Information to jobseekers - GDPR
Information about processing of personal data about jobseekers at EXINI.
It is important that you feel safe when you provide information about yourself to us when you are applying to work here. We take great care of the protection of personal integrity.
Your personal information will only be used by EXINI persons working with recruitment. EXINI is personally responsible and is therefore responsible for processing personal data under The General Data Protection Regulation (GDPR). If you have questions about the recruitment process, please contact our HR department career@exini.com or our data protection representative dpo@exini.com, if you believe we have processed your personal information
incorrectly. You can also contact Datainspektionen (datainspektionen@datainspektionen.se) if you do believe that our processing is not compliant.
Personal data will be used for recruitment purposes. The legal basis for processing your personal data is usually EXINI’s legitimate interest in administering and documenting the recruitment process. If it may be necessary to obtain your consent we will ask for it. Upon termination of recruitment, the data is filed for two years in order to be used for a possible appeal of recruitment, such as, for example, discrimination legislation. When the appeal is no longer available, the information will be destroyed. If you have given your consent that the information is stored even after the expiry of the appeal period, the information may be stored for as long as you have consented. You can revoke your consent at any time by contacting our HR department career@exini.com.
The following personal data will be stored in EXINI’s database: The information you provide us, your resume, your personal letter and any other information you provide to us such as grades and certificates. In addition, we may record records from interviews, conversations with reference persons, and results from personality tests. You are entitled to receive free of charge information about what personal data is registered about yourself at EXINI. Send your request to dpo@exini.com, alternatively by mail to EXINI Diagnostics AB, Scheelevägen 27, 223 70 Lund. Please
label the envelope with the “Data Protection Officer”. If you think any information about you is incorrect or misleading, please contact us immediately. You can also let us know if you in any way want to restrict the handling of your personal information, object to the processing or delete them.
Interested to learn more about our products, book a demo!
Our products
GDPR
When you use aPROMISE to process patient information related to a patient who is a resident of the EU, you are responsible for ensuring that your organization complies with GDPR. In terms of GDPR you, as the user of aPROMISE, are the data controller and EXINI, as the service provider, is the data processor. In advance of processing data with aPROMISE, be sure that you have explicit consent from the patient whose data you are capturing. When data is sent to aPROMISE, it is stored in a secure manner, and is encrypted in transit and at rest.
Our Commitment
EXINI (‘we’ or ‘us’ or ‘our’) are committed and dedicated to ensuring the security and protection of the personal information that we process, and to provide a robust, continuous and consistent approach to data protection. Our objectives for GDPR and HIPAA compliance include the development and implementation of data protection roles, policies, procedures, controls and measures to ensure continuous safeguarding of the personal information under our remit.
How we are implementing GDPR and HIPAA
Policies & Procedures – Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including HIPAA, are in place
Data Retention & Erasure – we have retention policies and are applying the privacy by design principle, meaning we store only data that is needed for the current task and only store it for as long as needed Data Breaches – as a medical device manufacturer we have breach procedures in place that ensure safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time
International Data Transfers & Third-Party Disclosures – when EXINI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure,
encrypt and maintain the integrity of the data
Processor Agreements – when we use a third-party to process personal information on your behalf, we have data processor agreements and/or business associate agreements in place.