Privacy statement for internal employees

Welcome to FlexToday and its related companies. In order to provide our services as best as possible, we collect and use information about you. We are committed to protecting and respecting your privacy. 

This Privacy Statement (Statement) describes your privacy rights in relation to the data about you that we process, as well as the steps we take to protect your privacy. We know it's a lot of information, but please read this Statement carefully. We've added a table of contents so you can jump straight to the topics you find interesting. 

Table of contents 
• What do the terms in this Statement mean? 
• Which personal data is collected and used FlexToday? 
• Why do we use your personal data? 
• What does the law say about this? 
• Do you have to give us the personal data we ask you for? 
• Do we process your personal data without human intervention? 
• How long do you keep my personal data? 
• Do we pass on your personal data to third parties? 
• What rights do you have? 
• Do we use supervisory systems at work? 
• What about data security when using Company systems? 
• How can you contact us? 
• How do we handle changes to this Statement? 

What do the terms in this Statement mean? 
First, it must be clear to everyone what some of the terms in this Statement mean. 
It is probably obvious, but you are referred to in this Statement as “you, you, you, or your”. 
And when we talk about “we, we, us, our” or about the “Company” we mean FlexToday or (one of) its related companies. Supplies through various companies FlexToday several HR activities (Human Resources) such as temporary employment services, secondment, payroll management, recruitment & selection, evaluations, payroll guidance, talent development, training & education, outplacement and international mobility (“our Business activities  

To carry out our business activities, the Company uses various IT systems. In some cases, the Company offers a Self-Service Portal (“Portal") for candidates and staff. Through this Portal you can update your own information, such as your contact and bank details. 

Finally, this Statement concerns information about individuals – such as data about you. This concerns facts about you, but also opinions about you and your views (for example “I am a football fan”). It's not so much about information about the Company (although the two sometimes overlap). This type of information is also referred to as “personal data” or “information that can be traced back to a person”. In this Statement we use the term “Personal details". 

What personal data does the Company collect and use? 
Personal information that the Company typically collects includes: 
• your name, date and place of birth, contact details and qualifications (information, training courses and internships) and all other information you have stated in your resume/CV; 
• if you contact us, in some cases we will keep a record of that correspondence; 
• feedback about you from our staff and third parties you collaborate with or work for, and other evaluations; If you give feedback to others, we usually save it too. These are also your personal data (after all, it is your opinion); 
• we may also collect information about your use of our systems such as (without limitation) your IP address, browser, timestamp, location data, weblogs and other communication data and the resources you use. This information will make it easier to use our systems in the future; 
• information about any limitations and any adjustments we need to make for you in the workplace; 
• We also collect the following data for your employment relationship with the company: 

o your gender, nationality, copy of identity documents, copies of diplomas, proof of address and copies of documents showing that you are allowed to work at the locations where you will be working (visas, work permits, employment permits, etc.); 
o salary details, details of your bank account, (including a copy of your bank card) your Citizen Service Number (BSN), your tax rate group, wage tax statement, tax number, any (voluntary) deductions; 
o attendance and absence records, time spent on assignments, training, promotions, investigations and disciplinary matters; 
o information about your use of our IT systems and company buildings (including camera surveillance and door intercom systems); 
o business travel information (travel dates, credit card details, passport number, expenses incurred) for negotiating, arranging and purchasing all travel-related matters (e.g.: airline tickets, train, hotel & rental car reservations) and the reimbursement of travel expenses; 
o photos and videos of your presence at training or similar sessions (during the session you will be given the opportunity to indicate that you do not wish to be photographed or video recorded); and 
o photos and videos of your presence at training or similar sessions (during the session you will be given the opportunity to indicate that you do not wish to be photographed or video recorded); and 
o in situations where this is strictly necessary and legally permissible, we may also process certain medical data about you.

Why do we use your personal data? 
The Company collects and processes personal data for the following reasons (purposes): 
1. to fulfill our obligations to you as an employer or customer (in the case of individual contractors) when you start working for the Company; and upon commencement of your work for the Company: 

a) to comply with your employment contract as well as all other agreements and rules that our employment contract or other contractual relationship with you must comply with;
b) to implement and improve talent management policies (including general analysis of talents in the workforce); 
c) to carry out other HR activities (such as task management, attendance and absence management, training management and people management, cost management and disciplinary procedures); 
d) to manage shares and other assets to which you may be entitled; 
e) promote the security and protection of people, premises, systems and assets; 
f) ensuring compliance with internal policies and procedures; 
g) manage communications and other systems used by FlexToday (including internal contact databases); 
h) investigate and respond to incidents and complaints; 
i) comply with obligations and cooperate with investigations by the police, government or regulators; 
j) in the case of photos or videos of training sessions, reporting internally and to third parties that the training sessions have taken place and recording their content (for example in internal updates) as well as internally marketing similar sessions; or 
k) participate in a possible or actual takeover, sale or joint venture of a (part of a) company or company in which a member of FlexToday wants to participate. 

2. to comply with legal obligations where necessary 
3. to further develop and improve our systems/processes; This mainly happens in the context of new IT systems and processes so that data about you can be used to test the new IT systems and processes where dummy data cannot fully simulate the operation of that new IT system. 
4. to conduct studies, statistical research and analysis, for example to compare the effectiveness of employee placement with clients in various industries and geographic areas to identify factors that could influence any differences we may experience in doing so to note; 
5. to transfer data to third parties (see below). 

