Privacy Policy

Effective date:

Oct 1, 2024

1. Introduction

At Saibon Group AB, our main priority is the confidentiality and protection of the personal data of our clients, consultants, service users, employees, and job candidates. We are committed to ensuring transparency in the processing of your personal data. This document provides detailed information on how we manage, protect your personal data, and how you can get in touch with us for further details.

2. Data Controller

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of 27 April 2016 on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), we inform you that the Controller of your personal data is Saibon Group AB, registered under organizational number 559475-9218, with its registered office at Tappvägen 29, 168 78 Bromma, Sweden (“The Controller”, “Saibon” or “Saibon Group”).

3. About this Policy

This Policy outlines how Saibon processes your personal data across all the services we provide. The terms and conditions for the use of Saibon’s services are detailed in the General Terms & Conditions for each specific service.

As we continue to innovate and expand, we may introduce new services or enhancements. Any significant changes affecting how we collect and process your personal data will be communicated to you through additional terms and conditions or updates to this policy. Unless specified otherwise, new or additional services will adhere to the provisions of this current Policy.

The objectives of this Policy are to:

  • Inform You: Ensure you are aware of the types of personal data Saibon collects, the reasons for its collection, and who may have access to it.
  • Clarity on Processing: Describe the methods and purposes for which we process your personal data.
  • Rights and Choices: Clarify your rights regarding the personal data you provide us and how you can exercise these rights.
  • Privacy Protection: Detail the measures we take to protect your privacy and ensure the security of your personal data.

4. Data Categories and Data Subjects

Below is a detailed outline of the categories of personal data we collect and process, tied to your use of Saibon’s services:

4.1. Website User
This includes personal data that you have provided or that we have collected to enable you to register for and the use of Saibon’s services through our website. Information may include, but are not limited to, full name, date of birth, social security number, username, email address, phone number, address, and country. The personal data we request is necessary to complete the forms on our website.

4.2. Platform User
This refers to personal data provided by you or collected by us to enable you to sign up for and use the Saibon platform. This may include your full name, username, email address, phone number, birth date, and country. Certain personal data is required to create your account. You may also choose to provide additional personal data to personalize your account further. The specific personal data collected depends on the type of account you have, how you create an account, and whether you use third-party services (such as Google) to sign up and use the Saibon platform. If you use a third-party service to create an account, we will receive personal data via that third-party service but only when you have consented to that third-party service sharing your personal data with us.

This category includes:

  • 4.2.1. Type of account
  • 4.2.2. Interactions with the platform, such as project applications, search queries, saved searches, and opened jobs
  • 4.2.3. Traffic on the Saibon website, including heat maps collected and stored in the form of user’s traffic video records
  • 4.2.4. Inferences about your interests and preferences based on your usage of the platform
  • 4.2.5. User Content you post to the platform, such as names, email addresses, locations, phone numbers, skills, roles, languages, CV files, documents, personal descriptions, photos, and assessments. Please note that no intellectual property belonging to third party may be posted on the platform.
  • 4.2.6. Technical data including URL information, online identifiers like cookie data and IP addresses, device information such as unique device IDs, network connection type (e.g., WiFi, 3G, LTE, Bluetooth), provider, network and device performance, browser type, language, and information enabling digital rights management
  • 4.2.7. Non-precise location data derived from technical data like your IP address and device language settings to deliver personalized content

4.3. Client/Customer Representative
This includes personal data that you provide, or that we collect, to process you as a client representative in order to maintain a business relationship with you and the company you represent. The data includes first and last name, email address, phone number, and role.

4.4. Consultant
This category encompasses personal data that you or your representative/supplier provide or that we collect to process work orders for you as a consultant, including for future orders necessary for signing contracts with you. This includes your name, social security number, ID number, address and phone number, date and place of birth, position, education, career history, salary, taxes, and timesheets.

4.5. Supplier Representative
This is the personal data that you provide or that we have collected to process you as a supplier representative in order to maintain a business relationship with you and the company you represent. Data includes first and last name, email address, phone number, and role.

4.6. Employee/Civil Contractor
This encompasses personal data that you provide to us as part of establishing a permanent cooperation with us on the basis of an employment contract, civil job contract, or B2B contract. The scope of processed data is determined by applicable legal regulations, such as labor laws, and includes any other personal data to which you have voluntarily given your consent.

4.7. Family Member/Contact Person
This includes personal data that you provide directly or indirectly by Saibon’s employee or contractor due to your application to the benefit program or data provided to contact you in connection with the employment of the mentioned persons, in case of any emergencies in the workplace.

