Privacy statement for applicants
As an organization we want to meet the requirements of the General Data Protection Regulation (GDPR). We also think it is important to provide our applicants with information about:
- The personal data that we process about you.
- The way we do it.
- The provision of data to others within or outside Europe.
- How long we keep your data.
- How we secure this data.
In addition, we would like to inform you about your rights via this privacy statement. Finally, we would like to let you know who you can contact with questions, requests or complaints. We ask that you read this information carefully.
Important Definitions and Basics
Personal data is any information about an identified or identifiable natural person. For you, this means that this information is directly about you or that this information can be traced back to you. This can, for example, be your name, date of birth and address, but also your employee number, business email address or business telephone number.
Processing personal data concerns all actions we can perform with your personal data, from collection to destruction. So this is a very broad concept. Acts that are in any case covered are: collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, forwarding, disseminating, making available, bringing together, relating, shielding, erasing and destroying of data.
The primary basic principles when processing personal data are:
- Purpose limitation: data may only be processed for a well-defined and explicitly defined purpose. This means that it must be considered in advance why data must be processed (purpose) and which data is necessary for this (principle of necessity: subsidiarity and data minimization).
- Basis: there must be a basis for every data processing. A basis is a legal term. A number of principles are specified in the law. We may only process data if we can make use of one of these bases.
- Proportionality: this principle means that the infringement of the interests of the data subject when processing personal data of the data subject may not be disproportionate in relation to the purpose to be served by the processing.
- Rights: data subjects have rights with regard to the personal data that are processed about them. This concerns the right to information that and what is collected, to access, a copy, supplement, correction, deletion and under the GDPR also of opposition.
- Subsidiarity: it must be examined whether the purpose of the processing can also be achieved in another way that infringes less/no infringement on privacy.
- Transparency: data subjects whose data is processed must know which of their personal data is processed, for what purpose (where applicable) and how they can exercise their rights.
- Responsibility: the person responsible for the processing of personal data must be accountable for taking measures that implement the basic principles with regard to the processing of personal data.
- Care: the data must be handled ‘neatly’. On the one hand, this relates to taking security measures and, on the other, to more organizational and cultural characteristics of handling data.
This Privacy Statement applies to Zestgroup BV and its affiliates, hereinafter collectively referred to as ‘Zestgroup’.
Foundations on which the law allows us process your data
We process your data for one or more of the following reasons, as stated in the law:
- To be able to decide whether we want to enter into an employment contract with you.
- For concluding and/or executing the employment contract.
- To comply with a legal obligation (for example, the correct payment of taxes and premiums or the identification obligation).
- Because we as an organization have a legitimate interest (for example, in the event in which legal proceedings are ongoing or threatened).
- A situation of vital importance (for example in an emergency situation, such as an accident or a condition that requires acute care for you).
- We need your clear and unambiguous consent for certain actions.
Obligation to provide data
You are obliged to provide us with the requested data if we need to process that data, for example to be able to enter into an employment contract, to execute this contract and/or to comply with a legal obligation. In those cases, you cannot refuse to provide the data. If you do, this may mean that we will not employ you or that you will not be able to use certain facilities.
The data we process about you
We only process the following data from you:
- Your name, first names, initials, possible title, gender, date of birth, address, zip code, place of residence, telephone number and other information that we need to be able to communicate with you, such as your e-mail address.
- Information about education, courses and internships you have followed.
- Information about the position you are applying for and your motivation for applying for it.
- Information about the nature and content of your current job, and information about the termination of this current job.
- Information about the nature and content of the previous jobs you have had and the termination of those jobs.
- Other data with relevance to fulfilling the new position, which have been provided by you or which are known to you, such as references.
- Other data necessary for the execution or application of a law.
The processing of the data named above only takes place for one or more of the following purposes:
- The assessment of your suitability for a position that is or may become available.
- Internal control and company security.
- The implementation or application of a law.
With the invitation for the first (acquaintance) meeting, we will ask for your permission to store and process your data. We store the data in the personnel file to be created. If you or we decide at some point to stop the application, we will delete the data and we will only ask to keep your name and date of birth stored for another 6 months, to ensure that we do not approach you unnecessarily again. If we decide to proceed and eventually enter into an employment contract, the data will remain in the file (see also the details for employee below). During the application procedure, no questions are asked about health and absenteeism. If there are reasons that may limit a future deployment with a customer, we assume that you will report them.
Storing your personal data
When storing personal data, our starting point is that we do not keep data longer than is necessary for the purpose for which we processed it. As far as there are any, we observe the statutory retention periods. We can keep data for longer if we have a legitimate interest in doing so (for example, when legal proceedings are ongoing or announced and we must be able to defend ourselves).
Securing your personal data
The security of your personal data is well organized by us through physical, administrative, organizational and technical measures. We therefore have an appropriate level of protection. We also periodically adjust this when necessary.
The reporting and handling of data breaches is also part of the security. A data breach is a breach of the security of personal data, where personal data is (permanently) lost, or unlawful processing cannot reasonably be ruled out.
If you would like to have more information about security in general and data breach handling specifically, view our information security policy.
Under the GDPR, you have the right to ask us with regard to the personal data that we process about you:
- Access to your data (with the exception of any personal notes of the managers and others).
- A copy of your data (excluding personal notes from your manager(s) or others within our organization).
- Information about the processing of your data (this privacy statement also serves this purpose, but you may still have questions that are not answered here).
- Correct information that is factually incorrect.
- Complete incomplete information when necessary for the purpose for which the data is processed.
- In certain cases to have your data removed.
- In certain cases to have the data that we process about you “limited” (please note: we strive to collect as little data as possible (data minimization).
- In certain cases, object to the use of your data.
- If you have provided the data yourself or if data has been created by you and you have given permission for this or the data is necessary for the execution of the agreement, and if the data is processed digitally: to receive your data in a common format and, if technically possible, to have this data transferred to another party in this way.
- Submit a complaint to the competent organization that monitors compliance with privacy legislation in the Netherlands. In the Netherlands, this is the Dutch Data Protection Authority (AP) in The Hague. In this case, we would appreciate it if you first contact us to see if we can resolve your complaint.
If you want to invoke your rights, you can contact the contact persons mentioned in this privacy statement. If we have good reasons to refuse your request, we will explain why.
With questions, requests or complaints about the processing of your personal data, you can contact:
- Ramon van der Wal, CEO Zestgroup | firstname.lastname@example.org | 06-47955409
- Ron Saas, COO Zestgroup | email@example.com | 06-54611786
Changes to Privacy Statement
We reserve the right to change this privacy statement. If it concerns an important change, we will inform you.
Date of this privacy statement
This privacy statement is dated May 22, 2018.
3401 MX IJsselstein
3400 AG IJsselstein