PRIVACY POLICY FOR APPLICANTS AND EMPLOYEES OF TF BANK GROUP
1. INTRODUCTION
This Privacy Policy is a statement on how TF Bank Group processes personal data regarding employees, consultants and job applicants.
TF Bank Group is committed to respecting your privacy. Our employees are our greatest value, and we want you to feel confident that your personal data is handled in an adequate and secure manner. This Privacy Policy includes detailed information about what personal data we process, for what purposes and for how long the data is kept. We strive to be as transparent as possible. However, if you have any questions on the privacy practices of TF Bank Group, you are always welcome to contact us. Contact details are provided at the end of the document.
The purposes and the type of personal data collected can be different for each employee, depending on employment responsibilities, location and other factors. For example, credit and background checks can only be required for specific roles based on local legislation.
TF Bank Group may update this Privacy Policy without prior notice to reflect changes in TF Bank Group´s privacy practices. The latest version of the Privacy Policy is always available on TF Bank Group's intranet. TF Bank Group will let you know about significant changes to this Privacy Policy.
The original version of this privacy policy is established in English. To the extent a translated version of this privacy policy conflicts with the English version, the English version shall prevail.
1.1 DEFINITIONS
“TF Bank Group” refers to TF Bank AB together with its branches and subsidiaries.
- TF Bank AB (publ) (organisation nr.: 556158-1041)
- Branches: TF Bank AB, branch Finland (2594352-3); TF Bank AB, branch Polen (PL9571076774); TF Bank AB, branch Estland (14304235); TF Bank AB, branch Norge (923 194 592); TF Bank AB, branch Lettland (50203334311).
- Subsidiaries: Avarda AB (559310-4967); Avarda AB, branch Finland (3362665-9); Avarda AS (931 481 169); TFB Service (UAB 304785170); TFB Service GmbH (HRB 208869 B); TFBN Services S.L. (B10781789)
TF Bank Group is the so-called data controller, which means that TF Bank Group determines the purpose and legal basis of the processing of your personal data. The processing of personal data is regulated by the General Data Protection Regulation (GDPR Regulation 2016/679) and adhering to data privacy legislation.
Personal data means "any information relating to an identified or identifiable natural person (a “data subject")”, Article 4 (1) GDPR.
Under Article 9 GDPR, sensitive information is referred to as "special categories of personal data that relates to a person´s: racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, physical or mental health, sexual live or sexual orientation.” Generally, it is necessary to obtain your consent before we process such personal data. However, we may process such data without consent for limited statutory purposes such as monitoring compliance with our equal opportunities as well as health and safety rules or if necessary to protect your vital interests, for legal claims, or in the public interest.
2. LEGAL BASES
TF Bank Group will process your personal information based on:
-
The contractual agreement with TF Bank Group to which the employee is party or in order to take steps at the request of the employee prior to entering into a contract.
-
TF Bank Group's legitimate interest, including for example, fraud prevention, maintaining the security of our systems, investigations relating to compliance with our policies or laws, to defend our lawful interests in legal proceedings, meeting our targets for diversity, organizational planning and effectiveness and improving our services and workplace.
-
Compliance with legal obligations, to which TF Bank Group is subject (e.g.: employment laws, immigration laws, tax laws; data protection regulations etc.).
-
Consent you provide, where TF Bank Group does not rely on another legal basis or in addition to contractual agreement or reliance on our legitimate business interests, including for example, for your own interest, when you choose to provide us with your personal information and the processing of that information is voluntary. Your consent can be withdrawn at any time.
3. JOB APPLICANTS
3.1 Purpose and legal basis
When you apply for a position at TF Bank Group, we process personal data for the following purposes, on the legal basis defined:
-
Job application management and communication: To manage your job application, including receiving, reviewing, and organizing application materials such as resumes, cover letters, and portfolios. To communicate with you regarding your application status, interview schedules, and other relevant information. To arrange and conduct job interviews, assessments, and evaluation exercises to assess candidates' qualifications, competencies and cultural fit.
