover, legal rights or obligations or a legal claim may prevent us from disclosing or transfer all or part of your information, or from deleting or transferring all or part of your information.

The next sections of this privacy policy are divided into 2 – for customers and all others

Employees of customers

Personal data that we process

• Contact details, e.g. name, email address, telephone number
• Company-related data, meaning information regarding the company you work for, including company name, job title, workplace, right to represent your company etc.
• Personal identification number, only if you as a sole trader
• Communications, meaning all communication occurring between us
• Billing data, if you are listed as the reference for an invoice for example or if you are a sole trader
• Technical and statistical data, we will collect technical and statistical data from your computer (or mobile device) in connection with your use of the Service such as IP address, browser type and version, session behavior, traffic source, screen resolution, preferred language, geographic location, operating system and computer platform for purposes either necessary for the function of the Service or with your consent.
• Survey data, this is data collected if you decide to participate in an online customer satisfaction survey
• User activity logs, meaning logs with information about activity in Jobylon
• User account data, meaning your account details such as log in
• Support case data, meaning any information connected to you that is needed to solve a support case
• Sensitive data. We will only process sensitive data about you if you provide us with such information and only to the extent necessary and justified, e.g. if you provide us with information regarding your allergies or other health data for an event we host.
  

How is the information gathered?

From you. Most of the information we process about you is received from you. You may directly or indirectly give us information about yourself in different ways, for example when you contact us with a support question or use Jobylon. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to provide Jobylon to you.

Or collected from other sources. As a Jobylon-user we will most probably have gotten information about you from your employer. We will furthermore automatically receive data from the cookies and similar technologies that we set through our Service, in accordance with your consent (or when they are necessary for the functioning of the site/Service).

What do we use your data for?

Communication. Your contact details and the contents of the communication will be used to communicate with you. This processing can either be necessary for us under our contract with you or for our legitimate interest in effective communication with our customers under the contract entered into with your employer.

Providing information requested by you. Your contact details will be used to send you the information you have requested from us, e.g. if you have signed up for a subscription, our newsletter or a publication such as an e-book, based on our legitimate interest in being able to provide you with the requested information.

Marketing. As an existing customer we will, if you have registered for our newsletter, a subscription, publication, or an event, use your information to, besides providing the content you have requested, if relevant, tell you about our other publications, the Service or just keep you up to date with what’s going on with us, our products, services and events. This processing is based on our legitimate interest in being able to market us, but only to those who have shown an interest in us.

If you do not wish to receive any direct marketing from us, you can opt out at any time by clicking the unsubscribe button in our email or contact us directly at legal@jobylon.com

Administering events. We will, for our legitimate interest in being able to host events for our current, former and potential customers, invite you to an event and subsequently process the personal data necessary to plan and administer that event. Generally, the categories of personal data involved are your contact details, company data and - if we serve food - food preferences and/or allergies. If you provide us with any health data such data will be processed based on your consent.

Improving our offerings, services and marketing efforts. If you have given us your consent for analytical cookies, we will use the information collected from those cookies to improve our offerings, services and marketing efforts.

Identification of you and your company, if you are a sole trader. We process your personal identification number as a part of the information we keep about your company and to identify you as the representative of such company. This is necessary for the identification process and for our legitimate interest of being able to identify our customers, suppliers and business partners.

Billing. If you or your employer have ordered services from us or we have bought services from you, your personal data may be used for billing purposes. This includes having you as an invoice-reference. This processing is necessary and is based on our legitimate interest of being able to bill our customers under the agreement we have entered into with your company.

Administration of our agreements. If you are our customer contact person/representative, your personal data may be processed when we enter into and during the agreements with you or your employer. This is necessary for us to be able to enter into and fulfil agreements with you or your employer and for our legitimate interest in being able to enter into and fulfil different types of agreements and to have a contact person in connection with the agreement.

Nurturing our customer relationships. We will process personal data of our users and customer representatives in order for us to nurture our relationship, create added value and provide this part of our offering. This is necessary for both our legitimate interest in upholding our obligations according to the contract we have entered into with you or your employer but also to maintain and enhance our customer relationships.

