1 General

1.2 Introduction

Pareto Securities Group («Pareto») is committed to safeguarding the personal data of job applicants and prospective candidates for employment. This Global Privacy Information describes which personal data we receive and collect from our job applicants, how we treat, process and store this data as well as what we do to protect your personal data.

Personal data is information and assessments that can be linked to you as an individual, such has name, residential address, telephone number, e-mail address and IP address. Data that can (only) be linked to enterprises is not classified as personal data.

This Global Privacy Information applies to the following parties: Pareto Securities AS, Pareto Securities AB, Pareto Securities OY, Pareto Securities Ltd, Pareto Securities Inc, Pareto Securities Pte Ltd, Pareto Securities Pty Ltd and Pareto Securities AG, as well as Pareto’s branches in Denmark and Germany.

1.2 Pareto’s responsibility as a data controller

Within the Pareto Securities Group, the data controller will be the Pareto Securities entity you have a relation to. Local regulations may apply to specific rules and adjustments.

The contact details of the respective Pareto Securities entity can be found on our website under www.paretosec.com/contact.

You can also contact us at dataprotection@paretosec.com.

The ultimate responsibility lies with the Chief Executive Officer in each entity within the Pareto Securities Group. Daily follow-up is handled by the Pareto Securities Group’s IT department in consultation with our Compliance department.

1.3 Your privacy rights

Pareto is responsible for processing your personal data in a legal, transparent, and open manner.

When we process your personal data, you have, with certain reservations, the right to:

• request confirmation whether we process personal data about you or not, and, if that is the case, to receive information about what personal data we process and how we process it;
• request that any inaccurate, misleading or incomplete personal data about you be corrected or supplemented by any additional information;
• request the erasure of your personal data;
• request that we restrict the way we process your personal data;
• object to the processing of your personal data;
• request access to, and a copy of, the personal data we have collected about you;
• request data portability (transfer of your personal data to another controller) if this is technically feasible;
• withdraw a given consent for the processing of your personal data, in cases where the processing is based on your consent.

Pareto is subject to strict legal requirements, and there may be exemptions to some of the rights mentioned above. For example, there may be situations where our confidentiality or other legal obligations prevent us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Pareto is also obliged to keep client communications on tamper-proof platforms. This obligation means we are both legally and physically prohibited from erasing personal data during the mandatory storage period.

Any requests should be sent to us in writing at the address provided in Section 1.5.

You also have the right to file a complaint with the competent Data Protection Authority, which may be the supervisory authority in your country of residence or place of work if you believe that our personal data practices violate your rights. The relevant authority for Pareto Securities Group is the Norwegian Data Protection Authority, or the competent national data protection authorities in the country where the Pareto Securities entity you have your relationship with is located.

1.4 Changes to this Global Privacy Information

Pareto reserves the right to amend this Information at any time.

1.5 Contact us

Please contact Pareto’s appointed Data Protection Officer Line Caliskaner at dataprotection@paretosec.com if you have any questions in relation to Pareto’s personal data processing.

2 Which personal data we collect

2.1 How we collect the personal data

We primarily collect personal data directly from you, such as when you communicate with us, enter into a contract with you, or use our websites.

We collect personal data to identify job candidates and verify their educational qualifications. This information is collected directly from you and from external third parties, including professional recruiting firms, your references, previous employers, Pareto employees who have interviewed you, and employment background check providers, to the extent permitted by applicable law.

We do not actively seek sensitive personal data, including ethnicity, health information, trade union membership, sexual orientation, or philosophical beliefs, unless permitted by relevant legal provisions.

2.2 In the recruitment process

For persons establishing a relationship with Pareto in a recruitment process, we collect the following data that can be linked to individuals:

Type of personal data and basis for processing

• Name: GDPR Article 6 (1) (a) based on consent.
• Contact details: GDPR Article 6 (1) (a) based on consent.
• CV, application and documentation on education, grades, authorizations and former employment relationship: GDPR Article 6 (1) (a) based on consent.
• Memo from interview and assessments: GDPR Article 6 (1) (a) based on consent.
  
