Privacy policy
Data Controller
We are a data controller for the processing of personal data that we process about our customers and business partners. Please see our contact details below.
Kure Search ApS
Langebrogade 4 1411 København K. Denmark
CVR-nr.: 37270261.
Our company is not required to have an external DPO, but if you have any questions about the processing of your personal data, please feel free to contact CEO, Mark Kure Hansen at mark@kuresearch.com.
Processing activities
Being a data controller, we have the following processing activities according to the GDPR.
Visiting our website
When you visit our website, we use cookies for the website to work. More information is available in our cookie policy.
Communication with potential customers
If you have any questions about our site or would like more information about our services, please contact us via:
- Contact form
- Phone number
We will then process your personal data to make it possible for us to enter into a dialogue with you, e.g., answering questions about our services. We only process data provided by you in connection with our communication.
We will typically process the following general data: name, e-mail, phone number.
Our legal basis for processing these personal data is Article 6(1)(f) of the General Data Protection Regulation.
We will delete our communication with you when it has become clear whether you want our services or not.
Storing your personal data for a longer period of time may be possible if there is a need in special circumstances.
Customers
We need to communicate with our customers to ensure that our service is delivered correctly. We may therefore process data about their names, addresses, services, special agreements, payment information and the like.
The legal basis for processing these personal data is Article 6(1)(b) of the GDPR.
Once the service has been delivered we keep the data up to 5 years for the purpose of gurantee, extending of contract terms, revision etc.
Accounting
We must save all accounting records in accordance with the Danish Bookkeeping Act (bogføringsloven). We therefore store invoices and similar vouchers for accounting purposes. This may include general personal data such as names, addresses, service descriptions.
Our legal basis for processing personal data for accounting purposes is Article 6(1)(1) of the General Data Protection Regulation.
We will store these data for a minimum of 5 years after the current financial year has ended.
Job applications
We are always happy to receive job applications for the purpose of assessing whether they match an employment need in our company.
If you send us your job application, our legal basis for processing your personal data is Article 6(1)(f) of the General Data Protection Regulation.
If you have submitted an unsolicited application, we will immediately assess whether your application is relevant.
If you are part of a recruitment process and/or are hired for the job, we will provide you with separate information about our processing of your personal data in those regards. If you have submitted an application for an advertised job, and do not get the job, we will contact you to find out whether we may keep your data in relation to other options. If we receive your consent, we store relevant candidates for up to 5 years as standard. You are always welcome to contact us and withdraw your consent earlier.
Data processors
Very few can do it all on their own, and that is true for us as well. We therefore have business partners and use suppliers, some of whom may be data processors.
External suppliers may, for example, provide systems to organise our work, services, consultancy, IT hosting and marketing.
We use the following data processors:
Copper
The purpose is as a CMS system and candidate database to keep track of our contacts, contact information and dialogues with candidates and customers.
Google Drive
The purpose is to store CVs, interview notes, job profiles etc.
The purpose is to network and communicate via the Linkedin platform.
SHL
The purpose is to use SHL as an interview tool in relation to uncovering a person’s profile and preferences.
Codility
The purpose is to test candidates’ technical competences.
Docusign
The purpose is to get a digital signature on documents such as consent, contracts, etc.
economy
The purpose is an accounting system.
It is our responsibility to make sure that your personal data are properly processed. We therefore place high demands on our business partners, and our partners must guarantee that your personal data are protected.
We therefore enter into agreements with companies (data processors) that handle personal data on our behalf to increase the security of your personal data.
Disclosure of personal data
We do not disclose your personal data to any third parties without your consent
Profiling and automated decisions
We do not engage in profiling or automated decision-making.
Transfers to third countries
We generally use data processors within the EU/EEA or data processors that store data within the EU/EEA.
However, this is not always possible. Data processors outside the EU/EEA may then be used if they can provide your personal data with adequate protection.
Security of processing
We keep the processing of personal data secure by implementing appropriate technical and organisational measures.
We have conducted risk assessments of our processing of personal data and have subsequently implemented appropriate technical and organisational measures to increase the security of processing.
One of our most important measures is to keep our employees updated on the GDPR through ongoing awareness training, GDPR courses and by reviewing our GDPR procedures with our employees.
Rights of data subjects
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of data about you.
If you would like to exercise your rights, please contact us for our assistance.
The right to see data (right of access)
You have the right to access the data we process about you and a number of additional data.
Right of rectification (correction)
You have the right to have incorrect information about you corrected.
The right to erasure
In special circumstances, you have the right to have data about you erased before our regular general erasure.
The right to restriction of processing
In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have our processing restricted, we may only process data – with the exception of storage – based on your consent or for the establishment, exercise or defence of legal claims or for the protection of a person or important public interests.
The right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your data for direct marketing purposes.
The right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those personal data transmitted from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s (Datatilsynet) guide on the rights of data subjects, which is available at www.datatilsynet.dk.
Withdrawal of consent
If our processing of your personal data is based on your consent, you have the right to withdraw your consent.
Complaints to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency’s contact details at www.datatilsynet.dk.
We encourage you to read more about the GDPR in general so that you are up to date on the rules.