We process personal data in the context of our services. We may have received this information from you, for example via our website, e-mail, telephone or app. In addition, we may obtain your personal data from third parties in the context of our services. We think it is important that your data is handled with care and we ensure that the personal information you provide is treated confidentially. With this privacy statement we inform you about how we handle this personal data.
Personal data to be processed
Which personal data we process depends on the exact service and circumstances. Usually this concerns the following data:
- name and address details;
- Birthdate and place;
- Contact details (name, e-mail address, telephone number);
- Copy of proof of identity;
- Citizen service number;
- Salary and other data required for tax returns, salary calculations, etc.;
- If and insofar as necessary: marital status, details of partner and information about children;
- Bank account number.
- We collect, if necessary for our services, special personal data such as:
- through a Declaration of Impeccable Conduct;
- information about your mental and physical health.
We ask for your explicit permission for the collection and use of said data.
Purposes of and bases for the processing
In a number of cases we process the personal data in order to comply with a legal obligation, but usually we do this in order to be able to implement our services. Some data is recorded for practical or efficiency reasons, which we assume are also in your interest, such as:
- Communication and information provision;
- To be able to perform our services (assignment) as efficiently as possible;
- improving our services;
In concrete terms, the above also means that we use your personal data to send you messages if we think they may be of interest to you.
In some cases, we may want to process personal data for reasons other than those mentioned above and we will ask you for explicit permission to do so.
Finally, we may also use your personal data to comply with legal proceedings if necessary.
Provision to third parties
In the context of our services, we can use the services of third parties, for example if these third parties have specialist knowledge or resources that we do not have in-house. These can be so-called processors or sub-processors, who will process personal data on the basis of an assignment.
Other third parties who, strictly speaking, are not processors of the personal data, but who do or may have access to it, are for example our system administrator, suppliers or hosting parties of online software, or consultants.
If engaging third parties means that they have access to the personal data or that they themselves record and/or otherwise process, we will agree (in writing) with those third parties that they will comply with all obligations of the GDPR. Naturally, we will only engage third parties of whom we can and may assume that they are reliable parties that handle personal data adequately and that can and will comply with the GDPR. This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
Of course, we may also have to provide your personal data to third parties in connection with a legal obligation.
Under no circumstances will we provide your personal data to third parties for commercial or charitable purposes without your explicit consent.
We will not process your personal data for longer than is useful for the purpose for which it was provided. This means that your personal data will be kept for as long as it is necessary to achieve the relevant goals. Certain data must be kept for longer (usually 7 years), because we have to comply with legal retention obligations (for example, the fiscal retention obligation).
We have taken appropriate organizational and technical measures for the protection of personal data insofar as these can reasonably be expected of us, taking into account the interest to be protected, the state of the art and the costs of the relevant security measures. These measures include:
Physical and logical access protections;
Security at a level that, given the state of the art, is necessary and reasonable.
We require our employees and any third parties who necessarily have access to the personal data to maintain confidentiality. We also ensure that our employees have received correct and complete instructions on how to handle personal data and that they do so