Privacy Policy LimosaLimosa BV
Introduction
As part of our services, we process personal data. We may have received this data from you, for instance, via our website, email, phone, or app. Additionally, we may obtain your personal data from third parties (such as your employer) in the course of providing our services. This privacy policy informs you about how we handle this personal data.
Personal Data to be Processed
The personal data we process depends on the exact service and circumstances. Typically, the following data is involved:
- Name, address, and location details;
- Date and place of birth or age;
- Gender;
- Contact details (email addresses, phone numbers), and the name and position of contact persons;
- Copy of identification document (only if necessary);
- Citizen service number (only if necessary);
- Salary and other data required for tax returns, salary calculations, etc.;
- Marital status, partner details, and possibly information about children (as required for, for example, tax returns);
- Bank account number;
- Data on previous education and job positions (in the context of an application);
- Data about your activities on our website, IP address, internet browser, and device type.
Purposes and Grounds for Processing
In some cases, we process personal data to comply with a legal obligation, but usually, we do so to carry out our service agreements. There may also be a legitimate interest in processing personal data, such as in the case of a job application process.
Some data is recorded for practical or efficiency reasons, which we may assume are also in your interest, such as:
- Communication and information provision;
- Providing our services as efficiently as possible;
- Invoicing and collection.
We may contact you to request feedback on services provided by us or for market or other research purposes. If you do not appreciate this, please read your rights below.
In some cases, we may want to process personal data for reasons other than those mentioned above and will explicitly ask for your consent. If we wish to process data for other or additional purposes based on your consent, we will first ask for your consent again.
Finally, we may also use your personal data to protect the rights or property of ourselves and our users and, if necessary, to comply with legal proceedings.
Applicants
We would like to inform applicants of the following. You are asked not to include your citizen service number or religious beliefs in your application letter, nor are you required to attach a photo or copy of your ID. If this becomes relevant, it will be addressed later in the application process. Your application will be stored by the responsible employee during the recruitment process and will be destroyed afterward. If we are interested in your profile but cannot invite you for an interview immediately, we may ask for your explicit consent to keep your application on file for up to 12 months.
Disclosure to Third Parties
As part of our services, we may use third-party services, for example, when these third parties have specialist knowledge or resources that we do not have. These may be processors or sub-processors. Other third parties who, although strictly speaking not processors of personal data, may have or could have access to it, include our system administrator or advisors whose advice we seek concerning your assignment. If involving third parties means they have access to personal data or record and/or otherwise process it themselves, we will enter into (written) agreements with them to ensure they comply with all obligations under the GDPR. Naturally, we will only engage third parties whom we can reasonably assume are reliable and handle personal data appropriately and in compliance with the GDPR. This means that these third parties may only process your personal data for the purposes mentioned above.
Of course, it may also be the case that we are required by law to disclose your personal data to third parties. We would also like to point out that if you send us a public message via social media, others may take notice of this message. Therefore, send sensitive information by other means as much as possible.
Processing within the EEA
We will only process personal data within the European Economic Area (EEA), unless you agree otherwise with us in writing. Exceptions include situations where we want to track interactions via our website and/or social media pages (such as Facebook and LinkedIn). For example, think of visitor numbers and requested web pages. Your data is stored by third parties outside the EU when using Google Analytics, LinkedIn, or Facebook. These parties are EU-US Privacy Shield certified, meaning they must comply with European privacy regulations. This mainly concerns a limited amount of sensitive personal data, specifically your IP address.
Security
We have taken appropriate organisational and technical measures to protect personal data, to the extent that can reasonably be expected of us, taking into account the interest to be protected, the state of the art, and the costs of the relevant security measures.
We require our employees and any third parties who necessarily have access to personal data to maintain confidentiality. Furthermore, we ensure that our employees receive appropriate and complete instructions on handling personal data and are sufficiently aware of the responsibilities and obligations under the GDPR. If you wish, we would be happy to explain in more detail how we ensure the protection of personal data.
Your Rights
You have the right to access, correct, restrict, or delete the personal data we hold about you (subject to any legal obligations, of course). You may also object to the processing of your personal data (or a part thereof) by us or by one of our processors. Additionally, you have the right to have the data you provided transferred to you or directly to another party if you so wish.
Complaints
If you have a complaint about the processing of your personal data, we kindly ask you to contact us. If this does not lead to a satisfactory outcome, you always have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens); the supervisory authority in the field of privacy. You can find the contact details of the Dutch Data Protection Authority on their website www.autoriteitpersoonsgegevens.nl.
Retention Periods
We will not retain your personal data longer than necessary for the purpose for which it was provided (see the section ‘Purposes and Grounds for Processing’). This means that your personal data will be kept as long as necessary to achieve the relevant purposes. Certain data must be retained for longer periods (typically 7 years) because we are required to do so by law (for example, the fiscal retention obligation) or due to regulations from our professional association.
Personal Data Incidents
In the event of an incident (a so-called data breach) concerning your personal data, we will notify you, unless there are compelling reasons not to, if there is a high risk of negative consequences for your personal privacy and its realisation. We aim to do this within 48 hours after we discover the data breach or are informed of it by our (sub)processors. We will, in any case, always report a data breach to the Dutch Data Protection Authority.
Changes
Undoubtedly, our privacy policy will be modified from time to time. The most recent version of the privacy policy is logically the applicable version, and this can always be found on our website.
Finally
We hope this privacy policy has provided you with a clear understanding of our privacy practices. However, if you have any further questions about how we handle personal data, we would be happy to hear from you.
The central contact person for privacy matters in our organisation is Leonard de Mol van Otterloo:
E: leonarddemolvanotterloo@gmail.com
M: +31 6 30 31 46 23