Privacy

PRIVACY STATEMENT

Your privacy is important to us and we undertake to protect and safeguard the rights relating to the privacy of your information.

OUR POLICY

In this privacy policy, we describe how we handle your personal data and in doing so comply with our statutory obligations, not just when we help you to find a job but also when we help our clients find a suitable candidate and when you are doing nothing more than visiting our website.

By virtue of the legislation (the General Data Protection Regulation (GDPR) [known in the Netherlands as the ‘Algemene Verordening Gegevensbescherming’ (the ‘AVG’)], we ensure that each processing of your personal data complies with the following principles:

We only process your personal data for legitimate purposes. This means that the processing is necessary for the achievement of goals specifically stated in the GDPR or that you have given your consent for the processing of your personal data. When it is legitimate to process your personal data, we do so in a proper and responsible way. We tell you clearly the purposes for which your personal data is being processed and how this is being done.
We only collect and process your personal data for well-defined, explicitly specified and legitimate purposes. If we use your information later for another purpose then we make sure that your purpose is consistent with the original collection purpose.
We ensure that the personal data that we collect from you and process is adequate for the purpose for which we collect it, that it is relevant and that it is limited to what is necessary.
We take all reasonable measures to ensure that your personal data is both correct and up-to-date. If your information is not that or is no longer that then we delete or correct it.
We retain your personal data for no longer than is necessary for the purpose for which we process it. If the information is no longer needed then we destroy or delete it.
We ensure that your personal data is properly protected and remains confidential. We protect your personal data against unauthorised or unlawful processing and against unintentional loss, destruction or damage.
We are responsible for compliance with all the above principles and can demonstrate that the processing of your personal data complies with these principles.

In order to ensure fair and honest processing of personal data, the GDPR grants you certain rights that you can exercise against us if you do not agree with our implementation of this privacy policy.

WHEN DOES THIS POLICY APPLY TO YOU?

This policy applies to you:

if you register yourself as a candidate with us or with one of our initiators (i.e. clients) for whom we recruit (Candidate)
if you are approached by our staff in connection with our vacancies (or those of one of our initiators) and consent to being made part of the process and/or database
if you visit our website (Website User)

WHEN AND HOW YOU GET IN TOUCH WITH US IN OUR CAPACITY AS THE CONTROLLER FOR YOUR PERSONAL DATA

To gain access to your personal data that you had given us or to amend or withdraw it or
if you suspect the misuse or loss of or unauthorised access to your personal information or
to withdraw your consent for the processing of your personal data (if consent is the legal basis for our processing of your personal data) or
to make comments and/or suggestions relating to this privacy policy,

you can get in touch with us at humanresources@emspay.eu

WHICH PERSONAL DATA DO WE COLLECT AND USE?

CANDIDATE DETAILS

We collect certain information about you so that we can find a suitable working environment for you. We restrict our collection of information to the information that we need for us to achieve our purpose.

Please find below the information about you that we usually collect and use:

First name;
Surname;
Date of birth;
Gender;
E-mail address;
Phone number;
CV;
Motivation;
Additional information that you provide us with;
Additional information about you that your job reference contact provides us with;
Additional information that our Clients could tell us about you or that we find out from third-party sources such as job vacancy websites;
IP address;

The above list of categories of personal data that we may collect about you is not exhaustive.

WEBSITE USERS

We collect and use basic information about our Website Users, which information we primarily use to improve our website. We look at how you use our website, at how often you visit our website and at which times our website is used most often. We also use website data to monitor visit behaviour and to optimise our remarketing campaigns.

HOW DO WE COLLECT YOUR PERSONAL DATA?

CANDIDATE DETAILS
We primarily collect personal data about Candidates in three ways:

Personal data that you provide us with in your capacity as Candidate;
Personal data that we receive from other sources; and
Personal data that we collect automatically.

WEBSITE USERS

We collect your information automatically using cookies when you visit our website, depending on the cookie settings in your browser. If you contact us via the website then we will also collect information from you.

