Privacy statement job applicants

1. General

Dataprovider, with its registered office at Van Elmptstraat 10, 9723 ZL in Groningen (hereinafter: "the organisation", "we" or "us") may collect your personal data in the context of the job application procedure when you apply to us, do a personal assessment or, for example, participate in a pre-employment screening. This Job Applicant Privacy Statement applies to the collection and processing of the personal data of applicants (hereinafter: "you"). Please also refer to our standard Privacy Statement at: https://www.dataprovider.com/privacy/ for other privacy related matters.

Protecting your privacy and the security of your personal data is important to us. We process your personal data in accordance with the EU General Data Protection Regulation and/or applicable local privacy laws.

We may change this Privacy Statement for Applicants from time to time. You can always request the previous version of the Privacy Statement from our Data Protection Officer via privacy.officer@dataprovider.com. We recommend that you visit this website regularly to determine whether you have the most recent version of the Privacy Statement, and that you do so each time you share your personal data with us.

This Privacy Statement was last modified in March 2025.

2. Who is responsible for the processing of personal data?

We are responsible for the processing of your personal data. You can find our contact details at the end of this Privacy Statement, under the section “Contact”.

3. Why do we collect your data?

We collect the following personal data:

• To process your job application.
• To manage your requests and questions.
• To invite you to participate in research relating to us, provided you have chosen to be contacted by us.

4. What personal data do we collect from you?

When you apply, we may process the following personal data:

• Your name, address and contact details, including email address and (mobile) telephone number.
• Your gender, date and place of birth.
• Information about your competencies, skills, experience and education, for example your curriculum vitae (CV), cover letter, employment history, education details and qualifications, third-party references.
• Your preferences, for example preferred country of employment, areas of interest.
• Data generated by your participation in personal assessments. You will receive more information about the nature of such assessments before you participate.
• Information regarding pre-employment screening for integrity and competence, depending on the position you are applying for.
• Your nationality and right to work in the Netherlands.
• Your photos and video recordings when you visit our office.
• Information about your social network accounts (LinkedIn, Instagram).
• Through cookies and similar technologies we may collect: IP address, device type, browser type, language settings, the links you click while using our sites and services, dates and times of connection to a website and other technical communication information.

5. Newsletters and other commercial communications

When you have subscribed, we can send you newsletters. When you unsubscribe from commercial communications from us, we will remove you from the mailing list as soon as possible. The fastest and automated way to unsubscribe is to click on the "unsubscribe" link at the bottom of the email.

6. How do we collect your personal data and for what purpose?

We collect your personal data in the following ways:

• When you visit our website for applicants.
• If you complete the job application form on our website.
• If you choose to enable the vacancy alert function.
• By email or telephone.
• During interviews.
• Through assessments.
• By searching for suitable candidates through platforms such as resume (CV) databases and professional networking sites.
• By conducting a pre-employment screening for integrity and competence.
• From third parties, for example via a reference from your previous employer or an external (recruitment) agency.
• For example, when you visit an office for an interview where we have CCTV in operation.
• From companies within our group.

7. Social Media

When you participate in social media, such as Instagram, LinkedIn, Facebook, Twitter/X, Pinterest, you should be familiar with and understand the tools provided by those sites that allow you to make choices about how you share the personal information in your social media profiles. We are bound by the privacy practices and policies of these third parties, so we encourage you to read the applicable privacy notices, terms of use, and related information about how your personal information is used in these social media environments. Depending on the choices you have made with respect to your settings on various social media sites and in combination with your settings on our products, services, websites and apps, certain personal information may be shared with us about your online activities and social media profiles, for example through Facebook Connect or Google Connect. If you do not want us to share your personal information with a social media site or job application, you should not access such social media site or social media job application. For example, you should not click a "like" button on a product detail page.

