Consultlocus a/s communicates assignments to the best IT
consultants on the market. It is Consultlocus a/s’ insight about
each consultant that allows us to achieve the perfect match
between the client and the consultant. It can therefore be said
without exaggeration that Consultlocus a/s makes a living of
processing personal data. Therefore, it is also
crucial for us that personal
data about our consultants is processed responsibly and
securely, in order for you as a consultant to know that you can
safely entrust your personal data to us. We know that we
only have your personal data on loan for a period of time and that
you can ask us at
any time to stop processing personal data about you.
2. What personal data does Consultlocus a/s process?
Consultlocus a/s’ work with our consultants takes
place in five different main phases: Recruitment, selection,
agreement, follow-up and evaluation.
During the recruitment phase, we collect relevant information
about a potential consultant’s background, including the consultant’s CV.
A typical CV will include name, address, phone number, email address, previous employments,
hobbies, date of birth and marital status (ordinary personal data).
CV’s do not include cpr-numbers, but potential
information on criminal convictions and, if relevant for the
consultant to disclose, possibly health data (sensitive
Based on an interview process, it is assessed whether the candidate
fits into Consultlocus a/s’ consulting portfolio. In the selection
process, Consultlocus a/s will also request a criminal record
(specially regulated personal data), as well as references from previous
employers (ordinary personal data). All relevant
information is stored and processed in our consultant
database. However, the criminal record is not saved, but it is noted in
the database that we have seen the criminal record. In some situations,
Consultlocus a/s make use of personality tests (sensitive personal data).
When a client needs consultancy, Consultlocus a/s identifies,
based on the consultant database, the profiles that are best
suited for the assignment. Consultlocus a/s prepares an
overview with the relevant candidates for the assignment. The form is
sent to the client together with the candidate’s CVs
(ordinary personal data).
Once the client has selected the consultant who is suitable for
the assignment, Consultlocus a/s ensures that a contract is drawn
up with the consultant containing relevant information
about the specific assignment, e.g., the expected duration of
the assignment, the agreed hourly rate, as well as the consultant’s
account number (ordinary personal data). Consultlocus a/s ensures
that confidentiality statements and other relevant
documentation included in the contractual basis are obtained.
While the assignment is ongoing, Consultlocus a/s continuously
follows up on how the cooperation between the client and the
consultant proceeds. This information (ordinary personal data) is
documented in Consultlocus a/s’ internal systems.
At each end of a collaboration between client and consultant, Consultlocus
a/s will, based on information provided by the client and the
consultant, carry out an evaluation of the consultant’s performance,
which is saved for future reference (ordinary personal data) in Consultlocus
a/s’ internal systems.
3. How long does Consultlocus a/s keep your personal data?
Consultlocus a/s’ core business is to communicate
assignments to independent IT consultants on the basis of the
consultants’ CV (and other relevant information) that Consultlocus
a/s processes on the basis of the consent of the consultant, cf.
section 5 below. As long as the consultant regularly updates their job
status, Consultlocus a/s considers the consultant’s consent
to remain valid.
For consultants who have stated that they are on assignment, Consultlocus
a/s will consider the consent to be revoked if, for a period of
24 months after the end of the last stated assignment, the consultant
has not updated their job status.
For consultants who have indicated that they are not working on an
assignment, Consultlocus a/s will consider the consent to be revoked if the
consultant has not updated their job status for a period of 24
If the consultant actively indicates that they no longer wish
to receive assignments through Consultlocus a/s, then Consultlocus
a/s will of course also consider this to be a revocation of the
By default, Consultlocus a/s will immediately after the consultant’s
withdrawal of his consent delete all personal data about the
consultant in Consultlocus a/s’ systems. However, if the consultant
has been sold through Consultlocus a/s on a contract
concluded less than 5 years before the end of the relation, Consultlocus
a/s is obliged, as per the rules of the bookkeeping act, to continue
processing information about the consultant until they are
5 years old.
