Personalized products + up to 33% off Activate offer now ➜

Search
Search
HomeundefinedData protection

Data protection notice

This notice explains how Gelato ASA (organisation number 991 753 591, Dronning Eufemias gate, 0191 Oslo, Norway) handles the personal data of individuals who apply for roles within the Gelato group. 

Gelato ASA acts as the data controller for recruitment across all Gelato group companies and local subsidiaries worldwide. We may amend this notice from time to time as necessary.

1. What personal data we collect

In connection with your application, we may collect and process the following categories of personal data:

  • Personal identification information, such as your name, home address and contact details;

  • Government-issued identification where required for right-to-work verification;

  • Immigration and residence status;

  • Educational and professional qualifications, such as certificates, licences and awards;

  • Recruitment-related information, such as your CV or résumé, cover letter, career history, skills, competencies and interview notes;

  • References and background check information, where applicable and permitted by local law;

  • Any other information you choose to share with us during the recruitment process or include as part of your CV or résumé such as date of birth and gender.

We do not seek sensitive personal information (such as health data or details of criminal convictions) unless this is strictly necessary, required by law in the relevant jurisdiction, or you choose to share it with us. Where we do process such data, we will do so only with appropriate safeguards in place and, where required, with your explicit consent.

2. How we use your personal data

We use your personal data for the following recruitment-related purposes:

  • Assessing your suitability for the role you have applied for;

  • Conducting interviews and evaluating your application;

  • Communicating with you throughout the recruitment process;

  • Complying with applicable legal obligations;

  • Carrying out pre-employment checks, such as right-to-work verification and, where applicable, background screening;

  • Considering you for other suitable roles within Gelato that may arise in the future;        

  • Cross-referencing previous applications to inform our assessment.

We process your personal data on the following legal bases:

 (a) taking steps prior to entering into an employment contract with you (Article 6(1)(b) GDPR); 

(b) compliance with legal obligations (Article 6(1)(c) GDPR); and 

(c) our legitimate interests in recruiting suitable candidates, maintaining a talent pool, cross-referencing previous applications, and defending legal claims (Article 6(1)(f) GDPR) . You have the right to object to legitimate interest processing at any time by contacting [email protected].

3. Who we share your data with

We may share your personal data with:

  • Other Gelato group companies and local subsidiaries involved in the recruitment process;

  • Third-party service providers who support our recruitment activities (such as our applicant tracking system, Ashby), who are contractually required to protect your data;

  • Background check providers, where applicable and permitted by local law;

  • Regulatory authorities, courts or other bodies where required by law;

  • A successor organisation, in the event of a merger, acquisition or transfer of business.

We will not share your personal data with any other third parties without your consent, unless required by law or in the event of a life-threatening emergency.

4. International transfers

Because Gelato operates globally, your personal data may be transferred to and processed in countries other than the country in which you are applying. Some of these countries may not provide the same level of data protection as your home country. Where such transfers occur, we put in place appropriate safeguards—such as standard contractual clauses or equivalent mechanisms—to ensure your data remains protected in accordance with applicable law.

5. How long we keep your data

If your application is unsuccessful, we will retain your personal data for a period of two (2) years from the date of the final recruitment decision, after which it will be securely deleted. If you would like us to delete your data sooner, you may request this at any time by contacting us at [email protected].

If your application is successful, your data will be retained and managed in accordance with our employee data protection notice.

6. How we protect your data

Gelato takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or disclosure. We require all third-party service providers who handle your data on our behalf to maintain equivalent standards of protection.

7. Your rights

Depending on where you are based, you may have certain rights in relation to your personal data, which may include the right to:

  • Access the personal data we hold about you;

  • Receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, have it transferred to another controller (right to data portability);

  • Request correction of inaccurate or incomplete data;

  • Request deletion of your data (subject to legal obligations);

  • Object to or restrict certain types of processing;

  • Withdraw consent, where processing is based on consent;

  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us using the details below. We will respond in accordance with applicable law.

8. Contact us

If you have any questions about this notice or how we handle your personal data, or if you wish to exercise your rights, please contact our Privacy team:

Email: [email protected]

If you are not satisfied with our response, you have the right to complain to the relevant data protection authority in your country.