Legal basis: Contractual agreement
-
Matching and Selection: To assess your qualifications, skills, and experience, for the purpose of understanding whether the position you are applying for matches our and your expectations and requirements.
Legal basis: Contractual agreement
-
Credit and Background Checks: To assess and verify the information you have provided us, for example the conduct of credit- and background checks, reference checks, and verification of educational qualifications, employment history, and professional credentials to assess candidates' suitability for the position.
Legal basis: Contractual agreement
-
Compliance with Legal Obligations: To ensure that we comply with legal requirements, such as equal employment opportunity laws, immigration laws, and data protection regulations. To track diversity metrics, monitor diversity and inclusion initiatives, and promote equal opportunities in the recruitment process.
Legal basis: Legal obligation
-
Internal Reporting and Analysis: To analyze your applicant data for internal reporting purposes, such as tracking recruitment metrics, evaluating the effectiveness of recruitment strategies, and identifying areas for improvement in the hiring process.
Legal basis: Balancing of interests
-
Talent Pool Management: To store applicant data in a talent pool or applicant tracking system for future recruitment purposes and talent pipelining.
Legal basis: Balancing of interests or consent
-
Offering Employment Contracts: To prepare and issue employment contracts, offer letters, and other related documents to successful candidates.
Legal basis: Contractual agreement
-
Feedback and Evaluation: To solicit feedback from hiring managers, interviewers, and candidates to evaluate the recruitment process and make improvements for future hiring cycles.
Legal basis: Balancing of interests
-
Communicating with Referrers: To communicate with people you have referred to for reference, to verify the information you have given us and the impression we have of you.
Legal basis: Contractual agreement
-
Upcoming positions: To contact you again for alternative openings, if have given us your consent to store your personal data for future opportunities.
Legal basis: Consent
3.2 Personal data we process
The personal data processed for the purposes above vary depending on the position for which you apply, your qualifications and where you are in the application process.
For administrating the recruitment process, the personal data we process is primarily data to ensure your identity and your qualifications and skills. This includes:
We process among others social security numbers, addresses, citizenship, e-mail addresses, telephone numbers, copy of ID document (passport, driver's license, national ID card), copy of electronic signature etc.
We also process your CV and the documentation you have provided, including letters of reference, educational certificates, grades and certifications.
For the purpose of complying with accessibility regulations, we might also process your health data. In any case, we will make sure that the purposes for which we intend to use your sensitive personal information are known at the time of collection and, if necessary, obtain your consent at that time. In such cases you will be able to withdraw your consent at any time.
As part of your recruitment process, you might be asked to request an extract of your criminal record or credit report and present it to us. We will not keep any copy of the criminal record or credit report other than to note that we have obtained them and that you have presented to us.
3.3 Storage of personal data about job applicants
The personal data you provide in your job application and during interviews as well as the correspondence will be processed until the application process has been completed, which includes making an offer and providing an employment contract. If the recruitment process results in employment, we save this information for the term of employment and delete it ten years past its termination. If the application does not lead to employment, we will save the information for one year for statistical purposes, unless you consent to us keeping it possible future job openings.
4. EMPLOYEES AND CONSULTANTS
4.1 Purpose and legal basis
When you are an employee of TF Bank Group, or a consultant working under consultancy like circumstances, we process personal data about you for the following purposes. Please note that the purposes may vary depending on the market you work in and the position you hold.
-
Payroll and Benefits Administration: To manage salary payments, employee benefits, and allowances, including deductions for taxes, insurance, and pension contributions.
Legal basis: Contractual agreement and legal obligation
-
Organization Management: To assess workforce needs, identify skill- and competence gaps, to ensure that we are able to administer our workforce and organization optimally. This includes resource planning, recruitments strategies, transfers and termination of employment arrangements, including negotiation with unions and representatives when required.
Legal basis: Balancing of interests
-
Employee Development: To assess your performance, provide feedback, set performance goals, conduct performance appraisals, and implement performance improvement plans as necessary.
Legal basis: Balancing of interests and Contractual agreement
-
Compliance with Employment Laws: To be able to comply with employment laws and regulations governing working hours, leave entitlements, employee rights, health and safety requirements, and anti-discrimination laws.
