BackerSkeie as a data processor

The intention of the agreement is to regulate rights and obligations pursuant to law of processing of personal data. The agreement also seeks to comply with the General Data Protection Regulation (GDPR) of the European Parliament and of the Council of 27 April 2016 (in effect May 2018).

In some contexts, BackerSkeie will be processing personal data on behalf of the Client. This can be personal data about management team, responsible leader for the position to be hired, or personal data about internal candidates.

BackerSkeie has the right to process contact information including name, email, address, phone number, information regarding education and work experience including position, work place, the duration of employment, remuneration, any recommendation and preferences about future career. BackerSkeie will not process sensitive of personal data.

The purpose of the processing of personal data is to fulfil contract obligations with the Client. BackerSkeie will not process personal data in any other way than that which is agreed in this agreement. To fulfil contract obligations, BackerSkeie have the right to gather, register, assemble, save and transfer personal data on behalf of the Client.

When processing personal data on behalf of the Client, BackerSkeie shall follow the routines and instructions stipulated by the Client and BackerSkeie at any given time, including any transfer of personal data to a third country or an international organisation.

The client is entitled to access all personal data being processed on behalf of the client and the systems used for this purpose, unless otherwise is agreed upon. BackerSkeie shall provide the necessary assistance for this. If the Client is facing demands from an individual to remove, view or transfer personal data processed by BackerSkeie, BackerSkeie should be notified by the Client to fulfil the demand. If certain data should be deleted, this shall also include data on any backup service or medium.

BackerSkeie must observe professional secrecy in regard to the documentation and personal data to which the company has access to in accordance with this agreement. This provision also applies after the agreement has been discontinued. If BackerSkeie uses a subcontractor or others not normally employed by BackerSkeie, this shall be agreed in writing with the Client prior to start of the processing of personal data. BackerSkeie is responsible for informing employees and subcontractors about the processing of personal data, the risk of the processing and how to handle deviation. BackerSkeie will be held accountable if an employee or subcontractor violate the point above.

The Client accept that BackerSkeie uses subcontractors to process personal data. At the time BackerSkeie uses Protekt IT, Microsoft, Easycruit, Webcruiter, Invenias and Assesio as subcontractors for processing personal data.

BackerSkeie shall fulfil the requirements for security measures stipulated in the GDPR, in particular Chapter 4 Articles 25 and 32. BackerSkeie shall maintain a record of processing activities, and the documentation shall be available upon the Clients request. The implementation of regular security audits for systems etc. covered by this agreement shall be implemented according to the GDPR, and the Client can at any time request and perform security audits with BackerSkeie.

BackerSkeie shall report any discrepancies to the Client. In case of a personal data breach, BackerSkeie must notify the Client without delay after becoming aware of a personal data breach in accordance with GDPR Section 32 no. 2.

This agreement is automatically terminated if the service contract between the parties is terminated. Upon termination of this agreement, BackerSkeie is obliged to return or delete all personal data received and covered under this agreement, if written requested by the client within reasonable time.

Version 1.1. Last updated 29.06.2018.