Privacy Policy

Effective Date: June 24, 2025

Last Updated: June 24, 2025

Controller: MindDig AB (Reg. No. 559339-4249), based in Sweden.


1. Introduction

MindDig AB (“MindDig”, “we”, “us”, “our”) values your privacy and the integrity of your personal data. This Privacy Policy (“Policy”) explains how we collect, use, protect, and disclose your personal data, as well as the rights you have in connection with your data.

This Policy applies to:

  • Individuals using our services to explore or apply for job opportunities (“Users” or “Talents”)
  • Visitors to our website: www.minddig.com
  • Employees of current or potential customers and partners

All data processing is performed in accordance with the EU General Data Protection Regulation (GDPR), Swedish law, and, where applicable, the EU Artificial Intelligence Act (AI Act).


2. Definitions

  • Personal Data: Information that directly or indirectly identifies a natural person.
  • Data Subject: The individual to whom the personal data relates.
  • Processing: Any action performed on personal data (e.g., collection, use, storage).
  • Controller: The entity determining why and how personal data is processed (MindDig).
  • Processor: A third party processing data on behalf of the Controller.
  • The Services: The digital services provided by MindDig to match talents with EEA-based employers.

3. MindDig as a Controller

MindDig is the Controller for all personal data processed via our Services. This includes all data you submit directly or that is collected automatically when you interact with our platform.

When we process personal data on behalf of our customers (e.g., when customers create notes or tags on candidates), we act as a Processor, and their respective privacy policies apply.


4. What Personal Data We Process

We collect and process the following categories of personal data:

a. Data Provided by You

  • Name, email address, phone number, nationality
  • CV, education, employment history, skills, work preferences
  • Messages, cover letters, or responses to employers
  • Consent settings and communication preferences

b. Data We Collect Automatically

  • IP address, browser and device information
  • Cookie data (see our Cookie Policy)
  • Usage logs and behavioral analytics

c. Data from External Sources

  • Data from QR-code sign-ups via employer campaigns
  • Social media metadata (where you choose to log in or connect)

5. Purposes and Lawful Bases for Processing

Purpose Lawful Basis
To deliver and manage your talent profile and applications Contract (Art. 6.1.b GDPR)
To match you with job opportunities using AI algorithms Contract & Legitimate Interest
To notify you of jobs, system updates, or employer actions Legitimate Interest
To help employers discover and organize talent Legitimate Interest
To conduct analytics, product improvements, and marketing Legitimate Interest
To comply with legal obligations (e.g., requests from authorities) Legal Obligation
To process global applications for EEA-based jobs Consent & Legitimate Interest

You can withdraw your consent or object to processing based on legitimate interest at any time.


6. AI Matching and Automated Processing

We use AI-driven algorithms to support our recruitment matching processes. These systems analyze structured data from your talent profile and compare it to job listings to suggest relevant matches.

We guarantee:

  • No automated decisions are made that have legal or similarly significant effects on you without human review.
  • No matching or profiling is based on race, ethnicity, gender, age, religion, political beliefs, sexual orientation, disability status, or similar protected characteristics.
  • Our AI system is designed and maintained in accordance with the EU Artificial Intelligence Act as a high-risk system.
  • We regularly monitor and audit our AI models to prevent bias and ensure transparency.

You can always request human review of any AI-generated recommendation or match.


7. Global Talent Campaigns

We conduct talent campaigns worldwide to attract job seekers interested in EEA-based opportunities. However:

We do not offer our services to employers outside the EEA, nor do we process personal data in the context of offering services in non-EEA jurisdictions (such as the United States, Canada, or India).

If you are located outside the EEA and choose to use our Services, you do so voluntarily and acknowledge that your data will be processed exclusively under GDPR and Swedish law.


8. QR-Code Functionality

If you sign up using a QR code from one of our employer partners:

  • Your profile will be visible only to that employer for 20 days, after which it becomes visible to other employers using the platform.
  • You may opt out of the employer-specific view at any time via your profile settings.

9. Data Sharing and Processors

We may share your personal data with:

  • Employers using our Services to find talent
  • IT and system providers (e.g., hosting, analytics, communication tools)
  • Contracted service providers (e.g., salary/payment systems for internal employees)
  • Law enforcement or public authorities (if legally required)

We never sell your personal data.

All third-party providers are subject to Data Processing Agreements (DPAs) and must meet GDPR standards, including international transfer protections such as Standard Contractual Clauses (SCCs).


10. International Data Transfers

All data is stored in the EU/EEA.

If data is transferred outside the EU/EEA (e.g., due to a cloud provider’s location), we ensure:

  • The destination country has an EU adequacy decision; or
  • The processor has adopted SCCs or similar safeguards as required by law.

