Our collaboration and privacy
How we handle the privacy of the people we work with
We have of course drawn up a Privacy Statement for our clients. But what about the privacy of the ladies and gentlemen (and more) we work with? We explain this in more detail in this blog.
The protection of the personal data of the people we work with is of great importance to us. There are a number of reasons why we process personal data. Under the GDPR legislation, this is called the legal basis. The bases for processing personal data of persons we work with are for the performance of our collaboration, to comply with a legal obligation, to protect the vital interests of our clients and the persons with whom we work, for the fulfillment of a task of general interest or of a task in the exercise of public authority entrusted to us and to promote the legitimate interests of our company.
We process the personal data of the people we work with for the payment of taxes and premiums, the processing of the fees and (drafting) the collaboration agreement. For this we have name and address details, date of birth, social security number, gender and marital status, document number and expiry date of proof of identity, IBAN, e-mail address, telephone number(s), preferences and experiences.
We process this personal data in a number of places. For example, we work with a custom application that allows us to manage the bookings and administration of the people we work with, among other things. It may also be necessary for us to share the personal data with our accountant, legal and tax advisers and authorities such as the tax authorities, the municipality and the police, so that we can comply with our legal obligations. According to these same legal obligations, we are obliged to keep tax data (payslips, annual statements and other financial data) for 7 years. We keep other data such as the documents that we sign for a collaboration for 5 years. After these durations, the data will be deleted.
The GDPR legislation is not only about obligations. It’s also about rights. For example, people we work with have the right to request their own personal data. This can be done via email@example.com. In addition, under the GDPR, there is the right to rectification (Article 16 Dutch AVG), the right to erasure (Article 17 Dutch AVG), the right to restriction of processing (Article 18 Dutch AVG), the right to object (Article 21 Dutch AVG) and the right to lodge a complaint and the right to data portability, provided that the requirements set out in the above articles are met. If there is a legal basis for the processing of the personal data, the deletion of the personal data concerned cannot be requested, unless one of the cases referred to in Article 17(1) of the Dutch AVG applies. In the case of the provision of data for the implementation of the collaboration, it is also not possible to request the removal of the personal data concerned.
A data breach is a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, data transmitted, stored or otherwise processed. That infringement can also occur accidentally. For example, there is a data breach if you send an e-mail with personal data to an incorrect e-mail address. If there is a data breach of personal data, regardless of intentional or unintentional, this must be reported immediately via firstname.lastname@example.org. If direct reporting is not possible, a data breach must in any case be reported within ten hours.
The privacy of people we work with is already well regulated by the GDPR. We go the extra mile by working with a (mutual) confidentiality clause. During a collaboration, people may come into contact with personal data of others, such as that of another person with whom we work or a client. This data may not be shared, reproduced or made public.
Finally, we do everything we can to guarantee the privacy of the people we work with. We do this, among other things, by being very careful with the images we have of the people we work with. In the online presentation of the profile, all information will be truthful, but generalized in such a way that this information is not traceable. We also provide the people we work with with advice on how they can best guarantee their own privacy, both during bookings and in private.