GDPR

Information document on processing applicants' personal data CPM Europe B.V.

This document is intended for job applicants at CPM Europe B.V. (hereinafter: 'the organisation'). The organisation will process [processing means any action involving personal data. For example: collecting, saving, organising, using, forwarding, retrieving, distributing, modifying and destroying data] personal data [personal data refer to all information that can be traced back directly or indirectly to you as a person. For example: your name, address, email address, date of birth, position and salary] in the context of the application procedure. For example, the HR manager may forward your CV and motivation letter to the relevant department manager. We will obviously take into account your right to privacy during this process.

This document answers the following questions:

  1. Who is responsible for processing my personal data?
  2. What personal data does the organisation process?
  3. For what purposes and on what grounds does the organisation process my personal data?
  4. Am I obliged to provide personal data to the organisation, or is it necessary for me to provide them?
  5. For how long are my personal data kept on record?
  6. With which parties are my personal data shared?
  7. Will my personal data be transferred to countries outside the EU/EEA or to international organisations?
  8. What are my rights in terms of the processing of my personal data?
  9. Does the organisation apply automated decision-making?
  10. How are my personal data secured?

The organisation is entitled to change the content of this information document at all times. The latest version is always available on the company website.

1. Who is responsible for processing my personal data?

The organisation is responsible for processing your personal data in the context of the application process. The organisation's identity and contact are shown below.

Organisation

CPM Europe B.V.

Rijder 2

1507 DN Zaandam

+31 75 65 12 611

info@cpmeurope.nl

2. What personal data does the organisation process?

The personal data categories that may be processed with regard to your application are provided below:

  • Identification data (name, address, city, telephone number, email address and so on);
  • Financial data (IBAN);
  • Personal characteristics (age, gender, date and place of birth, nationality, work permit and so on);
  • Data on training courses, qualifications and/or skills;
  • Data on your career (work experience, employment end date and so on);
  • Salary data (salary at previous employer);
  • Personal data under criminal law (certificates of good conduct);
  • The social security number, if necessary to verify the target group register of the UWV;

Most of this information comes from you. You provide it to us in the context of the application procedure, for example in your motivation letter and/or CV, or during a job interview.

The information that is not obtained from you comes from the following source(s):

  • Previous employers or other references;
  • Training centers;
  • Screening or assessment agencies;
  • The Internet (online screening);
  • The Judicial Agency for Testing, Integrity and Screening of the Ministry of Justice and Security (certificate of good conduct);

If we collect information from third parties that are not mentioned in this information document, we will inform you in a timely manner on a separate occasion. If the third party who supplies the data to us has already informed you, we will only provide you with (additional) information if it adds any value.

3. For what purposes and on what grounds does the organisation process my personal data?

The organisation processes your personal data with the aim of selecting and recruiting suitable personnel: if we want to assess whether you are suitable for a vacant position, personal data processing cannot be avoided. The organisation has a legitimate interest in processing these data. It helps us to select the most suitable candidate.

We also need to process data to enter into an employment agreement: without personal data processing, we would not be able to make you an offer.

We also process your personal data for internal verification and safety purposes. It is in the organisation's interest to register who is inside the building.

The final reason for processing your personal data is to reimburse you for any expenses you incurred during the application procedure, if arrangements were made in this respect.

If your application is unsuccessful, the organisation may keep your personal data on file in case any suitable future job vacancies come up for you. The organisation will only store your personal data if you give your consent to do so. You are free to refuse this consent: you will be treated exactly the same as applicants who do give their consent. You are also free to withdraw your consent at any time.

4. Am I obliged to provide personal data to the organisation, or is it necessary for me to provide them?

You are not legally or contractually obliged to provide personal data to the organisation in the context of the application process. However, the provision of personal data is a necessary condition to complete the application process and to possibly enter in an employment agreement with you.

If you refuse access to your completed training courses and work history, the organisation cannot assess whether you are suitable for a particular position. The organisation cannot offer you an employment agreement without personal data such as your name and address.

If you refuse to provide information in one or more areas, the application process may be discontinued.

5. For how long are my personal data kept on record?

We will remove any personal data processed in the context of the application procedure within 4 weeks of the procedure's completion. If you agree to your personal data being stored in order to fill any future job vacancies, they will be kept for no more than 1 year after the procedure's completion.

We may deviate from these retention periods in specific cases where there is good reason to keep the information for a longer or shorter period. One example would be in the event of a legal dispute in order to provide proof.

If your application is successful, we will include the relevant personal data in your personnel file.

6. With which parties are my personal data shared?

Within the organisation, layered access to your personal data will be granted to employees who need this information to do their job. Depending on the nature of the personal data in question, the following persons/departments will have access:

  • The management;
  • HR;
  • Finance;
  • The team leader;

Outside the organisation, your personal data will be shared with the following parties:

  • The UWV;
  • Previous employers or other references;
  • Training centers;
  • Screening or assessment agencies;
  • The Judicial Agency for Testing, Integrity and Screening of the Ministry of Justice and Security (certificate of good conduct);
  • A tax and/or legal consultant;

Personal data will only be transferred outside the organisation for a well-founded reason. For example, the social security number must be provided to the UWV to check whether your name is on the target group register. Personal data may also be provided to a training center to verify the authenticity of your qualification.

7. Will my personal data be transferred to countries outside the EU/EEA or to international organizations?

The organisation intends to transfer your personal data to the following international organisations and/or countries outside the EU/EEA. The protection mechanism of each country or organisation is mentioned. The protection mechanism outside the EU/EEA must ensure that your personal data has the same level of protection as within the EU/EEA.

Country/international organisation

Protection mechanism

United States, CPM Group

CPM Corporate Policy

8. What are my rights in terms of the processing of my personal data?

As an applicant, you have certain rights with regard to the personal data the organisation processes about you. These rights are subject to a number of conditions. You can submit a request:

  • a specification of, and access to the personal data that have been processed about you;
  • to rectify any incorrect data, or to complete any incomplete data;
  • to delete personal data that have been processed about you;
  • to transfer personal data processed about you to a different party;
  • to restrict the processing of personal data about you.

If the data are processed based on your consent, you are always entitled to withdraw this consent. This withdrawal will not affect the legal validity of any data processing that took place before the withdrawal.

If you believe that the organisation is violating the personal data laws and regulations, you are entitled to lodge a complaint with the supervisory authority (in Dutch: de Autoriteit Persoonsgegevens). We obviously hope that you will first raise any complaints with the organisation, but this is not an obligation.

We conclude by informing you that you can contest the organisation's legitimate interest in certain types of data processing by raising an objection. The grounds for this objection must be based on your specific, personal situation.

To exercise the above rights, please contact: Fazia Hussainali (Fazia.Hussainali@cpmeurope.nl). Requests are preferably submitted by post or by email. To ensure that information is not provided to anyone other than the applicant in question, the organisation may require additional information to confirm your identity.

9. Does the organisation apply automated decision-making?

The organisation does not apply fully automated decision-making. All decision-making involves human intervention to prevent any disproportionate and/or wrong decisions.

10. How are my personal data secured?

The organisation has taken the appropriate technical and organisational security measures to protect your personal data. It paid particular attention to the following risks:

  • Destruction
  • Loss
  • Modification
  • Unauthorised provision
  • Unauthorised access

If your personal data are passed on to parties outside the organisation, we will ensure that these parties guarantee an adequate level of security.