PRIVACY NOTICE FOR POTENTIAL EMPLOYEES USING TEAMTAILOR
SATS AS (“SATS”, “we”, "our", "us") operates a chain of fitness centers and related services (such as SATS Online, the SATS App, and the SATS website). This privacy notice provides you as potential employee at SATS with information about our processing as the controller of your personal data. For information on how SATS processes personal data about employees in connection with their membership, please refer to the Privacy Notice and Cookie Policy available on our website.
WHY AND HOW WE USE PERSONAL DATA
Below you will find an overview of why and how we process personal data. The overview is general to our business. Whether each line of information applies to you depend on your specific role and the nature of your interactions with us.
Purpose, description and the personal data processed, legal basis & retention period
Recruitment
In our recruitment process, we process personal data such as names, contact details, educational and employment history, skills, and certifications to evaluate candidates fairly and transparently. Additional information voluntarily provided by candidates, like cover letters or portfolios, may also be considered. In certain situation we may also process documents for asylum seekers. We prioritize stringent privacy and data protection standards to ensure confidentiality and security, aligning with regulatory requirements and promoting a trustworthy recruitment experience for all.
The processing is necessary to in order to take steps at your request prior to entering into an employment contract (Article 6(1)(b) of the GDPR).
Continued processing after 1 year is contingent upon your consent (Article 6(1)(a).
We will erase the personal data no later than 1 year following the conclusion of the recruitment. However, we will keep your data longer if you consent or if it’s necessary to ensure compliance with legal obligations or for specific business requirements, in which case, the extended retention period will be clearly communicated to you in accordance with applicable data protection regulations.
Background checks
To uphold the security and integrity of our organization we collect and process information pertinent to background checks. This may in some cases include criminal records or financial information.
The legitimate interest in safeguarding SATS against potential liability and risk (Article 6(1)(f) GDPR).
We will erase the personal data no later than three months following the conclusion of the employment. However, we will keep your data longer if necessary to ensure compliance with legal obligations or for specific business requirements, in which case, the extended retention period will be clearly communicated to you in accordance with applicable data protection regulations.
WITH WHOM WE SHARE PERSONAL DATA
We may need to share personal data with third parties. In this section we describe the categories of recipients.
Group companies. We share data internally with group companies for administrative and analytics/statistical purposes. We act as joint controllers for the purpose of sharing data for analytics/statistical purposes and have entered into an agreement regulating the joint controllership. You can exercise your right against either of us, and we are both responsible for handling your personal data lawfully. You can get more information on the arrangement by contacting us.
Recruiters: Some positions may require us to share your information with our recruiters, who may conduct additional background checks.
We may also share information with the authorities if we are ordered or otherwise obliged to do so. Furthermore, we may share information about you with others, if you consent thereto.
YOUR PRIVACY RIGHTS
You have several rights pursuant to the GDPR, as listed below. Please note that there are exceptions and limitations that may apply, so that we may not always be able or obliged to allow you to exercise them.
Contact your local HR department, if you wish to exercise your rights, if you have other questions, comments or would like to receive more information regarding our processing of personal data. We will respond to your enquiry as soon as possible.
Right of access and information. You may request to be informed whether we are processing personal data concerning you and, if so, to receive a copy of it, together with some further information on the purposes of the processing, the categories of personal data to which the processing relates, the recipients to whom the personal data have been or will be disclosed, the retention period and the existence of your rights as a data subject. You also have the right to be informed of the right to lodge a complaint with the data protection authority and of the source of the personal data, as well as of the existence of automated decision-making together with certain additional information.
Right to rectification. If you believe that the personal data concerning you is inaccurate or incomplete, you can request that the data be corrected or completed.
Right to object.
When we process personal data based on our legitimate interest, you have the right to object to the processing at any time. If we cannot demonstrate that there are compelling legitimate grounds to continue processing the data, we must cease processing. You also have the right to object to our processing of personal data for direct marketing purposes, where if you object to such processing, we must cease processing for the purpose of direct marketing.
Right to withdraw consent. Where we process personal data on the basis of your consent, you can withdraw this consent at any time. We are then obliged to stop processing your personal data on the basis of your consent.
Right to restriction. You have the possibility to request the restriction of the processing of your personal data if you have objected to our processing of your personal data and it has not yet been determined whether the legitimate grounds of SATS overrides yours, you have contested the accuracy of the personal data, if the processing of personal data is unlawful but you want restriction of processing rather than erasure, or if we no longer need the personal data for the purpose of processing but you need them for the establishment, exercise or defence of legal claims. Where processing is restricted, we only use such personal data (other than storage) with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal persons, or for reasons of important public interest.
Right to erasure. You have the right to have your personal data erased if we no longer need the personal data for the purposes for which it was collected or processed, you withdraw your consent, you object to the processing and there are no compelling and overriding legitimate grounds for further processing, your personal data has been processed unlawfully or we are required by law to erase your personal data.
Right to data portability. You have the right to obtain your personal data in a structured, commonly used and machine-readable format and to transfer it to another controller (data portability), to the extent that you have provided the data to us and where the processing is based on consent and the processing is carried out by automated means.
The Norwegian Data Protection Authority has compiled a more detailed description of these rights, which may be accessed via the following link: https://www.datatilsynet.no/rettigheter-og-plikter/den-registrertes-rettigheter/ (available in Norwegian only).
If you disagree with how we process your personal data, please let us know by contacting us. You may also submit a complaint to your local data protection authority: the Norwegian, Swedish, Danish or Finnish Data Protection Authority.
The Norwegian Data Protection Authority may be contacted at the following email address: postkasse@datatilsynet.no and receive complaints through mail at the following postal address: Datatilsynet Postboks 458 Sentrum 0105 Oslo.
The Swedish Data Protection Authority may be contacted at the following email address: imy@imy.se and receive complaints through mail at the following postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden
The Danish Data Protection Authority may be contacted and receive complaints at the following email address: dt@datatilsynet.dk.
The Finnish Data Protection Authority may be contacted at the following email address: tietosuoja@om.fi and receive complaints through mail at the following postal address: P.O. Box 800, 00531 Helsinki, Finland.
AMENDMENTS
We will update this privacy policy as necessary, for example when we make changes in employee benefits or make changes in internal routines. You will receive information from us if we make significant changes. You will always find the latest version of the privacy policy on our Intranet.
This policy was last updated on 2. May 2024.
