Privacy Policy
What do we do?
We connect leading organizations with top IT expertise. Trust and transparency are fundamental to how we handle your personal data throughout this process.
Understand how we operate and the steps involved in finding the perfect match.
Privacy at a Glance
- Who we are
- Kons AS (Karl Johans gate 25, 0159 Oslo, Norway) – a Norwegian IT-consultancy and recruitment company owned by Globeteam A/S.
- Why we process your data
- To match your skills and experience against current or future client assignments, and to communicate with you and our clients about these assignments.
- Data sharing
- Only with our own staff and clients you have approved.
Privacy Policy
1. Who is responsible for your data?
Data Controller: Kons AS (Org.-no: 925 568 572)
Karl Johans gate 25, 0159 Oslo, Norway
E-mail: post@kons.no
Tel: +47 920 86 167
Data-protection lead & Head of Kons: Sebastian Næss Langaas (sebastian@kons.no).
Kons AS includes subsidiaries and other entities directly or indirectly owned by our parent company Globeteam A/S; any reference to "Kons" covers all such entities.
2. What personal data do we collect?
We process only information that is relevant for recruitment and staffing or for operating our website, including:
- Information you voluntarily provide when you register or apply (e.g. CV, competencies, contact details, salary expectations).
- Publicly available professional data (e.g. LinkedIn profiles, GitHub portfolios) used to source, verify and enrich applications.
- Technical data from visits to kons.no (IP-address truncated/anonymised, browser type, device, cookies – see section 11).
3. Why and on what legal bases do we process data?
| Purpose | Legal basis (GDPR) |
|---|---|
| Assessing candidates for permanent or temporary roles | Consent Article 6 (1)(a) – you may withdraw at any time |
| Building a talent pool for future opportunities | Consent Article 6 (1)(a) |
| Communicating with clients & candidates | Legitimate interest Article 6 (1)(f) – efficient placement services |
| Operating and securing our website | Legitimate interest Article 6 (1)(f) & ePrivacy consent for non-essential cookies |
| Compliance with legal obligations (e.g. accounting, equal-opportunity reporting) | Legal obligation Article 6 (1)(c) |
Automated matching tools (e.g. keyword scoring) assist our consultants but never make final decisions without human review (Article 22 GDPR).
4. How do we obtain consent and how can you withdraw it?
We request clear, affirmative consent when you submit data through kons.no or when we approach you for a specific assignment.
Withdraw anytime by emailing privacy@kons.no or your contact person; we will erase or anonymise your data within 10 working days.
5. Who has access to your data?
Internal recipients: recruitment consultants, account managers, and authorised IT staff bound by confidentiality.
External recipients: only client companies you have approved for a specific role; they receive a curated candidate profile, never raw databases.
Processors:
- Microsoft Azure – EU Data Boundary cloud hosting (primary region: Norway East).
- Salesforce – EU-hosted Applicant Tracking System (London cluster).
- Mailchimp (Intuit) – email & chat marketing, certified under the EU–US Data Privacy Framework and SCCs.
- Google Analytics 4 – visitor analytics with IP-anonymisation and consent banner.
All processors are bound by Data Processing Agreements (DPAs) that incorporate the Standard Contractual Clauses where relevant.
6. International transfers
Kons stores production data within the EU/EEA. Access from outside the EEA (e.g. travelling consultants) is protected by role-based controls, MFA, VPN, and Non-Disclosure Agreements. Transfers to Mailchimp (USA) rely on the EU–US Data Privacy Framework plus SCCs.
7. Retention & erasure
We retain candidate profiles as long as they remain accurate and consented. We have a structured approach to data retention and erasure, with different retention periods for different types of data. In essence, we refresh consent every 12 months and delete data:
- immediately upon withdrawal;
- after 24 months of inactivity; or
- when no longer required for the purpose collected.
Aggregated, non-identifiable statistics may be kept longer.
8. Your privacy rights
You may, at any time:
- Request access to the personal data we hold about you;
- Ask for rectification of inaccurate or incomplete data;
- Request erasure ("right to be forgotten");
- Request restriction or object to processing;
- Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
9. Data security
We apply best practice data security and adhere in essence to most of the ISO 27001-aligned controls: encryption in transit, MFA, tests, continuous monitoring, and incident-response procedures. The company is ISO 9001:2015 certified.
10. Cookies & web analytics
Kons.no uses:
- Strictly necessary cookies for security and site navigation.
- Optional analytics cookies (Google Analytics 4). These load only after your explicit opt-in and can be revoked via the banner or browser settings.
11. Changes to this notice
We review the policy at least annually or whenever our processing changes. We will publish the updated version here.
12. How to contact us or raise concerns
Email post@kons.no, call +47 920 86 167, or write to Kons AS, Karl Johans gate 25, 0159 Oslo, Norway.