  

2.3 Personal data collected from visitors of our social media accounts

For visitors of our social media pages, we may collect the following data that can be linked to individuals:

Type of personal data and basis for processing

• Name, data concerning likes and clicks, messages sent to us, uploaded pictures, and comments: GDPR Article 6 (1) (f): necessary for pursuing our legitimate interest in our social media appearance.
  
  

2.4 Video recording by closed-circuit camera surveillance

Pareto has video recordings outside our offices to prevent and detect any criminal activity. Such recordings are deleted after 90 days or sooner if mandated by local laws.

On-site signs clearly indicate where recordings are made and who is responsible for such recordings.

The legal basis for the processing is GDPR Article 6 (1) (f): Pareto´s legitimate interest in the prevention and detection of criminal activities.

3 The purpose of processing personal data and how we use the data

We collect and use your personal data for legitimate human resources and business management purposes, including:

• Candidate Identification and Evaluation: We process data to identify and assess potential candidates for employment, as well as for future roles that may arise.
• Recordkeeping for Recruitment and Hiring: We maintain records related to recruiting and hiring processes.
• Compliance with Legal Requirements: Our data practices ensure adherence to legal obligations and industry standards.
• Protecting of Legal Rights: We ensure compliance with legal requirements and practices to protect our legal rights.

Additionally, we may analyse your personal data or aggregated/pseudonymised data to enhance our recruitment and hiring procedures, thereby improving our ability to attract qualified candidates.

We process your personal data for the aforementioned purposes under the following circumstances:

• With your Consent: When you provide consent for data processing.
• Employment Contract: When data processing is necessary for entering into an employment contract with you.
• Legal Obligation: When compliance with legal requirements mandates data processing.
• Legitimate Interests: When data processing aligns with our legitimate interests as a globally operating employer.

Should we wish to retain your personal data for future employment considerations, we will seek your consent either before or after you formally apply for a job opportunity.

4 Sharing of personal data with third parties and transfer of personal data

4.1 Internal procedures

Pareto is subject to a statutory duty of confidentiality. All employees of Pareto are informed of the applicable procedures and have signed comprehensive confidentiality undertakings upon employment. Pareto also has procedures in place to ensure adherence to these confidentiality undertakings.

Any violations of confidentiality have consequences for the employees involved.

Recruiters and interviewers at Pareto may access your personal data. Additionally, administrative staff and IT personnel at Pareto may have limited access to your personal data for job-related purposes.

4.2 Disclosure to third parties

Pareto only discloses personal data to third parties in the following cases:

• When Pareto is legally required to do so, such as for reporting of suspicious transactions or when ordered by government authorities.
• When it is considered necessary to aid us in talent recruitment, pre-employment screening, testing, and enhancing our recruitment practices.
• When it is considered necessary within the Pareto Group to fulfil Pareto’s agreements, or to provide services to you.
• When it is necessary to protect Pareto’s interests in a dispute.
• When it is necessary for the operation of Pareto’s IT systems.
• When you have given Pareto consent.

Pareto conducts extensive business operations that rely on IT systems operations procurement. The suppliers of our IT services and their sub-suppliers may access personal data if necessary to provide their services to Pareto. We have data processing agreements with these parties to ensure data is stored securely and not misused.

We do not disclose personal data in any other way unless requested by you or required to comply with legal obligations.

5 Retention and deletion

Personal data will only be stored by Pareto for as long as Pareto has a legitimate need and a lawful right to retain it, but at least as long as necessary to comply with statutory storage obligations.

If you accept an employment offer from us, any relevant personal data collected during your pre-employment period will be incorporated into your personnel records and retained according to specific country requirements. Please refer to our Global Privacy Information for Employees for further details.

Should we not proceed with your employment, we may, with your written consent, retain and use your personal data for system administration purposes, potential future role considerations, and research. However, this retention period will not exceed 18 months.