Consultlocus a/s will continue to process the personal data of retired
consultants if they wish to join Consultlocus a/s’ pensioners’
club until either consent is revoked or after 24
months without reply to Consultlocus’ inquiries.
4. Who does Consultlocus a/s disclose your personal data to?
When one of our clients has an assignment that
we believe matches the consultant’s profile, we disclose the
consultant’s personal data to our client.
When our clients process personal data about our consultants in
their own company, they are independently data responsible to
you as a consultant.
As part of our collaboration with other consultancy companies, Consultlocus
a/s will occasionally disclose personal data (typically CVs) about
our consultants. However, this disclosure will only be
made with the explicit consent of the consultant.
Consultlocus a/s uses a number of IT
suppliers to handle the operation and maintenance of
our IT systems. Our IT suppliers only process personal data about you
following instructions from us. We have entered into data
processing agreements with our IT suppliers, which, among other
things, include our security requirements.
5. Legal basis for processing
In connection with our recruitment process, we process personal
data about potential consultants.
The legal basis for this treatment is that the
consultant has actively consented Consultlocus a/s with the
treatment hereof. Consultlocus a/s continuously
processes new personal data about the consultant when the
consultant regularly updates their job status and CV. The basis
for this treatment is based on the consent originally given.
When Consultlocus a/s matches the consultant’s profile to a specific
assignment, a number of new personal data processing is carried out. The
legal basis for this treatment is that it is a prerequisite for
the conclusion of a contract with Consultlocus a/s, of which the
consultant is one party.
In order for Consultlocus a/s to fulfil its contractual
obligations in relation to the client, Consultlocus a/s processes
ongoing personal data about you, e.g., whether the hourly effort
delivered etc. Consultlocus a/s is also in ongoing dialogue with the
client about how they experience and assess the quality of your
work. The basis for this treatment is that Consultlocus a/s’
contractual obligations towards the client are reflected in the contract
concluded between Consultlocus a/s and the consultant, and that the
treatment is therefore in the natural extension of the
fulfilment of a contract to which the consultant is a party.
6. IT Security
The IT security at Consultlocus a/s is regulated by our IT
security policy, which is translated into internal guides
and guidelines on information security. We prepare
and maintain risk assessment that we use to document information
security threats and to identify the technical and administrative
measures that we need to implement to address the threats.
We pay particularly a focus on measures to ensure that unauthorised
persons do not have access to your personal data. We
have, among other things, established procedures for granting access
rights to those of our employees processing personal data. The
rights are granted on the basis of a need-to-know principle. We
control our employees’ use of
access through logging and supervision.
In addition to the internal systems in Consultlocus a/s, we use
external IT suppliers who are responsible for the operation and
maintenance of our IT solutions. Our requirements for IT
security are set out in the data processing agreements that we have entered
into with our IT suppliers. We continuously follow up on the fact that
our IT suppliers meet our requirements.
In the event of a security breach that results in a
high risk of identity theft, financial loss, loss of reputation
or other significant inconvenience, we will notify you of
the security breach as soon as possible.
7. Your rights
As a consultant at Consultlocus a/s, you have a number of rights under
the General Data Protection Regulation in
relation to the personal data we process about you.
Inquiries about your data
- You have
the right to access what personal data we process
- You have
the right to have the personal data we have registered about
you rectified and updated
have the right to have the personal data we have registered
about you deleted
- You have
the right to obtain a copy of the data you have
provided to Consultlocus a/s.
You can also contact us if you have any questions
about the above or if you believe that your personal
data is being processed in violation of the law.
Consultlocus a/s shall endeavour to respond to all requests within
30 days of receipt. In the event of requests for corrections
and/or deletion of your personal data, we examine whether the conditions
are met and, if so, make changes or deletions as
soon as possible.
Consultlocus a/s may reject requests that are unduly repetitive,
affecting the privacy of others’ personal information, is required due to legal
obligations or in situations
where the requested action must be considered
to be extremely complicated (for example, requests for information that
is solely available as backups).