HOW DO WE USE YOUR PERSONAL DATA?

CANDIDATE DETAILS

In general, we use the details of Candidates in two ways:

for recruitment activities
for marketing activities

The most important reason for using your personal details is to help you find work or other employment positions that could suit you.

You can use this website to apply for any vacancy that our initiators (i.e. clients) have published on it. Where appropriate and in compliance with local legislation and regulations, we can also use your personal data for such purposes as marketing and profiling. When required to do so, we will ask you for your consent to perform some or all of these activities. Where appropriate to do so in the future, we may also use Candidate data for profiling. In exceptional cases we may also be obliged to use your personal data in criminal proceedings.

WEBSITE USERS

The information from Website Users helps us to improve the user experience you have with our website. For example: analysing your recent search criteria for vacancies in order to offer you suitable vacancies.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We can share your personal data with the following categories of people and parties, doing so in a number of ways and for certain reasons, where it is appropriate and in compliance with local legislation and regulations to do so:

with all commercial entities that are subsidiaries of EMS
in the case of Candidates: with our initiators for whom we are managing the recruitment process in the name of the initiator’s organisation, by publishing this data on our website, and in particular with [INITIATOR],
if legislations and regulations require this: with tax authorities, audit authorities and other authorities;
third parties such as service providers who carry out activities on our instructions;
third parties such as outsourced IT providers and file storage providers that we have a processing agreement with;
the platforms for the marketing technology and the suppliers;

This list is not exhaustive.

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will remove your personal data from our systems if:

In the case of Candidates: we have not had any meaningful contact with you for a period of 1 year, unless the law or relevant supervisory authorities require(s) us to retain your data longer. After 1 year, you’ll be asked to renew the retention period. If you accept, your data will be saved for an additional 1 year.
In the other cases: we have not had any meaningful contact with you for a period of 2 years, unless the law or relevant supervisory authorities require(s) us to retain your data longer.

YOUR RIGHTS UNDER THE GDPR

By virtue of the GDPR there are various rights relating to the personal data of yours that we have in our possession. By contacting us, we can discuss this data with you and deal with it by the deadline set for doing so.
Under the GDPR, you have the following rights:

the right to information;
the right to inspect your information;
the right to have the information corrected if it is incorrect;
the right to have the information deleted, as well as ‘the right to be forgotten’;
the right to have the data processing restricted;
the right to object to the data processing;
the right to have your information transferred (data portability);
the right to not be subjected to an automated decision-making process.

The Right To Information

We have a duty to inform you about the personal data of yours that we process. More specifically, you have the right to know what is being done with your information and why. This privacy policy is designed to make you aware of the data processing risks, of the rules that apply for it, of our safeguards and of the way in which you can exercise your rights regarding the processing of information.

The Right To Inspect

You have the right to inspect the personal data that we collect from you. Accordingly, you may ask us at reasonable intervals of time whether we are processing personal data of yours, and if so, which data. We are obliged to comply with such requests and to provide the information available.

If you ask us to do so then we will either provide you with a copy of this information or grant you remote access to the data in a secure environment (such as via a personal account/portal). We will not charge you anything for the copy of the information. However, if you wish to receive multiple copies of it then we will charge you a reasonable fee for this that will be based on our administrative costs. We will provide you with the copy in digital or other written form.

When we receive an inspection request, we check whether you are the person making this request. This check includes establishing your identity. This is especially true for online services.

The Right To Rectification

If the personal data of yours that we process is either incorrect or no longer correct then you have the right to order us to correct this data. You also have the right to have this information supplemented if it is incomplete.

If we have shared your information with other parties then we will inform these parties about the changes, unless it is impossible to do so or would require a disproportionate effort on our part to do so.

We will determine whether something is a disproportionate effort by weighing up your interests against the effort (costs, time etc.) that we would have to make to inform the recipients.

