Privacy Policy

Your privacy is important for Phases and essence to our service. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information.

At Phases, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change. Phases is not in the business of selling or renting your information. Phases shall not sell your personal data to third parties and shall only share it when necessary for the rendering of the service as stated below.

Purpose of Data Collection
  • In order to improve user experience and to deliver content & service which are of most use to the seekers
  • To make the service more appropriate towards the user perspective
  • To update the users regarding the new opportunities
  • To make the search more appropriate to their data
  • To keep track of the recruitment
  • Potential candidates or clients
Data Controller

Your personal data are being processed by Phases ApS, Melby Enghavevej 64, 3370 Melby, Phases ApS, Denmark as Data Controller

Data Processor

When Data Controller provides access to the data processor then the data processing entity could process the data of the users for the specific purpose mentioned by the data controller. Here the data processors are mentioned below,

  • Phases Innovations
  • Citrix Podio
  • Google Analytics
Data Protection Officer

Phases have appointed a Data Protection Officer (DPO), and everyone is always free to contact our DPO with any queries regarding the processing of your personal data. You can always contact our DPO at gdpr@phases.dk

General Principles
  • Processing should be done lawfully, fairly and in a transparent manner. Particularly, for lawful processing – at least one of the prescribed requirements under GDPR are to be met, such as where the Data Subject has consented to the processing; or processing is necessary for the performance of a contract to which the Data Subject is a party; or processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, etc.
  • Personal Data should be collected for specified, explicit and legitimate purposes and not further processed if incompatible with those purposes (except where specifically permitted under GDPR), and it should be adequate, accurate, relevant and limited to what is necessary for relation to the purposes for which they are processed.
  • Personal Data should be kept in a form which permits the identification of data subjects for no longer than is necessary.
Laws & Regulations to be followed in GDPR

The GDPR provides appropriate rights to the users about the protection of their personal data. These rights are based on the legal articles stated below,

Article 6 of GDPR states that processing of the user’s personal data is lawful only when the individual gives consent to the processing of the personal data for a specific purpose.

Recital 58 of the GDPR requires you to provide the users with details about how their personal data is going to be put in use. This is also called the principle of transparency.

Recital 85 of the GDPR centers around the security of data. It states on protecting data to prevent a data breach and responding quickly and appropriately in the event of a data breach are requirements of this regulation.

Actions to be taken upon a personal data breach:

In case of a personal data breach, the controller is to without undue delay (and where feasible, not later than 72 hours after having become aware of it), notify (with prescribed details) the breach to the supervisory authority in terms of GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller is to communicate the personal data breach to the data subject without undue delay, with prescribed details. The controller is also required to document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action is taken.

The processor is required to notify the controller without undue delay after becoming aware of a personal data breach.

Retention Policy
  • We will be storing personal data if it serves and fulfills the purpose as mentioned.
  • Personal data obtained in connection with application and recruitment will be deleted after 6 months from the time the candidate is rejected.
  • Personal data obtained in connection with the business operation will be deleted according to either Phase’s internal policy or according to the agreed-upon terms with our suppliers within the purpose of the use of our data.