Careers at Hiab

Purpose of this Privacy Statement

Hiab Corporation and its affiliates globally (‘Hiab‘, ’we‘, ’us‘, or ’our‘), recognises the importance of protecting people’s privacy and personal data and processing it in accordance with the applicable data protection laws. It is the purpose of this HR Privacy Statement (“Privacy Statement” or “Statement”) to communicate the ways we process personal data of individuals who apply for a job in Hiab Corporation or any of its affiliate companies. Should any applicable mandatory laws or regulations be in conflict with this Privacy Statement, we will respect such laws and regulation over any conflicting parts in this Statement.

This Privacy Statement describes how we collect and use your personal data in accordance with applicable data protection legislation such as the EU General Data Protection Regulation (‘GDPR’) (together, the ‘Data Protection Legislation’). This Privacy Statement also explains your rights in relation to your personal data.

It is important that you read this Privacy Statement, together with any other privacy statements we may provide on specific occasions, such as any country specific privacy statements or other privacy policies, so that you are aware of how and why we are processing your personal data and what your rights are under the Data Protection Legislation. 

We may update this Privacy Statement from time to time. The most up-to-date version of this Privacy Statement will be available on our website.

1. Contact details: 

If you have any questions or inquiries concerning this Privacy Statement or processing of your personal data, please contact privacy@hiab.com.

2. Key definitions  

The “Personal Data’ is defined in the Data Protection Legislation and means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

The "processing" means any operation or set of operations which is performed on the Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The "data controller" or "controller" is a legal entity responsible for the collection and use of Personal Data under this Statement, in this case, the Hiab group company that is involved in your recruitment process and that would be your future employing entity within the Hiab group, as the case may be. With regard to specific data processing activities, Hiab Corporation and/or other Hiab affiliate companies may also operate as data controllers, either independently or jointly with other Hiab affiliates. If you would like to request further information on the controllership, please feel free to contact us using the contact details provided above.
 

3. What are the regular categories of Personal Data we collect?

We process the Personal Data relevant to the purposes stated in Section 5 below. This may include the following categories of the Personal Data:

• Basic personal data: for example, name, contact details, social security number or local equivalent, birth date, gender, right to work documentation, including visas and work permits, copy of passport and/or national ID and photographs;
• Recruitment data: for example, candidate profile, cover letter, CV, working experience, education, know-how, assessments, competences and references, and any other Personal Data which you may choose to provide to us with your application or during the recruitment process;
• Background checks data: for example, background screenings, screening forms, copy of passport and/or national ID (if permitted by applicable law) and other necessary information in accordance with applicable laws;
• Other data related to recruitment process: for example, interview memos and feedback, video records and emails and other communication material in relation to the recruitment process;
• System/usage data: for example, log data of user actions such as time stamps and user's actions in the IT-systems, data regarding the use of networks and cloud platforms;
• Data collected through security systems: for example, access control information and CCTV footage if you visit our facilities during the recruitment process;
• Other data relevant to the recruitment process and necessary for the final recruitment decision.

In some cases, we may collect special categories of Personal Data as specified in the Data Protection Laws or otherwise sensitive Personal Data, where permitted by applicable laws and with your consent where required, for example, in some jurisdiction information on criminal records.

4. What are the regular sources of Personal Data and is it mandatory to provide Personal Data?   

We collect your Personal Data primarily from you and as provided by you to us. In addition to this, we may also, subject to applicable laws and regulations, collect the Personal Data about you from third party sources. This may happen for example in case of conducting background checks and applicant assessments from external professional service providers. We may also collect your Personal Data from public sources such as LinkedIn or similar professional social platforms in accordance with applicable laws.

We also collect the Personal Data when you use our communication systems and other IT systems and networks. Additionally, we collect the Personal Data through CCTV and other security systems, for example, when you visit our facilities.

As a rule, providing the Personal Data is voluntary. However, we do require sufficient information about you in order to be able to make an informed decision concerning you in our recruitment processes. Thus, if you choose not to provide some or all of the Personal Data which we request from you, in accordance with this Privacy Statement, we may not be able to consider you when making final hiring decisions.

5. What are the legal bases and purposes for processing of Personal Data?

We collect and process your Personal Data primarily on the basis of your consent. However, there may be circumstances where we may have to rely on other grounds for the lawfulness of processing your Personal Data, such as: (i) processing which is necessary for us to take steps, at your request, prior to entering into an employment contract without; (ii) processing which is necessary for compliance with a legal obligation; or (iii) the processing which is necessary for the purposes of the legitimate interests pursued by us or third party in accordance with the Data Protection Legislation.

Under the above legal bases, we process the Personal Data for several purposes as follows:

Consent:

• In some countries we may ask for consent to process your Personal Data in connection with a recruitment process.​​​​​​​

Performance of a contract including necessary steps prior to entering a contract:

• Entering into an employment agreement with you and executing rights and obligations under the agreement.

Legal obligations:

• Complying with legal obligations related to recruitment and employment, including but not limited to employment laws and health and safety laws, tax and social security laws, diversity laws and immigration laws and other binding regulations;
• Complying with other legal obligations applicable to Hiab Corporation and/or its affiliates globally, including but not limited to corporate tax laws, customs laws, anti-bribery and anti-money laundering laws, competition laws, export laws, data security and data protection laws, and other security laws and binding requirements;
• Participating in investigations and audits regarding compliance with legal obligations and external investigations by authorities in different jurisdictions.   

