The following categories of recipients may receive your personal data as described below:

• Authorities – We may be required to give personal data to authorities. We will only do so when required by Union or Member State law. We will inform you of the obligation unless we’re prevented to do so by law.
• Developers and consultants – We work with developers and consultants from other companies to develop our IT-infrastructure and further develop services. A developer may need access to basic personal data when necessary to provide support and develop the service. Everyone engaged by us in this way is bound by confidentiality and only has access to the data that is necessary to perform their services.
• Payment providers – Payment providers such as banks are controllers of their own processing of personal data. The personal data involved in financial transactions is always collected by a payment provider, which applies separate terms and conditions for that service.

6.3 We carry out as much personal data processing as possible here in the EU/EEA. Should any data be shared with a service provider outside of the EU/EEA, by us or one of our service providers, the recipient will always enter into standard contractual clauses with us that ensure the recipient maintains a data protection standard equal to the EU/EEA.

7. How long we keep your data
7.1 Personal data is only kept for as long as necessary to fulfil the purposes described above or if the person is interested in continuing the business relationship over time.
7.2 We are obligated to keep financial information under the Swedish Bookkeeping Act, including personal data in invoicing and similar bookkeeping information, for seven years. Personal data kept for bookkeeping reasons will only be processed for that purpose.

8. Deletion of personal data
8.1 Personal data is erased or anonymized when the data is no longer necessary. ”Anonymized” means to remove any connection to an individual from the information.
8.2 When we erase or anonymise personal data, we have no means to recreate or restore that personal data.

9. Security measures
9.1 As controller of personal data, I Executive Search takes appropriate technical and organisational measures to protect the personal data in accordance with Chapter IV, Section 2 of the GDPR. We have internal policies and guidelines in place to handle information security and to prevent and investigate any leak or breach.
9.2 Should your personal data be involved in a security incident (so called “personal data breach”) we will contact you and inform you in accordance with the GDPR.

10. Your rights
10.1 You have the right to request that our processing is limited to storage, and to object to our processing.
10.2 You have the right to request information about how we process your personal data, to be provided electronically or in paper. We will compile information about how your personal data is processed and provide you with this, normally within one month.
10.3 You have the right to request that we correct any personal data that you consider to be incorrect, and to provide complementary personal data (in certain cases) should you consider that the personal data that is being processed by us gives an incorrect image of you.
10.4 You also have the right to request that we erase your personal data. We will erase personal data on your request to the extent that we are not obligated to keep the personal data under Union or Member State law. We will also continue to process personal data in specific situations, for example when your personal data is still required to fulfil contractual obligations against you. We will always respond to you and explain position.
10.5 You always have the right to lodge a complaint with the relevant authority in particular where you live, work or where an alleged infringement of the GDPR has occurred. For Sweden, the relevant authority is Datainspektionen.
10.6 If you want to exercise your rights above we ask you to contact us at ida[dot]johansson[at]iexecutivesearch[dot]com.