4.8. Data Collected from Third Party Sources
We collect personal data about you from various third parties. These sources vary over time and include:

4.9. Authentication Partners
If you register for or log into our platform using third-party credentials (e.g., LinkedIn & Google), we import some of your information (name, email, and pictures) from such third party to help create your account with us.

4.10. Technical Service Partners
We collaborate with technical service partners who provide us with data, such as mapping IP addresses to non-precise location data (e.g., city, country), to enable us to provide the Saibon services, content, and features. This also includes recording user’s traffic on the website to optimize and improve new functionalities of the Saibon platform.

4.11. Advertisers and Advertising Partners
We may obtain certain data about you, such as cookie ID, mobile device ID, or email address, and inferences about your interests and preferences from certain advertisers and advertising partners that allow us to deliver more relevant ads and measure their effectiveness.

5. Data Processing Purposes and Legal Grounds

At Saibon Group AB, we utilize various techniques to process the personal data we collect from you for multiple purposes. Below, we outline the reasons for processing your personal data, the legal bases we rely on to do so, and the categories of data subjects involved:

5.1. Description of Why Saibon Group Processes Your Personal Data (“Processing Purposes”)

5.1.1. To Provide and Adapt Our Services:

  • Legal Basis: Performance of contracts, Legitimate interest
  • Data Subjects: Platform Users, Clients, Consultants, Supplier Representatives

5.1.2. To Understand, Diagnose, Troubleshoot, and Solve Problems for Our Delivery Systems:

  • Legal Basis: Performance of contracts, Legitimate interest
  • Data Subjects: Platform Users

5.1.3. To Evaluate and Develop New Features, Technologies, and Improvements to Saibon’s Services:

  • Legal Basis: Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

5.1.4. For Recruitment and Proposing New Job Offers and Work Service Orders:

  • Legal Basis: Legitimate interest, Consent
  • Data Subjects: Candidates, Consultants

5.1.5. For Marketing, Promotion, and Advertising Purposes:

  • Legal Basis: Legitimate interest, Consent
  • Data Subjects: Platform Users, Clients, Supplier Representatives

5.1.6. To Comply with Legal Commitments and Inquiries:

  • Legal Basis: Compliance with legal obligations, Legitimate interest
  • Data Subjects: Platform Users, Clients, Consultants, Supplier Representatives

5.1.7. To Address Infringements of Intellectual Property Rights and Inappropriate Content:

  • Legal Basis: Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

5.1.8. For Establishing, Exercising, or Defending Legal Claims:

  • Legal Basis: Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

5.1.9. To Carry Out Business Planning, Reporting, and Analysis:

  • Legal Basis: Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

5.1.10. To Detect Fraud and Illegal Use of the Service:

  • Legal Basis: Performance of contracts, Compliance with legal obligations, Legitimate interest
  • Data Subjects: Platform Users, Consultants

5.1.11. To Provide Additional Benefits and Services:

  • Legal Basis: Performance of contracts, Compliance with legal obligations, Legitimate interest, Consent
  • Data Subjects: Platform Users, Consultants, Clients, Employees, Contractors, Family Members/Contact Persons

5.1.12. To Maintain Business Relationships:

  • Legal Basis: Performance of contracts, Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

5.1.13. To Process Applications for Assignments or to Draft Contracts:

  • Legal Basis: Performance of contracts, Legitimate interest
  • Data Subjects: Consultants, Clients, Supplier Representatives

5.1.14. To Treat You as a Supplier’s or Customer’s Representative to Maintain a Business Relationship:

  • Legal Basis: Performance of contracts, Legitimate interest
  • Data Subjects: Platform Users, Consultants, Clients, Supplier Representatives

6. Right to Consent Withdrawal

As a data subject, you have the right to withdraw your consent at any time when your data are processed based on consent. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdrew your consent. Please note that withdrawal of consent, even partially, can impede or make it impossible to use our services, where Saibon reserves the right to terminate its services, should Saibon find that the services cannot be performed according to contract and Saibon’s standards.

7. Sharing Your Personal Data – Recipients Categories

We categorize the recipients of your personal data that is collected or generated through your use of our services as follows:

7.1. Service Providers

We engage service providers to perform various services for us. These providers may need access to specific personal data to deliver their services effectively. This includes companies that manage our customer service operations, handle our technical infrastructure, or ensure the security of our systems.

7.2. Other Companies in Saibon Group

If necessary, we share your personal data with other companies within the Saibon Group to support our day-to-day operations and maintain the services we provide.

7.3. Judiciary and Data Protection Authorities

We may share your personal data to comply with legal obligations or to respond to legal processes, such as court orders. Additionally, we share data when it is necessary to protect the rights, property, or safety of our company, our users, or others, and where our interests do not override your rights and freedoms.

