Recruitment Privacy Notice
Date of publication: 22-01-2026
1. Introduction
Hypex Bio Explosives Technology AB is committed to protecting the privacy and personal data of individuals who interact with us in connection with recruitment and employer branding.
This Recruitment Privacy Notice explains how we process personal data relating to:
- Career Site visitors, and
- Candidates in early-stage recruitment processes,
in accordance with the EU General Data Protection Regulation (GDPR) and applicable Swedish legislation.
This notice applies to personal data processed through our Career Site and applicant tracking system (ATS). Once an individual progresses to pre-employment or employment, further processing is covered by our Internal Privacy Notice.
2. Data controller
Hypex Bio Explosives Technology AB
Slipstensvägen 15, 142 50 Skogås, Sweden
Company registration number: 559279-6105
If you have questions regarding this notice or our processing of personal data, please contact:
Email: info@hypexbio.com
Phone: +46 (8) 683 91 00
3. Categories of Data Subjects
We process personal data relating to:
- Visitors of our Career Site
- Candidates, including:
- applicants,
- sourced candidates,
- referred candidates, and
- individuals who create a profile to receive vacancy updates (“talent pool”).
We may also process limited personal data relating to:
- References, where a candidate has provided their details.
4. Categories of Personal Data Processed
Depending on the context, we may process:
- Identification data (e.g. name)
- Contact details (e.g. email, phone number, address)
- Application data (e.g. CV, cover letter, education, work experience, references)
- Recruitment process data (e.g. interview notes, assessments, test results where applicable, salary expectations)
- Public professional profile information (e.g. LinkedIn)
- Communication data (e.g. emails and messages exchanged during recruitment)
- Technical and usage data (e.g. IP address, browser type, device information, Career Site usage)
Where permitted by law and relevant for the role, we may also process:
- Background check data, and
- Security-related vetting data, if required due to regulatory obligations.
5. Purposes and Legal Bases of Processing
5.1 Purposes
We process personal data for the following purposes:
- Recruitment and selection, including assessing suitability and qualifications
- Communication and administration during the recruitment process
- Managing candidate profiles, including talent pool communication (where applicable)
- Operating, maintaining and securing the Career Site and recruitment systems
- Compliance and legal matters, including handling disputes or claims
- Mandatory checks, where applicable for certain roles (see Section 6)
5.2 Legal bases
We process personal data based on one or more of the following legal bases:
- Legitimate interest (recruitment, candidate evaluation, communication and administration)
- Legal obligation (where mandatory security vetting or regulatory requirements apply)
- Consent (where applicable, e.g. if we propose to record an interview)
6. Background Checks and Security Vetting
For certain roles, recruitment may include background checks and/or security vetting. Candidates are informed about mandatory checks:
- in job advertisements, and
- during recruitment dialogues and interviews.
Where required, successful completion of mandatory checks may be a condition for employment.
7. Recipients of Personal Data
Personal data may be shared with the following categories of recipients, where necessary:
- Recruitment system providers and related service providers
- Internal recipients, such as HR and hiring managers with a need-to-know
- Authorities, where required by law
- Legal advisors and courts, in connection with legal claims
- Parties involved in corporate transactions, where applicable (e.g. mergers or acquisitions)
Access to personal data is restricted to authorised individuals.
8. Transfers Outside the EU/EEA
Some of our service providers may be established outside the EU/EEA, or may allow access from third countries for support or operational purposes.
Where transfers outside the EU/EEA occur, they are safeguarded through:
- EU Commission adequacy decisions, and/or
- EU Standard Contractual Clauses (SCC) included in relevant data processing agreements.
9. Retention of Personal Data
We retain personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal obligations.
Typical retention periods:
- Candidate data (recruitment cases): up to 12 months after the recruitment process ends, unless longer retention is necessary for legal claims
- Talent pool profiles: for as long as the individual remains connected, or until the individual requests deletion
- Technical and security-related website logs: up to 12 months, unless required for incident investigation
If an individual is offered employment, relevant data may be transferred to internal HR systems for pre-employment and employment administration, which is covered by our Internal Privacy Notice.
10. Data subject rights
Individuals have the rights provided under the GDPR, including the right to:
- be informed about processing
- access personal data
- request rectification
- request erasure (where applicable)
- object to processing based on legitimate interest
- request restriction of processing
- lodge a complaint with the competent supervisory authority
Requests can be submitted using the contact details in Section 2.
11. Data security
We implement appropriate technical and organisational measures to protect personal data, including:
- access control based on need-to-know
- role-based access restrictions
- appropriate security measures within the recruitment systems used
- incident handling procedures for suspected personal data breaches
12. Updates to this notice
We may update this Recruitment Privacy Notice when necessary to reflect changes in our processing activities, systems, or applicable legal requirements. The most recent version will be published on our Career Site.