Legal basis: Legal obligations
-
Security and confidentiality: To ensure compliance with internal policies and security of our confidential information, we monitor your use of your systems and tools. TF Bank Group may, at any time, enforce access to your e-mails, tools and folders.
Legal basis: Legal obligations
-
Corporate and Internal Communications: To communicate with you about announcements, and other relevant information through various channels such as emails, newsletters, intranet portals, and meetings. To facilitate communication and collaboration among employees, teams, and departments for work-related activities, projects, and initiatives.
Legal basis: Balancing of interests, Contractual agreement
-
Health and Safety Management: To maintain records related to employee health and safety, conducting risk assessments, implementing safety measures, and managing workplace accidents or incidents.
Legal basis: Legal obligation
-
Security and Access Control: To manage access to bank premises, systems, and confidential information through security measures such as access controls and authentication mechanisms.
Legal basis: Legal obligation
-
Financial Compliance: To prevent criminal activities such as bribery, corruption and money laundering and to ensure conflicts of interest are managed adequately. To document and keep records of incidents. To monitor employees’ remunerations expenses, allowances, reimbursements.
Legal basis: Legal obligation
-
Employee Relations and Conflict Resolution: To manage employee relations, addressing grievances, resolving conflicts, and fostering a positive work environment through effective communication, mediation, and dispute resolution processes. To respond to legal inquiries, investigations, and regulatory audits and to defend the TF Bank Group against legal claims or disputes arising from the employment relationship.
Legal basis: Contractual agreement
-
Work documentation and folders: To facilitate efficient and effective performance of job duties, ensuring access to folders, sites and tools needed to carry out your tasks within the organization's operations.
Legal basis: Contractual agreement
-
Logging and back up: To ensure that data and information is not altered or destroyed by the implementation of logging and back-up mechanisms, connected to your account and folders.
Legal basis: Legal obligation
-
Emergency and crisis: To be able to get in contact with you or your close relatives or family members, in case of an emergency or crisis.
Legal basis: Legal obligation
4.2 Personal data we process about employees and consultants
The personal data processed for the purposes above is primarily information to ensure our accurate administration of your employment contract.
It includes but is not limited to name, date of birth, social security number, tax identification number, address, nationality, e-mail address, telephone number, copy of ID document (passport, driver's license, national ID card), copy of electronic signature.
As informed above, TB Bank also processes personal data related to your employment engagement, such as your employment contract, place of work, position and role, and documentation provided or collected in the recruitment process. Further, TF Bank Group also processes data that identifies you in our systems, such as employment ID, IP-address, access rights and passwords.
We also process objective and subjective information on work performance, appraisals, development records, one-to-one meetings, personal development plans, disciplinary actions etc.
- Financial and Benefit Information
We also process information on employment, salary and bank account details and tax-related information. For the purpose of being able to administer your benefits, TF Bank Group also processes data on insurance coverage, retirement plans, other employee benefits and pension schemes.
If relevant, we also process personal data that is sensitive, such as information about your union membership, your parental leave, health information and sick leave and information on your close relatives and family.
In any case, we will make sure that the purposes for which we intend to use your sensitive personal information are known at the time of collection and, if necessary, obtain your consent at that time. In such cases you will be able to withdraw your consent at any time.
4.3 Storage time
TF Bank Group will keep your personal data in line with its data retention policy and applicable law. TF Bank Group will retain your personal data for the period necessary to fulfill the purposes set out in this statement unless longer retention is required or permitted by law (e.g., for example for the purpose of administrating pension benefits, accounting, or reporting requirements).
Generally, this means that we will retain your information for as long as you are employed by TF Bank Group, and after you leave, we retain some of that information for long as is necessary to fulfil the purposes for which it was collected as prescribed by the law.
When no longer necessary for business purposes, paper and hard copies will be immediately destroyed using paper shredders or similar devices.