11. Retention of Personal Data

  • Talent Profiles: Retained as long as you actively use the platform. If you are inactive for 24 months, we will contact you. If you do not respond, your data will be deleted.
  • Manual Deletion: You may delete your profile or specific data at any time.
  • Cookies: See our Cookie Policy for details.

12. Your Rights as a Data Subject

You have the following rights under GDPR:

  • Access – Obtain a copy of your personal data
  • Rectification – Correct incorrect or incomplete data
  • Erasure – Request deletion (“right to be forgotten”)
  • Restriction – Temporarily pause processing of your data
  • Objection – Object to processing based on legitimate interest
  • Portability – Receive your data in a structured format
  • Withdraw Consent – At any time for future processing

To exercise any of these rights, email us at support@minddig.com.


13. Security Measures

We use both technical and organizational measures to protect your data:

Organizational:

  • Internal privacy and security policies
  • Staff access controls and training
  • Role-based access procedures

Technical:

  • Encryption (in transit and at rest)
  • Secure cloud architecture
  • Access logging and monitoring
  • Backup and disaster recovery procedures

14. Cookies

We use cookies and similar technologies to:

  • Analyze site usage
  • Deliver personalized recommendations
  • Improve platform performance

You can manage cookie preferences via our Cookie Policy.


15. Supervisory Authority

Complaint Authorities for GDPR Violations

If you believe we are processing your data in violation of GDPR, you have the right to file a complaint. MindDig AB is a company established in Sweden and is primarily supervised by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

However, since we actively recruit in Norway for Norwegian jobs, individuals in Norway also have the right to lodge complaints with the Norwegian Data Protection Authority (Datatilsynet).

Contact Details for IMY (Sweden)

Integritetsskyddsmyndigheten (IMY)

Address: Box 8114, 104 20 Stockholm

Phone: +46 8 657 61 00

Website: www.imy.se

Contact Details for Datatilsynet (Norway)

Datatilsynet

Address: P.O. Box 458 Sentrum, 0105 Oslo

Phone: +47 22 39 69 00

Website: www.datatilsynet.no

Email: postkasse@datatilsynet.no


16. Changes to This Policy

We reserve the right to update this Privacy Policy. If changes materially affect your rights, we will notify you via email or platform notification prior to the changes taking effect.


17. Contact

For questions, concerns, or to exercise your rights, please contact:

Data Protection Officer: Ludwig Rosendal

Email: Ludwig.Rosendal@minddig.com

Privacy Policy

Effective Date: June 24, 2025

Last Updated: June 24, 2025

Controller: MindDig AB (Reg. No. 559339-4249), based in Sweden.


1. Introduction

MindDig AB (“MindDig”, “we”, “us”, “our”) values your privacy and the integrity of your personal data. This Privacy Policy (“Policy”) explains how we collect, use, protect, and disclose your personal data, as well as the rights you have in connection with your data.

This Policy applies to:

  • Individuals using our services to explore or apply for job opportunities (“Users” or “Talents”)
  • Visitors to our website: www.minddig.com
  • Employees of current or potential customers and partners

All data processing is performed in accordance with the EU General Data Protection Regulation (GDPR), Swedish law, and, where applicable, the EU Artificial Intelligence Act (AI Act).


2. Definitions

  • Personal Data: Information that directly or indirectly identifies a natural person.
  • Data Subject: The individual to whom the personal data relates.
  • Processing: Any action performed on personal data (e.g., collection, use, storage).
  • Controller: The entity determining why and how personal data is processed (MindDig).
  • Processor: A third party processing data on behalf of the Controller.
  • The Services: The digital services provided by MindDig to match talents with EEA-based employers.

3. MindDig as a Controller

MindDig is the Controller for all personal data processed via our Services. This includes all data you submit directly or that is collected automatically when you interact with our platform.

When we process personal data on behalf of our customers (e.g., when customers create notes or tags on candidates), we act as a Processor, and their respective privacy policies apply.


4. What Personal Data We Process

We collect and process the following categories of personal data:

a. Data Provided by You

  • Name, email address, phone number, nationality
  • CV, education, employment history, skills, work preferences
  • Messages, cover letters, or responses to employers
  • Consent settings and communication preferences

b. Data We Collect Automatically

  • IP address, browser and device information
  • Cookie data (see our Cookie Policy)
  • Usage logs and behavioral analytics

c. Data from External Sources

  • Data from QR-code sign-ups via employer campaigns
  • Social media metadata (where you choose to log in or connect)

5. Purposes and Lawful Bases for Processing

Purpose Lawful Basis
To deliver and manage your talent profile and applications Contract (Art. 6.1.b GDPR)
To match you with job opportunities using AI algorithms Contract & Legitimate Interest
To notify you of jobs, system updates, or employer actions Legitimate Interest
To help employers discover and organize talent Legitimate Interest
To conduct analytics, product improvements, and marketing Legitimate Interest
To comply with legal obligations (e.g., requests from authorities) Legal Obligation
To process global applications for EEA-based jobs Consent & Legitimate Interest

You can withdraw your consent or object to processing based on legitimate interest at any time.