Legitimate interests:

• Conducting and managing recruitment processes; 
• Business management and planning staffing needs;
• Conducting necessary screening and background checks; 
• Ensuring security of our IT-systems and networks by implementing necessary tools to monitor network security, preventing hacking, phishing and other malware activities and data breaches;
• Monitoring compliance with our data security requirements and Hiab policies and other compliance documentation and conduction internal and external investigations and audits;
• Managing complaints, legal disputes, litigation and other dispute resolution;
• Conducting mergers and acquisitions and projects in the context of the possible sale or restructuring of the business. 

6. Who do we share Personal Data with?

We share the Personal Data on a regular basis with Hiab affiliates, service providers and other stakeholders such as the following main categories of recipients:

• Hiab Corporation and Hiab affiliates globally where group services are provided, for example, recruitment related matters, IT services including maintenance and support services and maintaining information security systems, succession planning, business reorganisation, reporting and legal matters;
• Service providers that process the Personal Data as data processors, including, for example, technology vendors providing us with IT-systems, recruitment agencies and consultants involved in the recruitment process, service providers that provide applicant assessments as well as conducting background checks;
• Auditors and external law firms;
• Government agencies and law enforcement authorities and their appointed service providers were required by law;
• Potential future shareholders and their advisors in the context of the possible sale or restructuring of the business.

If you would like to request further information about the recipients of the Personal Data, please feel free to contact us using the contact details provided in Section 1.

7. Do we transfer Personal Data outside the European Economic Area?

We may transfer the Personal Data to countries outside the European Economic Area (“EEA”), including Hiab group companies and service providers located in such countries. Where the Personal Data is transferred outside the EEA, we ensure that safeguards as required under the Data Protection Legislation are in place, such as:

• Adequacy decisions by the European Commission;
• Standard Contractual Clauses approved by the European Commission;
• Other appropriate safeguards in accordance with the Data Protection Legislation.

If you would like to request further information about the Personal Data transfers and safeguards in place, please feel free to contact us using the contact details provided in Section 1. 

8. How long do we retain Personal Data?

We retain the Personal Data only for as long as that data is necessary for the purposes we have collected it, or if we are required to retain that data for longer periods in order to comply with applicable laws or other binding requirements, or if the Personal Data is necessary to manage complaints or other legal disputes. We follow our own Hiab-specific retention criteria, as such criteria are developed and changed from time to time to best serve our responsibilities and obligations under applicable laws.

If you would like to request further information about specific retention times or criteria, please feel free to contact us using the contact details provided in Section 1.

9. How do we protect Personal Data?

We have appropriate measures in place to safeguard and secure the Personal Data. The Personal Data may be stored either in hardcopy or electronic form. We have taken reasonable protective measures to secure the Personal Data against the unauthorized access, modification, collection, copying, use, and disclosure of such Personal Data. These measures include for example: (i) limiting the access and uses of information to those Hiab’s employees, contractors and suppliers and persons who, for in order to be able to perform their relevant tasks need to have, on a fair and lawful basis, access to the Personal Data; (ii) use of physical and electronic access codes and passwords to control and restrict access; (iii) training and raising awareness on relevant personnel about data protection and privacy; (iv) applying update and at-minimum-industry standard technical security measures.

10. What are your legal rights in regard to your Personal Data?

You have all rights under the Data Protection Legislation, including:

Right to access: you have the right to receive confirmation from the controller on whether or not the controller is processing your Personal Data. You are entitled to request, in accordance with the Data Protection Legislation, a copy of the Personal Data being processed. 

Right to rectification: You have the right to demand the rectification of inaccurate Personal Data and to have any incomplete Personal Data completed.

Right to erasure: In certain cases, as specified in the Data Protection Legislation, you have the right to have the controller erase your Personal Data. For example, when the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

Right to restriction of processing: In certain cases, as specified in the Data Protection Legislation, you have the right to request the controller to restrict the processing of Personal Data. The right to restriction exists for example, when you contest the accuracy of your Personal Data. In such cases, the processing will be restricted for a period enabling the controller to verify the accuracy of the Personal Data.

Right to object: You have the right to object to the processing of your Personal Data in certain situations, meaning you can request that the controller stops processing it.

If your data is processed based on the controller's or a third party's legitimate interests, you have the right to object to the processing on grounds relating to your particular situation. In such cases, the controller must stop processing your data unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms. Each situation will be assessed on a case-by-case basis.

If your Personal Data is processed for direct marketing purposes based on legitimate interest, you have the right to object at any time without providing any specific grounds. Once you object, your data may no longer be processed for direct marketing purposes (this includes profiling related to direct marketing).

Right to data portability: In certain cases, as specified in the Data Protection Legislation, you have the right to receive your Personal Data that you have provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller.

Right to withdraw consent: If your Personal Data is processed based on consent, you have the right to withdraw consent by informing the controller. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent. 

Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with the competent supervisory authority if you consider that the controller has not complied with Data Protection Legislation. You may lodge a complaint with a supervisory authority, for example, in the member state where you live or where you consider the alleged infringement has taken place. 

However, as we are committed to complying with Data Protection Legislation and protecting your privacy, we encourage you to contact us before contacting any authorities, so we can correct any misunderstandings and rectify any incorrect data processing practices.

11. How can you use your legal rights?

If you want to use your rights or if you have any questions, please feel free to contact us using the contact details provided in Section 1.

This Privacy Statement last updated: February 2026.