Details of retention periods for different aspects of your personal information are available in our retention policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. WHERE WE COLLECT PERSONAL DATA FROM
TF Bank Group typically collects personal information about you through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We will sometimes collect additional information from third parties including former employers (e.g. references provided to us), credit reference agencies or other background check agencies. Some of the information we collect about you is required by law, for the provision of your employment contract, and to fulfil the obligations within that contract - we will make this clear at the point where we collect the information. We may also collect personal information about you where the information has been made publicly available.
6. INFORMATION SECURITY AND INTEGRITY OF PERSONAL DATA
TF Bank Group maintains appropriate administrative, technical, and organizational measures designed to help safeguard the confidentiality and integrity of employee personal information and to protect it against accidental and unlawful destruction, accidental loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing of personal data in its possession.
TF Bank Group has well-established and high-quality policies and procedures for information security. TF Bank Group uses security measures such as password protection, encryption, physical locks, SSL, backup, firewalls, etc.
Moreover, TF Bank Group trains employees regarding its data privacy policies and procedures and permits authorized employees to access employee personal data on a need-to-know basis, as required for their role.
It is TF Bank Group's obligation that the personal data we process is accurate, complete and up to date.
7. DISCLOSURE AND TRANSFER OF PERSONAL DATA
The confidentiality of your personal data is ensured by implementing employment laws, data protection regulations, and company policies, which means that TF Bank Group may not disclose personal data to unauthorized persons.
We may share personal information about you with other companies in the TF Bank Group subject to inter-company data processing agreements.
We may also share personal information to:
- Companies or consultants who are engaged to perform services for, or on behalf of TF Bank Group including for example, those who process our pension and share incentive schemes, company car hire or business travel bookings or other companies;
- Law enforcement agencies, government bodies, regulatory organizations, courts or other public authorities if we have to, or are authorized to by law;
- A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement;
- Other third parties when we have your consent to so (for example providing a personal reference to a bank, building society, landlord or property agent);
- In conjunction with any merger, sale or acquisition of a company in the TF Bank Group.
8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
European data privacy laws prohibit the transfer of personal data outside of the European Economic Area (“EEA”) unless specific requirements are met for the protection of that personal information. TF Bank Group will only carry out such transfers where we are confident that the level of protection that applies to personal information will be similar as if it had remained withing the EEA. For transfers outside of the EEA, such as to our service providers, we enter into “model clause” data transfer agreements or rely on some other approved data transfer method to ensure adequacy.
The international transfer of personal data is currently only required for our external service providers that may provide support for our IT and operational infrastructure.
9.DATA SUBJECT'S RIGHTS AND DUTIES
Subject to the applicable local law, you may have the right to:
- Withdraw your consent to the processing of personal data
- Request access to and obtain a copy of your personal information, a so-called register extract
- Have your personal information amended if it is inaccurate
- In certain circumstances delete your personal data, unless we are obliged by law to retain the data
- In certain circumstances restrict or object to TF Bank Groups´s processing your personal data or ask for it to be sent to another employer
- Request to receive your personal data (right to data portability): i.e. the right to obtain the personal data you have provided to us in a commonly used and machine-readable format and the right to transmit those data to another controller. The right to data portability, as opposed to the right to a register extract, only covers data that you provided us and that we process on legal grounds, such as a contract with you.
- Submit a complaint related to personal data processing directly to TF Bank Group, see contact details in section 11. You also have the right to submit a complaint to the relevant supervisory authority. The relevant supervisory authority for TF Bank Group is the Swedish Data Protection Authority. Contact details for the Swedish Data Protection Authority: www.imy.se Phone: 08-657 61 00, E-mail: imy@imy.se
For more information about your rights and how to exercise them, please contact your local privacy contact at TF Bank Group, please see contact details in section 10.
10. YOUR OBLIGATION TO INFORM ABOUT CHANGES
It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your working relationship with us.
11. CONTACT DETAILS FOR TF BANK GROUP
If you want to exercise your rights described in section 9 or if you have questions regarding this Privacy Policy or our personal data processing, you can contact us at: TF Bank Group AB (publ): Data Protection Officer (DPO) Box 947 501 10 Borås dpo@tfbank.se