6. AI Matching and Automated Processing

We use AI-driven algorithms to support our recruitment matching processes. These systems analyze structured data from your talent profile and compare it to job listings to suggest relevant matches.

We guarantee:

  • No automated decisions are made that have legal or similarly significant effects on you without human review.
  • No matching or profiling is based on race, ethnicity, gender, age, religion, political beliefs, sexual orientation, disability status, or similar protected characteristics.
  • Our AI system is designed and maintained in accordance with the EU Artificial Intelligence Act as a high-risk system.
  • We regularly monitor and audit our AI models to prevent bias and ensure transparency.

You can always request human review of any AI-generated recommendation or match.


7. Global Talent Campaigns

We conduct talent campaigns worldwide to attract job seekers interested in EEA-based opportunities. However:

We do not offer our services to employers outside the EEA, nor do we process personal data in the context of offering services in non-EEA jurisdictions (such as the United States, Canada, or India).

If you are located outside the EEA and choose to use our Services, you do so voluntarily and acknowledge that your data will be processed exclusively under GDPR and Swedish law.


8. QR-Code Functionality

If you sign up using a QR code from one of our employer partners:

  • Your profile will be visible only to that employer for 20 days, after which it becomes visible to other employers using the platform.
  • You may opt out of the employer-specific view at any time via your profile settings.

9. Data Sharing and Processors

We may share your personal data with:

  • Employers using our Services to find talent
  • IT and system providers (e.g., hosting, analytics, communication tools)
  • Contracted service providers (e.g., salary/payment systems for internal employees)
  • Law enforcement or public authorities (if legally required)

We never sell your personal data.

All third-party providers are subject to Data Processing Agreements (DPAs) and must meet GDPR standards, including international transfer protections such as Standard Contractual Clauses (SCCs).


10. International Data Transfers

All data is stored in the EU/EEA.

If data is transferred outside the EU/EEA (e.g., due to a cloud provider’s location), we ensure:

  • The destination country has an EU adequacy decision; or
  • The processor has adopted SCCs or similar safeguards as required by law.

11. Retention of Personal Data

  • Talent Profiles: Retained as long as you actively use the platform. If you are inactive for 24 months, we will contact you. If you do not respond, your data will be deleted.
  • Manual Deletion: You may delete your profile or specific data at any time.
  • Cookies: See our Cookie Policy for details.

12. Your Rights as a Data Subject

You have the following rights under GDPR:

  • Access – Obtain a copy of your personal data
  • Rectification – Correct incorrect or incomplete data
  • Erasure – Request deletion (“right to be forgotten”)
  • Restriction – Temporarily pause processing of your data
  • Objection – Object to processing based on legitimate interest
  • Portability – Receive your data in a structured format
  • Withdraw Consent – At any time for future processing

To exercise any of these rights, email us at support@minddig.com.


13. Security Measures

We use both technical and organizational measures to protect your data:

Organizational:

  • Internal privacy and security policies
  • Staff access controls and training
  • Role-based access procedures

Technical:

  • Encryption (in transit and at rest)
  • Secure cloud architecture
  • Access logging and monitoring
  • Backup and disaster recovery procedures

14. Cookies

We use cookies and similar technologies to:

  • Analyze site usage
  • Deliver personalized recommendations
  • Improve platform performance

You can manage cookie preferences via our Cookie Policy.


15. Supervisory Authority

Complaint Authorities for GDPR Violations

If you believe we are processing your data in violation of GDPR, you have the right to file a complaint. MindDig AB is a company established in Sweden and is primarily supervised by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

However, since we actively recruit in Norway for Norwegian jobs, individuals in Norway also have the right to lodge complaints with the Norwegian Data Protection Authority (Datatilsynet).

Contact Details for IMY (Sweden)

Integritetsskyddsmyndigheten (IMY)

Address: Box 8114, 104 20 Stockholm

Phone: +46 8 657 61 00

Website: www.imy.se

Contact Details for Datatilsynet (Norway)

Datatilsynet

Address: P.O. Box 458 Sentrum, 0105 Oslo

Phone: +47 22 39 69 00

Website: www.datatilsynet.no

Email: postkasse@datatilsynet.no


16. Changes to This Policy

We reserve the right to update this Privacy Policy. If changes materially affect your rights, we will notify you via email or platform notification prior to the changes taking effect.


17. Contact

For questions, concerns, or to exercise your rights, please contact:

Data Protection Officer: Ludwig Rosendal

Email: Ludwig.Rosendal@minddig.com