TICRA Fond (CVR 10558697) is committed to protecting the privacy and security of its job applicants and grants applicants and embraces the regulations put forward by the EU General Data Protection Regulation (GDPR).

This privacy notice describes how we, as a data controller, collect and use personal information before, during and after your application.

1. Privacy and data protection principles

TICRA strives to comply with the GDPR that states that personal information that we hold must be:

• used lawfully, fairly and in a transparent way
• collected only for valid purposes that we have clearly defined
• not used in any way that is incompatible with these purposes
• relevant to these purposes
• accurate and kept up to date
• kept only for as long as necessary
• kept securely

2. The kind of information we hold

For applicants, we collect, store, and use the following personal information:

• personal contact details such as name, title, addresses, telephone numbers and e-mail addresses
• bank account details (grant applicants only)
• recruitment information such as including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process (job applicants only)
• Grant information (name, address, email, bank account, IBAN, SWIFT) (grant applicants only)
• Applicants might be sending birthdays, marital status, gender and photos. These are not required by TICRA.
• GPA and diplomas might be relevant in the application process. Especially if it is a newly graduated applicant.

3. How is personal data collected?

Most information that is collected comes from the data subject themselves.

Additional job applicant information may come from references.

4. Why we collect the information and how we use it

We will typically collect and use personal information for the following purposes:

• to take steps to enter into a contract (job applicants only)
• for compliance with a legal obligation (e.g., tax reasons, or our obligations as an employer or foundation)
• To transfer awarded grants to grant applicants.

The legal bases for personal information processing are contractual and legitimate interest.

We may process personal information without the data subject's knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Failing to provide personal information

Failing to provide certain information when requested may prevent us to perform contracts and from complying with our legal obligations.

6. Data sharing

By default, personal data is handled only by the Administration Team and the Grant Committee). We may have to share personal data with third parties, such as Danish tax authorities.
We require third parties to respect the security of this data and to treat it in accordance with the GDPR.

7. Data security

We have put in place measures to protect the security of personal information. Details of these measures are described in the IT Security Policy and are available upon request.

Access to personal information is limited to those employees who have a need to know. They will only process personal information on our instructions, and they are subject to a duty of confidentiality.

The IT Security Policy describes a procedure to deal with any suspected data security breach that includes notifying affected data subjects and any applicable regulator of a suspected breach where we are legally required to do so.