Maintaining and providing the Service and support. We will process personal data of our users to provide the Service such as creating and maintaining the account and all functions of the Service including giving support. This is necessary for our legitimate interest to uphold our obligations according to the contract we have entered into with you or your employer. This includes the processing that we do to provide functions in the Service that you or your company have requested.

Maintaining, developing, testing and ensuring the security of the Service. In order to ensure that our Service runs smoothly, keeps a high quality and is secure we process the personal data as necessary – which is also the legitimate interests that we are basing the processing on.

Customer surveys. Your contact information may be used to conduct customer surveys, e.g. about Jobylon and the Service. We will contact you based on our legitimate interest in improving our business and services. Participation is however voluntary and in case personal data is included in your answers, we process such personal data based on your consent.

Publish customer reviews. We might contact you asking for your consent to publish a customer review by you for the purpose of marketing our services. The contact is made in our legitimate interest in being able to ask you for a review, however the review is based on your consent.

Fulfillment of legal obligations. Jobylon are obligated to follow Swedish law. This means that your personal data will be processed to the extent necessary for us to fulfil our legal obligations, for example with regard to tax and book-keeping rules.

Protection of our legitimate business interests and legal rights. We will use information about you where we believe it is necessary to protect and enforce our legal rights, interests and the interests of others, for example in connection with legal claims, compliance, regulatory and audit functions.

Merger or acquisition. In connection with, due to strategical or business-oriented reasons, a potential merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, the personal data we retain about you may be processed, shared or transferred, to parties involved in the process. This processing is based on our legitimate interest of being able to develop our business.

Other processing based on your consent. Your personal data may be used for other purposes than stated above if you ask us to or you give us your consent.

To whom do we share your personal data?

External consultants. Your personal data will, when appropriate, be shared with some of our consultants. However, we will restrict access to those of our consultants who need it to perform their jobs, for example to provide us with legal advice. Our consultants are of course subject to strict confidentiality.

If you/your company explicitly request us to sync your email- and/or calendar account to the Service, we and a sub-processor will access your email and/or calendar data. Access is given to write, modify or control message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows the Service to compose, send, read, and process emails. We will not transfer this data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets. We will not use this data for marketing purposes. We will furthermore not allow any employees or consultants of Jobylon to access email and/or calendar data unless there is a specific consent for specific messages, it is necessary for security purposes, it is necessary to comply with applicable laws or for internal operations (after your data has been aggregated and anonymized).

Our business partners. If you have signed up for/shown an interest in an event, publication or similar that we host or create together with a business partner, we may share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both Jobylon and the partner. Both Jobylon and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you. We may also share your details with a business partner providing an offering, e.g. service that could be relevant for your company or if you for example have requested it – which could be the case for example with an integration that we build together with a third party. That business partner will be responsible for their processing of your data, thus we recommend that you read their privacy policy/notice as well (most commonly found in the applicable form e.g. for signing up or downloading).

Public authorities and other actors. We may need to provide necessary information to parties who, by law, have the right to receive information about you, e.g. Police, Tax Authorities and courts.

Parties involved in a legal proceeding. Your personal data may be shared if necessary with parties involved in a legal proceeding, such as lawyers.

Parties involved in an acquisition, merger, or sale of business. We may, for strategic or commercial reasons, decide to sell or transfer all or parts of the company in the future. As part of a transaction, your personal information may need to be shared with parties involved in the transaction.

Other parties. We may also disclose your personal data to other companies, organizations or persons if you ask us to.

Where we process your personal data

We always strive to process your personal data strictly within the EU/EEA, however in certain cases there may be a risk of a transfer outside of the EU/EEA. As the privacy laws may not be the same as in the EU/EEA we will do everything we can to protect your data. We select our service providers carefully and take all the necessary steps to ensure that your personal data is processed with adequate safeguards in place in accordance with the GDPR. We always have a transfer mechanism in place, such as the EU Commission Standard Contractual Clauses or ensure that the service provider is established in a country that the EU Commission has deemed has adequate privacy protection, together with the necessary risk assessments and additional security measures where necessary.

Please contact us if you want information about the applicable countries and safeguards in specific cases.

