Privacy Policy
We attach great importance to privacy and the protection of personal data. In the privacy policy, you can read how we collect, use, and protect your data.
Introduction
As part of our services, we process personal data. We may have received this data from you, for example via our website, email, telephone, or app. In addition, we may obtain your personal data in the context of our services through third parties (for example, your employer). With this privacy statement, we inform you about how we handle this personal data.
Personal data to be processed
Which personal data we process depends on the specific service and circumstances. In many cases, this concerns the following data:
- name, address and place of residence details;
- date and place of birth or age;
- gender;
- contact details (email addresses, phone numbers) and the name and position of contact persons;
- bank account number;
- any information about previous education and positions;
- data about your activities on our website, IP address, internet browser and device type.
Purposes of and grounds for the processing
In a number of cases, we process personal data in order to comply with a legal obligation, but most often we do so in order to carry out our service agreements. There may also be a legitimate interest in processing personal data, such as in the case of an application procedure.
Some data are recorded for practical or efficiency reasons, which we may assume are also in your interest, such as:
- communication and information provision;
- being able to provide our services as efficiently as possible;
- invoicing and debt collection
It may happen that we contact you to ask for feedback on services provided by us or for market or other research purposes. If you do not appreciate this, you can read below what your rights are in this regard.
In some cases, we may wish to process personal data for reasons other than those mentioned above, and we will explicitly ask you for permission to do so. If we wish to process personal data that we are allowed to process on the basis of your consent for other or additional purposes, we will first ask you for your consent again.
Finally, we may also use your personal data to protect our own rights or property and those of our users and, if necessary, to comply with legal proceedings.
Applicants
We would like to draw applicants’ attention to the following. You are asked never to include your Citizen Service Number or religious beliefs in your application letter, and you do not need to enclose a passport photo or a copy of your identity document. If this is relevant, it will be addressed during the further application process. Your application will be retained by the responsible employee for the duration of the application procedure and will then be destroyed. If we are interested in your profile but cannot invite you for an interview immediately, we may ask you to give explicit consent for us to keep your application on file for up to 12 months.
Provision to third parties
In the context of our services, we may use third-party services, for example if these third parties have specialist knowledge or resources that we do not have in-house. These may be so-called processors or sub-processors. Other third parties who, strictly speaking, are not processors of personal data but who do have or may have access to it include, for example, our system administrator or advisers whose advice we seek regarding your assignment. If engaging third parties results in them having access to the personal data or in their recording and/or otherwise processing it themselves, we will agree with those third parties (in writing) that they will comply with all obligations under the GDPR. Naturally, we will only engage third parties whom we can and may assume to be reliable parties that handle personal data appropriately and can and will comply with the GDPR. This means, among other things, that these third parties may process your personal data only for the purposes stated above.
Of course, it may also be the case that we must provide your personal data to third parties in connection with a legal obligation. Incidentally, we would like to point out that if you send us a public message via social media, others may become aware of this message. Therefore, please send sensitive information in another way wherever possible.
Processing within the EEA
We will only process personal data within the European Economic Area (EEA), unless you agree otherwise with us in writing. An exception to this are situations in which we want to map contact moments via our website and/or social media pages (such as Facebook and LinkedIn). This includes, for example, visitor numbers and requested web pages. Your data is stored by third parties outside the EU when using Google Analytics, LinkedIn or Facebook. These parties are certified under the “EU-U.S. Privacy Shield,” so they must comply with European privacy regulations. Incidentally, this concerns only a limited amount of sensitive personal data, specifically your IP address.
Security
We have taken appropriate organizational and technical measures to protect personal data, insofar as these can reasonably be required of us, taking into account the interest to be protected, the state of the art, and the costs of the relevant security measures.
We require our employees and, where necessary, any third parties who have access to personal data to maintain confidentiality. Furthermore, we ensure that our employees have received proper and complete instructions on how to handle personal data and that they are sufficiently familiar with the responsibilities and obligations under the GDPR. If desired, we would be happy to provide you with further information about how we protect personal data.
Your rights
You have the right to access, rectify, restrict, or delete the personal data we hold about you (except, of course, where this would conflict with any legal obligations). Furthermore, you may object to the processing of your personal data (or part of it) by us or by one of our processors. You also have the right to have the data you have provided transferred by us to yourself or directly to another party if you wish.
Complaints
If you have a complaint about the processing of your personal data, we ask that you contact us about this. If this does not lead to a satisfactory outcome, you always have the right to lodge a complaint with the Dutch Data Protection Authority; the supervisory authority in the field of privacy. You can find the contact details of the Dutch Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl.
Retention periods
We will not process your personal data for longer than is necessary for the purpose for which it was provided (see the section “Purposes of and legal bases for processing”). This means that your personal data will be retained for as long as it is needed to achieve the relevant purposes. Certain data must be retained for longer periods (usually 7 years), because we must comply with statutory retention obligations.
Incidents involving personal data
If there is an incident (a so-called data breach) involving your personal data, we will, except for compelling reasons, inform you of this without undue delay if there is a high likelihood of negative consequences for your private life and the realization thereof. We aim to do this within 48 hours after we have discovered this data breach or have been informed about it by our (sub)processors. In any event, we will always report a data breach to the Dutch Data Protection Authority.
Changes
Undoubtedly, our privacy policy will be amended from time to time. The most recent version of the privacy statement is, logically, the applicable version and can always be found on our website.
Finally
We hope that this privacy statement has given you a clear picture of our privacy policy. However, if you have any further questions about how we handle personal data, we would be pleased to hear from you.