7.4. Our Clients and Partners

We share your personal data with our clients and partners who are seeking to engage with consultants or job candidates. This sharing is crucial to recommend your candidacy, fulfill service agreements, or facilitate project engagements.

7.5. Potential Buyers of Our Business

In the event that we sell or negotiate to sell our business, we may share your personal data with potential buyers. We ensure that your privacy is maintained and provide notice before your personal data is transferred or becomes subject to a different privacy policy.

7.6. Advertising Partners

We collaborate with advertising partners to tailor the advertising content you may receive. This allows us to provide more relevant advertisements based on your preferences and interactions with our services. This may include online behavioral advertising, contextual advertising, and general advertising.

7.7. Third-Party Partners

Depending on how you register or interact with our services (e.g., through third-party platforms), we may share necessary data, such as usernames or other user data, to facilitate your account setup and integration. We may also share information about your usage with these third parties to enhance your user experience.

7.8. Transfer to Other Countries

As a Data Controller, Saibon may share your personal data within the EU/EEA with other companies within the Saibon Group for operational purposes as outlined in this Policy. We may also subcontract processing to, or share your personal data with, third-party service providers located outside of your country. Consequently, the processing of your personal data may be subject to data protection laws different from those in your country.

8. Security Measures

For detailed information about the security measures Saibon implements to protect your personal data, please refer to the section "How We Protect Your Personal Data" in this Policy.

9. Links

Our services may display advertisements from third parties and other content linking to third-party websites. We do not control these third-party websites’ data protection practices and content. If you engage with a third-party advertisement or link, you do so under their data protection policies and outside the purview of this Policy.

10. Automatic Decisions and Profiling

Saibon does not engage in automated decision-making or profiling that has legal or similarly significant effects on you as part of the services we provide. We ensure that all decision-making processes, including profiling, are fair and transparent, aiming to minimize any potential negative impact on you.

11. How We Protect Your Personal Data

Saibon is committed to safeguarding our users' personal data. We implement robust technical and organizational measures to ensure your data’s protection. This includes deploying strategies such as anonymization/pseudonymization, encryption, and establishing rigorous access and retention policies to prevent unauthorized access and minimize unnecessary data storage.

We advise you to use a strong, unique password for your account, never share your password with anyone, restrict access to your computer and browser, and always sign out after using our services.

12. Your Rights

Under the EU General Data Protection Regulation (GDPR), you as a data subject have specific rights regarding your personal data. Saibon Group AB provides transparency and implements access controls to enable you to exercise these rights effectively within the limits prescribed by law:

12.1. Right of Access: You have the right to be informed about and request access to the personal data we process about you.

12.2. Right to Rectification: You can ask us to correct or update your personal data if it is inaccurate or incomplete.

12.3. Right to Erasure: You have the right to request the deletion of your personal data or to have your account on our platform removed.

12.4. Right to Restriction: You may ask us to temporarily or permanently stop processing all or some of your personal data.

12.5. Right to Object: At any time, you can object to our processing of your personal data for specific purposes.

12.6. Right to Data Portability: You can request a copy of your personal data in a digital format and can move, copy or transfer it freely.

13. Data Protection Authority

If you are dissatisfied with how Saibon Group AB handles your personal data, we invite you to contact us first so that we can attempt to resolve any issues collaboratively. Additionally, you have the right to file a complaint with the Swedish Data Protection Authority (Datainspektionen) if you believe that our processing of your personal data does not comply with legal standards.

14. Changes to the Policy

We may update and make changes to this Policy from time to time. When we make significant changes that affect your rights or the way we process your personal data, we will notify you through appropriate channels such as a clear notification on our platform, or by contacting you directly via your registered email and/or a push notification. It is important that you read these notifications carefully to stay informed of any updates.

15. How to Get in Touch with Us

If you have any questions regarding this Policy or our privacy practices, please contact our Data Protection Officer at:

Saibon Group AB
Attention: Data Protection Officer
Email: dpa@saibongroup.com
Address: Tappvägen 29, 168 78 Bromma, Sweden

This Policy is formulated based on the requirements and guidelines of several legal frameworks, including:

  • General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC.
  • Data Protection Impact Assessment (DPIA) Guidelines: Established by the Article 29 Data Protection Working Party on April 4th, 2017, for identifying processing operations that result in high risks to the rights and freedoms of natural persons under Regulation 2016/679, WP 248/17.
  • Data Protection Officers (DPO) Guidelines: Provided by the Article 29 Data Protection Working Party on December 13th, 2016, revised on April 5th, 2017, concerning the role, tasks, and requirements for DPOs under GDPR, WP 243/16.

These documents lay the groundwork for our privacy practices and ensure that we meet the high standards set for data protection and user privacy within the European Union.