How long we keep your personal data

We only process personal data for as long as it takes to fulfill the purpose of the processing, after which we stop processing the data for that purpose.

If you are a user of the Service, your data will be kept for as long as you keep your user account, meaning either when you leave the company that is our customer or when the customer relationship ends. Upon termination of the account your data might be stored up until one (1) month after termination due to technical reasons.

Data about contact details to representatives of former customers, including communications regarding the customer relationship will be kept for up to five (5) years, for the purpose of being able to re-connect and having meaningful information about the prior contract and customer relationship.

Personal data processed on the basis of your consent (e.g. sensitive data), will be deleted when your consent is withdrawn or upon expiry of the purpose for which your consent was given.

Moreover, we store data to the extent we believe it is necessary to protect our legal rights, legitimate interests and the interests of others. Your data may also be stored for a longer period if required by applicable statutory retention periods (e.g. for tax and/or book-keeping purposes and applicable statutory retention periods).

Others (potential customers, webinar attendees etc.)

• Contact details, name, email address, telephone number
• Company-related data, meaning information regarding the company you work for, including company name, job title, workplace, right to represent your company etc.
• Communications, meaning all communication occurring between us
• Technical and statistical data, we will collect technical and statistical data from your computer (or mobile device) in connection with your visit to our website or connected websites such as IP address, browser type and version, session behavior, traffic source, screen resolution, preferred language, geographic location, operating system and computer platform for purposes either necessary for the function of the website or with your consent.
• Sensitive data. We will only process sensitive data about you if you provide us with such information and only to the extent necessary and justified, e.g. if you provide us with information regarding your allergies or other health data for an event we host.
  

How is the information gathered?

From you. Most of the information we process about you is received from you. You may directly or indirectly give us information about yourself in different ways, for example when you attend a webinar, contact us for a demo or download a publication. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to provide e.g. a demo or publication to you.

Or collected from other sources. We might also get information from sources such as LinkedIn or business partners operating within the same field if you are a potential lead. Furthermore, we may get you contact and organizational details form a provider of such details, e.g. a list of contact details to relevant potential new customers. We will also receive data from the cookies and similar technologies that we set of the websites we host, in accordance with the consent you have given through the cookie consent banner.

What do we use your data for?

Communication. Your contact details and the contents of the communication will be used to communicate with you. This processing is based on our legitimate interest in effective communication with you.

Providing you requested information. Your contact details will be used to send you the information you have requested from us, e.g. if you have signed up for a subscription, our newsletter or a publication such as an e-book, based on our legitimate interest in being able to provide you with the requested information.

Marketing. Your personal data may, depending on our relationship, be used to market our services, e.g. to contact you on LinkedIn or sending information about our different services, products and events that we deem relevant for you. This processing is based on our legitimate interest in being able to market our services to potential, existing and former customers.

If you have registered for our newsletter, a subscription, publication, or an event, we use your information to, besides providing the content you have requested, if relevant, to contact you, tell you about our other publications, the Service or just keep you up to date with what’s going on with us, our products, services and events. This processing is based on our legitimate interest in being able to market us, but only to those who have shown an interest in us.

If you have signed up for an event or similar such as a publication that we host or create together with a business partner, we may also share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both Jobylon and the partner. Both Jobylon and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you.

If you do not wish to receive any direct marketing from us, you can opt out at any time by clicking the unsubscribe button in our email or contact us directly at legal@jobylon.com

Information collected from cookies and similar technologies when you visit our websites will be used to market Jobylon and our services through for example re-targeting, showing you relevant product recommendations, ads and offerings on different social media platforms (e.g. Facebook/LinkedIn), in accordance with the consent you have given us for cookies. You can adjust your privacy settings for cookies in the banner on our website.

Administering events. We will, for our legitimate interest in being able to host events for e.g. potential and former customers, either invite you to an event or offer the opportunity to sign up and subsequently process the personal data necessary to plan and administer that event. Generally, the categories of personal data involved are your contact details, company data and - if we serve food - food preferences and/or allergies. If you provide us with any health data such data will be processed based on your consent.

Improving our offerings, services and marketing efforts. If you have given us your consent for analytical cookies, we will use the information collected from those cookies to improve our offerings, services and marketing efforts.

