Privacy policy

In this Privacy Policy you can read about how DOOBLECHECK ApS (DOOBLECHECK) processes the information you provide when you visit one of our websites and answer a reference questionnaire.

If you have any questions about our processing, you can always contact us at{' '} support@dooblecheck.com

1. How does DOOBLECHECK process personal data about you?

Information and data registered while answering an online-reference, will vary depending on your relationship with the candidate and the issues that the recruiting company wishes to uncover.

DOOBLECHECK operates as a data processor on behalf of the recruiting company, which is the data controller in relation to the information and answers you provide, and processes personal data solely for the purpose of qualifying the candidate's candidacy.

DOOBLECHECK collects information by you providing it when you answer a reference questionnaire. In addition, some information is collected passively, such as your IP address, information about your browser and the time of your visit to our website.

1.1. If you complete our online-reference

Answering a DOOBLECHECK reference questionnaire is always voluntary. You can stop at any time if there is a question you do not want to answer.

Why do we collect the information?
The purpose of collecting and processing information is to qualify a given candidature and to contribute to the recruiting company's search for the right new employee.

How are we allowed to collect the information?
DOOBLECHECK operates as a data processor on behalf of the recruiting company which is the data controller with respect to your information provided and responses which are furthermore made in accordance with the candidate's consent.

What information is collected and where does it originate?

When you answer a DOOBLECHECK online-reference, we collect both passive and active information as mentioned above. The active information is your answers to questions asked in the survey in question. This information will generally not identify you.

How long is the information kept?
All information is deleted 1) after the completion of the respective recruitment process or 2) after the termination of the employment relationship if the recruitment process results in an employment.

With whom is the information shared?
Your answers will be shared with the recruiting company and the candidate - subject to your consent.

1.2. If you visit our website

When you visit DOOBLECHECK's websites, you leave behind electronic traces which are stored by DOOBLECHECK.

Why do we collect the information?
The purpose of collecting the information is to generate statistics on how the pages are used, as well as logging for security purposes. The purpose of collecting IP addresses, browser information and time of visit to our pages is statistical, data security and website improvement.

How are we allowed to collect the information?
If you consent to the use of cookies, the legal basis for our processing of your personal data is your consent as set out in Article 6(1)(a) of the GDPR. You can withdraw your consent to the processing at any time by changing your cookie settings.

What information is used and where does it come from?
Your IP address, browser information and time of visit to our pages and which pages you have visited.

How long is the data kept?
The data is kept until the relevant recruitment process is completed.

2. How does DOOBLECHECK protect the information collected about you?

It is important to DOOBLECHECK that our processes are clear, open, and transparent. You are therefore always welcome to contact us with any questions.{' '} support@dooblecheck.com

DOOBLECHECK always processes information about you in accordance with the EU Data Protection Regulation (GDPR) and the Danish Data Protection Act - collectively referred to as the Personal Data Act. The purpose of this legislation is to protect the privacy of individuals, and the Danish Data Protection Authority supervises compliance with the rules.

3. Where is the data stored and processed?

DOOBLECHECK does not host its IT systems itself. Instead, we use a certified hosting partner to store the personal data described in this privacy policy.

DOOBLECHECK has entered into data processing agreements with these suppliers. The agreements set out the obligations a data processor must comply with when it stores and processes your personal data on behalf of DOOBLECHECK. The data processor can thus only lawfully process data about you to fulfil the purposes determined by DOOBLECHECK.

4. Your rights

You have the right to access the personal information that DOOBLECHECK holds about you and to have it corrected if it is incorrect. You can exercise your rights by contacting us at{' '} support@dooblecheck.com. Read more about your rights on the website of the Data Protection Authority, where you can also find information about your possibilities to complain to the Data Protection Authority.

5. Authentication and User Data Storage

Our application allows users to authenticate using Google, Facebook, and LinkedIn for a seamless login experience. When you sign in through these services, we collect and store the following information:

• Email Address – Used to create and manage your account, send account-related notifications, and facilitate login.
• User ID – The unique identifier provided by Google, Facebook, or LinkedIn, which is required for authentication and account management.
• Display Name – The name associated with your social account, used to personalize your experience within our application.
• Access Token – Temporarily stored to maintain user sessions and authenticate API requests.
• Refresh Token – Stored to enable seamless login and refresh authentication sessions without requiring users to log in repeatedly.

We store access tokens and refresh tokens only as needed to maintain authentication and facilitate a smooth user experience. These tokens are securely stored and never shared with third parties outside of our authentication system.

6. How We Use Stored Authentication Data

The authentication data we collect is used exclusively for the following purposes:

• Seamless Login & Session Management: Access tokens allow users to stay logged in without frequently re-entering their credentials.
• Token Refreshing: Refresh tokens are used to automatically renew access tokens, reducing the need for manual logins.
• Security & Fraud Prevention: We monitor authentication data for suspicious activity to prevent unauthorized access.
• User Support: If you experience login issues, authentication data may help us troubleshoot and resolve them.

We do not use stored authentication data for advertising, marketing, or any purpose unrelated to authentication.

7. Sharing and Disclosure of Authentication Data

We do not sell, transfer, or disclose authentication data to third parties except in the following cases:

• With Service Providers: We may share authentication data with trusted third-party providers who assist in authentication and identity verification. These providers are contractually obligated to process data securely and in compliance with privacy laws.
• Legal Compliance and Protection: If required by law, regulation, or legal process, or if necessary to protect the rights, property, or safety of our users or our company, we may disclose authentication data.

We follow Google, Facebook, and LinkedIn’s data policies, ensuring that user authentication data is used only for its intended purpose.

8. Protection of Authentication Data

We implement strong security measures to protect authentication data, including:

• Token Encryption: All stored access tokens and refresh tokens are encrypted both in transit and at rest to prevent unauthorized access.
• Access Controls: Only authorized systems and personnel have access to authentication data, with strict role-based access controls.
• Secure Storage: Authentication data is stored in a secure environment that follows industry best practices.
• Automatic Expiration: Stored access tokens and refresh tokens expire after a defined period to reduce security risks.
• Regular Security Audits: We continuously monitor authentication data for vulnerabilities and conduct periodic security audits.

We adhere to industry-standard security frameworks to ensure the confidentiality and integrity of stored authentication data.

9. Data Retention and Deletion

We retain authentication data only for as long as necessary to provide seamless login and account access. Specifically:

• Access tokens expire automatically and are refreshed periodically to maintain security.
• Refresh tokens are stored until users revoke access, delete their account, or after a maximum retention period.

If a user deletes their account, all associated authentication data (email, user ID, access tokens, and refresh tokens) will be permanently deleted, unless a longer retention period is required by law.

10. Requesting Data Deletion

Users can request the deletion of their authentication data at any time. To do so, contact us at support@dooblecheck.com, and we will process the request in accordance with privacy regulations.

We comply with Google, Facebook, and LinkedIn’s data policies, ensuring that authentication data is stored securely and used only as needed.

11. Update

DOOBLECHECK regularly evaluates and updates this privacy policy.

Last updated: February 2025