8. Legal bases

The legal bases for processing this personal data (depending on the person and the circumstances) are:

• Use of information based on your consent: If you allow us to store your CV for more than 1 month. You can withdraw your consent at any time (see the Your Rights section below).
• An agreement between you and us, such as an employment contract
• Our legitimate interests: We may use your personal data for our legitimate interests, such as to operate and expand our business; to enable us to make a corporate transaction such as a merger, sale, reorganization, transfer of our assets or businesses, acquisition, bankruptcy or similar event; or for other legitimate purposes permitted by applicable law. By this we mean a legitimate interest as described in Article 6.1(f) GDPR. We have carried out a balancing test to weigh our legitimate interests (as described above) against your interests, rights and freedoms. We believe that the processing is necessary to achieve our interests. It is relevant to note that the interference with your privacy rights and freedoms is kept to a minimum as we use pseudonyms, aggregated data and other Privacy by Design principles where possible. We have a policy to monitor and continually improve this. Our internal audit will oversee this. Only a limited number of employees have access to your personal data, and only when necessary to perform their duties. We have carefully protected your personal data (see "How we protect your personal data" below). In view of the above, we believe that there are no interests, rights or freedoms that are more important to you than our legitimate interest in carrying out our activities as well as possible.
• To comply with our legal obligations: personal data that we collect may be used to comply with a legal obligation to which we are subject, such as regulators, tax authorities or the police or public prosecution, for example to provide camera images in the event of incidents.

9. How we protect your personal data

We have taken technical and organisational measures to protect your personal data against loss or any form of unlawful processing. We protect your personal data using a range of security measures, including secure storage. Our information security framework includes regulations on the security of personal data (assignment of responsibilities), management of company assets, physical security of the buildings, access control and authorizations for staff members, maintenance and development of systems, calamities, business continuity, monitoring of potential threats (external or internal), monitoring of information security incidents and performing a periodic security audit of the systems.

10. Retention periods of job applicant personal data

In accordance with the guidelines of the Dutch Data Protection Authority, we will retain your CV for 1 month after the job application procedure has been completed. Unless you have given permission to retain the data for a longer period. In that case, we will retain the personal data for up to 2 years after the job application procedure has been completed.

We will delete personal data sooner if you request us to delete your personal data, unless we are not allowed to do so by law.

11. Do we share your personal data with third parties?

Our basic principle is that we (a) do not sell your personal data to third parties, (b) only share your personal data with other Dataprovider companies (intragroup) if necessary and (c) store your personal data in the EU. In some cases, however, we have to share your data with third parties, for example in the context of the execution of an agreement. We sign a processing agreement with these companies. If our suppliers or third parties with whom we collaborate are located in a country outside the European Economic Area (EEA) or store their data outside the EEA, we have an agreement with these parties to protect privacy in a way that is comparable to data protection in the EEA, such as the EU Standard Contractual Clauses, because the data protection regulations in these countries do not always offer the same level of protection as within the EEA. We may also provide your personal data to third parties to comply with laws and regulations or in the context of legal proceedings, a court order or other enforceable title.

12. Your privacy rights

You have the right at any time to ask us for access to the personal data we have stored about you. You have the right to request:

• Access to your personal data (access)
• Changing or correcting your personal data (rectification)
• Request that we delete your personal data (erasure/right to be forgotten), unless we are required to retain specific personal data to comply with our legal obligations, or in the context of legal proceedings.
• Restrict the processing of your personal data (restriction).
• To transfer your data to another data controller or to yourself, if we process your data based on your consent or based on the agreement you have entered into with us (data portability).
• object to the (further) processing of your personal data if we have processed your data on the basis of our legitimate interests (objection).

To ensure that the request for access has been made by you, we ask you to send a copy of your ID with the request. In this copy, black out your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Citizen Service Number (BSN). This is to protect your privacy. We will respond to your request as soon as possible, but in any case within four weeks.

If you would like to know more or exercise your rights, please contact us at: privacy.officer@dataprovider.com.

13. Minors who provide personal data

The age limit for minors to obtain parental consent is set by each EU Member State and can vary from 13 to 16 years. Minors may only provide us with personal data if they have written permission from one of their parents or a legal guardian.

14. Complaints

If you have a complaint about our products or services, please contact us via Customer Service. For contact details, see the "Contact" section below.

If you are not satisfied with the handling of your privacy complaint about the way in which the organisation processes your personal data, please contact our Data Protection Officer at: privacy.officer@dataprovider.com.

If you are still not satisfied with the handling of your privacy request or the way in which the organisation processes your personal data, you can contact the Dutch Data Protection Authority, PO Box 93374, 2509 AJ The Hague.

15. Questions and Contact

If you have any questions about the way we handle your personal data, please contact the Privacy Officer of Dataprovider. Send your email to privacy.officer@dataprovider.com or send a letter to: