B > Privacy policy

Last update: 2025-05-27

Privacy policy

Your privacy is important to us at Brightmill. We comply with the General Data Protection Regulation (GDPR) and our group-wide Information Security and Data Protection Policy to ensure that your personal data is processed in a secure and transparent manner. Here we explain how we collect, use, and protect your data, as well as what rights you have.

Who is responsible for your personal data?

Brightmill AB is the data controller for all processing of personal data within our operations. If you have questions about how we handle your personal data, please contact us:

What personal data do we process?

For candidates

  • Contact details: Name, email address, phone number.
  • Professional information: CV, previous employers, education, references.
  • Information from public sources: When presenting candidates to clients, we conduct manual background checks in public legal registers. We do not store the results, only that the check has been performed. This processing is carried out based on legitimate interest in accordance with the GDPR.
  • Other information: Information that you provide yourself when applying or contacting us.

For clients and subcontractors

  • Contact details: Name, email address, phone number, job title.
  • Company information: Company name, organization number, billing information.
  • Contractual information: Data linked to agreements and the delivery of services.

Technical information

  • IP addresses, cookies, and browser information: Collected when you use our website. For more information, see our cookie policy.

Why do we process your personal data?

For candidates

  • To manage the registration process as a candidate.
  • To assess and match you for assignments and ensure requirements for the job profile are met.
  • To communicate with you during the recruitment process.
  • To keep you updated on our services and other relevant information through newsletters.

For clients

  • To deliver our services and communicate regarding ongoing assignments.
  • For invoicing and payment processing.
  • To keep you updated on our services and other relevant information through newsletters.

For subcontractors

  • To manage contracts and collaborations.
  • To communicate regarding deliveries and payments.

Legal basis for processing

We process personal data based on the following legal grounds:

  • Consent: To process candidate data, include them in our database, and send relevant information.
  • Contract: To fulfill our obligations to clients and subcontractors, for example, when delivering services or collaborating on assignments.
  • Legal obligation: To comply with legal requirements such as the Accounting Act or the General Data Protection Regulation (GDPR).
  • Legitimate interest: To improve our services, match candidates with the client’s job profile, and keep candidates and clients informed through newsletters and related information based on a business relationship.

How long do we keep your data?

  • Candidates: Data is stored until you actively withdraw your consent.
  • Clients and subcontractors: Data is stored in accordance with legal requirements, e.g., 7 years for accounting purposes.

Who do we share your data with?

We share your personal data only when necessary:

  • Clients and employers: When matching candidates to assignments (with the candidate’s consent).
  • Subcontractors: To deliver services where collaboration is required.
  • Service providers: For technical systems and support.
  • Authorities: If we are required to do so by law.

We ensure that everyone we collaborate with complies with GDPR and our data security requirements.

Your rights

You have the following rights under the GDPR:

  • Right of access: To receive information about what personal data we process and why.
  • Right to rectification: To have incorrect or incomplete data corrected.
  • Right to erasure: To have your data deleted when we no longer need it.
  • Right to restriction: To restrict our processing of your data in certain situations.
  • Right to data portability: To have your data transferred to another data controller.
  • Right to object: To object to the processing of your data for purposes such as direct marketing. Use the unsubscribe link in email mailings or contact us directly.

Contact us at kontakt@brightmill.se if you wish to exercise your rights.

International transfers

If personal data is transferred outside the EU/EEA, we ensure that adequate safeguards are in place, e.g., through standard contractual clauses in accordance with the GDPR.

Automated decision-making

We do not use automated decision-making or profiling that has legal or similar effects for data subjects.

Security for your data

We take measures to protect your personal data:

  • Encryption and secure systems for storage.
  • Multi-factor authentication for access.
  • Regular audits of our security procedures.

Cookies

We use cookies to improve your experience. Read more in our cookie policy.

Changes to the policy

We may update this policy to reflect changes in laws or our business. The latest version is always available on our website.

Contact us

Do you have questions or complaints about how we handle your personal data? Contact us at:

You can also contact the Swedish Authority for Privacy Protection (IMY) if you believe we are in breach of the GDPR.

Services

Interim Management

Recruitment & Executive Search

DI Mästargasell
Brightmill 15 years 2011-2026

Sweden

Gamla Brogatan 34
111 20 Stockholm

+46 10 10 10 150
kontakt@brightmill.se

Denmark

Bredgade 6
1260 Copenhagen

+45 35 12 10 00
kontakt@brightmill.dk

Germany

Ballindamm 3
20095 Hamburg

+49 40 210 505 30
kontakt@brightmill.de

© 2026 Brightmill AB

Whistleblowing

|

Privacy policy

|

Cookie policy