Maintaining, developing, testing and ensuring the security of the website. In order to ensure that our websites run smoothly, keep a high quality and are secure we process the personal data as necessary – which is also the legitimate interests that we are basing the processing on.

Fulfilment of legal obligations. Jobylon are obligated to follow Swedish law. This means that your personal data will be processed to the extent necessary for us to fulfil our legal obligations, for example with regard to tax and book-keeping rules.

Protection of our legitimate business interests and legal rights. We will use information about you where we believe it is necessary to protect and enforce our legal rights, interests and the interests of others, for example in connection with legal claims, compliance, regulatory and audit functions.

Merger or acquisition. In connection with, due to strategical or business-oriented reasons, a potential merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, the personal data we retain about you may be processed, shared or transferred, to parties involved in the process. This processing is based on our legitimate interest of being able to develop our business.

Other processing based on your consent. Your personal data may be used for other purposes than stated above if you ask us to or you give us your consent.

To whom do we share your personal data?

External consultants. Your personal data will, when appropriate, be shared with some of our consultants. However, we will restrict access to those of our consultants who need it to perform their jobs, for example to provide us with legal advice. Our consultants are of course subject to strict confidentiality.

Our business partners. If you have signed up for/shown an interest in an event, publication or similar that we host or create together with a business partner, we may share your contact details with that relevant partner based on our legitimate interest in being able to deliver the requested content, created by both Jobylon and the partner. Both Jobylon and the partner may thereafter also contact you with offers, content and other information that is deemed relevant for you. We may also share your details with a business partner providing an offering, e.g. service that could be relevant for your company or if you for example have requested it – which could be the case for example with an integration that we build together with a third party. That business partner will be responsible for their processing of your data, thus we recommend that you read their privacy policy/notice as well (most commonly found in the applicable form e.g. for signing up or downloading).

Public authorities and other actors. We may need to provide necessary information to parties who, by law, have the right to receive information about you, e.g. Police, Tax Authorities and courts.

Parties involved in a legal proceeding. Your personal data may be shared if necessary with parties involved in a legal proceeding, such as lawyers.

Parties involved in an acquisition, merger, or sale of business. We may, for strategic or commercial reasons, decide to sell or transfer all or parts of the company in the future. As part of a transaction, your personal information may need to be shared with parties involved in the transaction.

Other parties. We may also disclose your personal data to other companies, organizations or persons if you ask us to.

Where we process your personal data

We always strive to process your personal data strictly within the EU/EEA, however in certain cases there may be a risk of a transfer outside of the EU/EEA. As the privacy laws may not be the same as in the EU/EEA we will do everything we can to protect your data. We select our service providers carefully and take all the necessary steps to ensure that your personal data is processed with adequate safeguards in place in accordance with the GDPR. We always have a transfer mechanism in place, such as the EU Commission Standard Contractual Clauses or ensure that the service provider is established in a country that the EU Commission has deemed has adequate privacy protection, together with the necessary risk assessments and additional security measures where necessary.

Please contact us if you want information about the applicable countries and safeguards in specific cases.

How long we keep your personal data

If you have only engaged with us through e.g. downloading a publication or attending an event we store your contact details and organization details (if applicable) for marketing purposes for up to two (2) years after your latest action.

If we have communicated with you, for example if you have had contact with one of our Account Executives, we store your contact details, organization details and the communications content for up to five (5) years – in order for us to contact you again in a couple of years to see if it is time to switch to our awesome ATS.

If we have gathered your information through a supplier that provides lists of contact details, as explained above, we will only keep that data for up to one (1) month unless we contact you. If we contact you and we start engaging in a conversation, the previous section applies

Personal data processed on the basis of your consent (e.g. sensitive data), will be deleted when your consent is withdrawn or upon expiry of the purpose for which your consent was given.

Moreover, we store data to the extent we believe it is necessary to protect our legal rights, legitimate interests and the interests of others. Your data may also be stored for a longer period if required by applicable statutory retention periods (e.g. for tax and/or book-keeping purposes and applicable statutory retention periods).

We only process personal data for as long as it takes to fulfill the purpose of the processing, after which we stop processing the data for that purpose.