The Right To Deletion and The Right To Be Forgotten

You have the right to have your information deleted by us as soon as possible but only in one of the following cases:

the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
you withdraw your consent for the processing and there is no other valid reason for us to continue with the processing;
you have submitted a well-founded objection to the processing (see The Right To Object);
your personal data was processed unlawfully;
your personal data has to be deleted in order to comply with a statutory obligation that we are subject to;
your personal data was collected in connection with a direct offer of Internet services to a child.

In addition to The Right to Deletion, you have The Right to ‘Be Forgotten’.

In situations where we have made your personal data public (for example by making it available online) and you ask us to delete the information then in addition to deleting the data from our own systems we will take reasonable technical and organisational measures to inform the other controllers (i.e. the parties responsible for data processing) who are processing your personal data that you wish to be forgotten. This means that any and all links to, and copies or reproductions of, the data must be deleted.

By virtue of the GDPR, there are certain situations where we do not have to comply with your request to delete data or to be forgotten. This is the case for instance if the processing is needed to comply with a statutory processing obligation that we are subject to. If in our opinion such a situation exists then we will provide you with a reasoned rejection of your request.

If we have shared your information with other parties then we will inform these parties that the data must be deleted at your request, unless this informing is either impossible or would require a disproportionate effort on our part.

We will determine whether something is a disproportionate effort by weighing up your interests against the effort (costs, time etc.) that we would have to make to inform the recipients.

We are only entitled to refuse to comply with your request for a reason that is stated in the GDPR.

The Right To Restrict The Processing

You can invoke your right to restrict the processing in the following situations:

you dispute the correctness of the personal data at a time when the controller can check the correctness of the personal data;
the processing is unlawful and you object to the deletion of the personal data and request that its use be restricted instead;
we no longer need the personal data for the processing purposes but you need it for the establishment, exercise or defence of legal claims;
you have filed an objection against the processing, in anticipation of an answer to the question of whether our legitimate grounds outweigh yours.

In the aforementioned situations we will ensure that the processing is restricted in such a way that the personal data cannot be processed any further.

If we have shared your personal data with third parties then we will inform them about the processing restriction, unless this informing is either impossible or would require a disproportionate effort on our part.

If we remove the restriction then we will inform you of this beforehand.

The Right to Object

Of the three situations described in the GDPR in which you can exercise your right to object, two of them apply to you in your capacity as Candidate, Client, Temporary Worker, Interimmer or Seconded Worker, Supplier or Website User:

personal circumstances mean that you can file an objection against that processing that is based on our legitimate interest. In that case we will halt the processing unless there are mandatory, legitimate reasons that mean that our processing interest outweighs your interest in having the processing halted;
you can file an objection against the processing of your personal data if we use it for direct marketing. We will always comply with such an objection. We will respond to your request within 30 days, although we may extend this period of time in certain cases.

The Right to Have Your Information Transferred (Data Portability);

If you so desire, you have the right to have your personal data transferred to other controllers. In practice this means that you can transfer your stored data to the provider of another online platform (depending on the nature of the data and the data systems). In order to enable you to do this, we will provide you with the information in a standard computer-readable form that is protected with a password. If desired we can pass on the information for you directly.

The right to portability only applies to information provided whose processing is both automated and based on the following principles:

the unequivocal or explicit consent of the data subject;
the need to have the agreement performed.
The right to not be subject to an automated individual decision-making process, this including profiling
Note: you have the right to not be subject to a decision that is solely based on automated processing (including profiling), if this:
has legal consequences for yourself; or
it has a significant impact on you in another way.

In the following situations, we can use an automated individual decision-making process that may include profiling:

if this necessary for the formation or execution of an agreement between yourself and ourselves;
if you have given us your explicit consent for this;
if we are permitted to do this by virtue of an applicable law that also provides for the protection of your legitimate interests.

The right to submit a complaint to a supervisory authority:
You also have the right to submit a complaint to your local supervisory authority.