Privacy Policy for Job Applicants

Latest revision: 27.06.21

Protection of personal data processed about you as a job applicant

If you are applying for a job with Bullwall (“we”, “us”, “our”), we process personal data about you.

It is crucial to us that your personal data are properly protected and respected as a part of your application process. Therefore, we strive to constantly protect your personal data, including complying with any applicable data protection laws, such as the General Data Protection Regulation (“GDPR“).

Under the GDPR, Bullwall is obligated to inform you about how we process the personal data collected and registered about you, about your rights as a data subject etc. You can find that information herein.


1.0 Data Controllers

Bullwall consists of various legal entities, each independently responsible and accountable for its own processing of your personal data under the GDPR.

 The contact details of the legal entities that assume data controllership in Bullwall are, depending on which company you apply with:


BullWall Lab A/S

Reg. no.: 37800171

Øster Snedevej 15B, st.

7120 Vejle Øst



Phone: +45 2949 9571


BullWall A/S

Reg. no.: 38878786

Øster Snedevej 15B, st.

7120 Vejle Øst



Phone: +45 2949 9571


BullWall Ltd

Reg. no.: 11166803

8 The Courtyard, Furlong Road

Bourne End, Bucks SL8 5AU



Phone: +45 2949 9571


 Inquiries concerning how we process your personal data, or inquiries related to you exercising your rights as a data subject, may be sent to the responsible legal entity via the contact information found above.


2.0  Categories of personal data

 The following categories of non-sensitive and sensitive personal data are processed:

  • Identification data, including name, address, telephone number and email and Civil registration number
  • Education, career and professional experience, including application and CV
  • Images
  • Personality tests and evaluations – e.g. in connection with recruitment and performance reviews
  • Sensitive and purely private information about significant social problems and any criminal offences, e.g. in connection with obtaining criminal records
  • Records obtained in connection with interviews

The personal data obtained, processed, registered and stored about you have primarily been collected from you but may also originate from public registers and private operators such as banks and pension funds, from your superior etc.

The personal data are collected from you, references and us.


3.0 Purposes of the processing of personal data

The purposes of the processing of personal data about you are as follows:

  • Assessing and evaluating personality, skills, competencies and experience
  • Selecting the right candidate for a vacancy
  • Deciding on terms of employment if you are offered a position
  • Contacting references
  • Storing your application if not offered a position upon application

Following the recruitment process, the privacy notice for employees will apply.


4.0 Legal basis of the processing

We process personal data about you to the extent necessary for the purpose of the recruitment, cf. the above purposes which are based on our legitimate interests under article 6(1)(f) of the GDPR.

We contact references with your consent, in particular if we ask them about questions which reveal information which could be negative about you.

Processing of personality tests and evaluations are based on our legitimate interest in recruiting suitable candidates (see Article 6(1)(f) of the GDPR).

Generally, we will not collect personal data related to your health, and you will not be obligated to inform us about your health, unless it is important in relation to your performance of the work, cf. Article 9(2)(b) and for applicant to the Danish companies; Section 12 of the Danish Data Protection Act.

Processing of information regarding criminal offences, e.g. in connection with obtaining of criminal records, will be based on a consent obtained from you, cf. article 6(1)(f) and for applicants to the Danish companies; cf. Section 8, para. 3 of the Danish Data Protection Act.


5.0 Data recipients and third countries

As a general rule, we do not transfer personal data to third parties. As the exception, we may share information about a candidate with other group companies (listed above) if we need to align recruitments across the group.

 We also use data processors, which process personal data about you on our behalf.

 Currently, we use data processors to handle the following measures and activities:

  • Office 365 (OneDrive, Teams, Skype, etc.).
  • Google Drive and Google Maps
  • Web-emails and Microsoft services
  • Automatic text messages and telecom services
  • Firewalls/log of IP addresses

Some of our data processors and their subprocessors transfer personal data to countries outside the EEA:

Countries with an adequacy decision offering the equivalent level of data protection as in the EU: Argentina, Canada, Faroe Island, Isle of Man, Israel, Japan, New Zealand, Switzerland and United Kingdom.

Countries without an adequacy decision offering the equivalent level of data protection as in the EU (list of all possible countries): Australia, Brazil, Chile, China, Columbia, Egypt, El Salvador, Guatemala, Hong Kong, India, Indonesia, Kenya, Malaysia, Mexico, Peru, Philippines, Serbia, Singapore, South Africa, South Korea, Taiwan, Turkey, United Arab Emirates and USA.

For these countries, the transfers are based on the EU Commission Standard Contractual Clauses. If you wish to receive a copy of the clauses, please contact us.


6.0 Storage period

We store personal data about job applicants for a period of 6 months from rejection if you are not employed with us. If you consent to it (Article 6(1)(a) of the GDPR), we keep the application for longer.


7.0 Your rights

If you wish to exercise your rights as further described below, please use the contact details listed above.

Your rights are the following:

  • Right of access: You have the right to be granted access to the personal data processed about you, including information on how such personal data are processed, the sources, etc.
  • Right of rectification: You have the right to have incorrect personal data about you rectified.
  • Right of deletion: Under certain conditions, you have the right to have personal data about you deleted prior to deletion otherwise in accordance with our general deletion procedures.
  • Right of restriction of processing: Under certain conditions, you have the right to have the processing of your personal data restricted. If you are entitled to such restricted processing, we may only process your personal data – except for storage – with your consent, for the purpose of establishing, exercising or defending a legal claim or to protect a person or on grounds of important public interests.
  • Right of data portability: You have the right to data portability to the extent that our processing of your personal data is based on your consent or an agreement, and the processing takes place automatically. This right implies that you are entitled to have your personal data forwarded in a structured, generally applied and machine-readable format, which you may transfer to another service provider.
  • Right of objection: Under certain conditions, you have the right to object to our processing of your personal data.
  • Right of withdrawal of consent: To the extent that our processing is based on your consent, you are entitled to withdraw your consent wholly or partly. The withdrawal of your consent will not affect the lawfulness of the processing made by us until withdrawal.

For more information on your rights, see the Danish Data Protection Agency’s (Datatilsynet) guidelines describing your rights as a data subject at

If you make use of your rights as described above, we also process personal data relating to receiving and responding to your inquiry. If there is doubt about your identity, we have the right to request more information necessary to confirm your identity. In such cases, we will process additional information about you for the purpose of knowing your correct identity.


8.0 Complaints

If you wish to complain about our processing of your personal data, you may complain to the Danish Data Protection Agency (Datatilsynet). Contact details can be found at


9.0 Updates and revision

This Privacy Notice was implemented on 27 July 2021. We will regularly revise our processing activities and update the Privacy Notice, when and if necessary.