What does the law say about this?
The law states that there must always be a “legal basis” to be able to process data that we have about you. 
When you with FlexToday works, the processing of personal data for all stated purposes is based on processing grounds such as the performance of a contract to which the data subject is party (see above – purposes 1), processing is necessary to comply with legal or regulatory obligations (purposes 1 and 2) and/or processing is required in the legitimate interests of FlexToday and its staff to conduct a business in a manner that does not unduly harm your interests or fundamental rights and freedoms (purposes 1, 3, 4 and 5). If processing is necessary for the legitimate interests of FlexToday, we ensure that the processing is carried out in such a way that our legitimate interests outweigh the interests of any individual. We only process your personal data on the basis of other grounds when you give permission for this (another processing ground). 

Do you have to give us the personal data we ask you for? 
Providing your personal data is a requirement to enter into a contract with you and/or to maintain that contract. This means that it is necessary that we have your data. 
In addition, if you do not provide us with your personal data, you will not be able to participate in certain processes such as career development. 

Do we process personal data about you without human intervention? 
Yes, that's true. The Company uses automated systems/processes and automated decision-making (such as profiling) to provide you and our customers with the services you request from us. For example, if our customers are searching for candidates for a position, we can perform a search of our candidate lists based on automated criteria to create a shortlist. 

How long do you keep my personal data? 
The retention periods of your personal data depend on the respective purpose for which this data is processed. It is not possible to provide an overview of the various retention periods in a reasonably comprehensible format in this privacy statement. The criteria used in determining the applicable retention period is that we will retain the personal data described in this privacy statement for as long as (i) is necessary for the respective purpose, (ii) is necessary to conduct our business relationship with you to perform, (iii) you have given permission for this and/or (iv) it is required in accordance with the retention rules determined by law. The Company may (and in some cases we are legally required to do so depending on the type of data) retain your data for a number of years after your employment contract with us ends. In general, we store data about taxes and your employment contract, financial data (including payrolling data and data about your salary, etc.) for a maximum of 7 years after the end of the employment contract. We only use sensitive data if this is strictly necessary and legally permitted. 

Do we pass on your personal data to third parties? 
As previously indicated, we normally disclose your data to third parties. We do this to fulfill the purposes stated above. We do this in the following circumstances: 

• To our suppliers. For example, we may hire a supplier to carry out administrative and operational work to support our relationship with you. The supplier(s) are bound by contractual and other legal obligations to handle your data confidentially and to respect your privacy, and they only have access to the data they need to carry out their work; these suppliers are usually IT service providers (who host or support our IT systems as well as information about you), company building managers (who oversee the physical security of our company premises and therefore need to know who you are in order to grant you access), HR-related service providers (who carry out payroll processing or additional employment benefits on our behalf such as workplace catering services for employees and colleagues), travel providers (who manage and organize travel for colleagues and employees) or back-office financial and administrative service providers (who may process personal data of employees and colleagues have to process for the accounts receivable and accounts payable). 
• To members of FlexToday in the Netherlands for necessary intercompany data exchange. 
• We share your information with government, police, regulators or law enforcement authorities if we, in a discretionary manner, believe that we are legally required to do so, have the right to do so or if it would be necessary to do so in the interest of prudence; and 
• when, as part of due diligence relating to (the execution of) a merger, acquisition, change of service provider or other business transaction, we need to disclose your data to the potential buyer or seller, new service provider or their advisors. 

What rights do you have? 
• The right to access and obtain a copy of your personal data: 
You have the right to request confirmation as to whether we process your personal data. If that is the case, you have the right to access your personal data and to certain information about how it is processed. In some cases you can ask us to send you an electronic copy of your data. If a self-service system such as a Portal is available, we encourage you to download your data via this option. 
• Right to correct your personal data 
If you can demonstrate that the personal data we have about you is incorrect, you can ask us to update or otherwise correct this data. If a self-service system such as a Portal is available, we would like to suggest that you update your details via this option. 
• Right to be forgotten/to have data deleted 
If it is not necessary for us to keep or process data for any other reason, you can ask us to stop processing your data (or limit it) or to erase some or all of your personal data. 
• Right to object 
To the extent that the processing of your data is based on the legitimate interests of the Company (and not on other processing grounds) or relates to direct marketing, you have the right to object to the processing of your data by the Company based on your personal situation. 

If you would like to exercise any of your rights, please send an email to privacy@flextoday.nl. If you contact us by email to exercise your rights, the Company may ask you to identify yourself before taking action on your request. 

Finally, you also have the right to file a complaint with the Dutch data protection authority, i.e. the Dutch Data Protection Authority. Den Haag. 

Do we use supervisory systems at work? 
To the extent permitted by law FlexToday reserves the right to control, monitor and record access to, use and content of any data held or processed by the Company's IT systems. We do this for the purposes (e) and (h) we have described above. We would like to mention this point separately so that you are aware that your use of work-related IT systems can be monitored by others. 

What about data security when using Company systems? 
You are responsible for maintaining the security of your login details to the Company's systems, in particular the password that we have assigned to you or that you have chosen yourself. These login details are for personal use only. You may not share login details or other account information with others or third parties. 

How can you contact us? 
Do you have any questions or comments about this Privacy Statement or would you like further information about how we protect your personal data and/or if you would like to contact the Data Protection Officer (DPO) of FlexToday, please email us at privacy@flextoday.nl.

How do we deal with changes to this Privacy Statement? 
The terms of this Statement may change from time to time. We will post any material changes to this Statement by providing appropriate notices on the We! site or by contacting you through other communication channels. 

FlexToday,
May 2019