This is the Privacy Statement for users of our Select service and our other solutions to align the supply and demand of a contingent workforce. Select is an online hiring platform where independent professionals and suppliers of professionals can meet. Select is provided by HeadFirst B.V. and its affiliated entities. In what follows, we will use HeadFirst, we, our and us to refer to the data controllers in this Privacy Statement.
We process your personal data when you use Select, when you visit one of our websites, including www.headfirst.nl, and when you contact us. For example, you can contact us via email, request information and chat with us via our website. We may also process your personal data when a supplier you work with enters your personal data in Select.
Carefully handling your personal data is important to us and we like to be clear about this to all Select users and other persons whose personal data we process (hereinafter referred to as “Data Subjects”). In this Privacy Statement, we will explain how we handle your personal data.
Who are the controllers?
The controller is the party that determines how and why personal data are processed. The controller determines the purpose of and the means for the data processing. Under the General Data Protection Regulation (GDPR), most obligations rest with the controller and it is also the first point of contact for you as the Data Subject.
HeadFirst has joint data controllers. This means that several parties jointly determine how your personal data are processed. We have designated a principal controller to make sure it is clear to Data Subjects who they can contact if they have queries or complaints. This is HeadFirst B.V., with its registered office at Polarisavenue 33, 2132JH in Hoofddorp. You can reach us by telephone on +31 (0)23 568 56 30 and by email via email@example.com. Other entities from our group that may process your personal data as a controller are the following:
If you are a professional whose personal data are provided to us by a supplier and you yourself are therefore not using Select, that supplier is classified as an independent controller. In that case, the supplier determines the purpose and the means, and is the first point of contact for you if you want to exercise your rights under the GDPR. The supplier may have its own privacy statement and its own terms and conditions. We advise you to read them.
What personal data do we process?
What personal data we process depends on the services you are using and the capacity in which you are using those services.
Visitors to our Websites, readers of our mailings
Independent professionals who use Select
Where required by law, we will check your identity by means of a valid identity document. We may also call in the assistance of an external service provider to check your identity document on our behalf. This will be done digitally. The service provider processes the personal data on your passport, your photo and your email address. We will receive the outcome of that check and the date on which it was carried out. If you do not want your identity document to be checked digitally, you can opt to come by our office for the ID check. We will record when your ID was checked and information about the identity document that was checked, such as the type of document, country of issue, number and term of validity. If you are a national of a country outside the European Economic Area (EEA) or Switzerland or if you have Croatian nationality, we may ask you for a work permit. In that case, we may store a copy of your passport and a copy of the permit concerned.
Clients who use Select
Clients may put assignments in Select. We process personal data of the contacts of our clients. If you are the contact for a client, we may process the following personal data: data about the organisation where you work, your email address, telephone number, mobile telephone number, password, profile number, data about the creation of your client account and its status, and data about the contact you have had with us.
Suppliers who use Select
Suppliers are organisations who provide professionals they work with through Select to the organisations affiliated with us in their role as client. If you are the contact for a supplier, we may process the following personal data: data about the organisation where you work, your email address, telephone number, mobile telephone number, password, profile number, data about the creation of your supplier account and its status, and data about the contact you have had with us.
Professionals who are signed up by a supplier or another third party
If you did not sign yourself up to Select, but were signed up by a supplier who put your personal data in our system, we may process those personal data in line with this Privacy Statement. We may process your personal data for the purposes specified in this Privacy Statement under ‘Services’ and ‘Compliance and security’. We have a legitimate interest in this further processing, i.e. to be able to provide our customary services, to comply with agreements with and assignments from suppliers and clients, and to be able to meet the applicable market quality standards. We also have a legitimate interest in ensuring that the supplier who works with us can fulfil its obligations to you and in ensuring that you can be used for the selected assignment. We always weigh up our interests and your privacy interests as a Data Subject. If you want more information on this weighing up of interests, please contact us via the contact details stated under ‘Who are the controllers’ in this Privacy Statement.
If you were signed up by a supplier, you do not have your own account with your own password. The supplier provides your personal data to us and is the controller in that respect. If you want to know more about how the supplier handles your personal data and which of your personal data it discloses to us, we advise you to read the supplier’s privacy statement or to ask the supplier for information. We are neither responsible nor liable for the personal data that the supplier processes. This Privacy Statement solely covers the further processing of personal data by us.
For what purposes do we process personal data?
Our core activity is to mediate in the hiring of external professionals and contract management. Select facilitates simple matchmaking between professionals and clients. In that context we process your personal data for the following purposes:
Compliance and security
On what grounds do we process personal data?
We process personal data only if there is a legal basis for doing so.
We carry out pre-employment screening for some assignments. We do so because the client requests it, e.g. because it is required by law (e.g. under the Financial Supervision Act (Wet financieel toezicht)) or because it follows from the nature of the assignment. Where necessary, we will inform you that screening is part of the selection procedure for the assignment you are eligible for and we will explain how we are going to carry out the screening.
If a client indicates that screening is desired or required, we will always check the nature of the assignment, how the screening needs to be carried out and what the client’s legitimate interests are. We will weigh up the client’s interests and your privacy interests. We will only carry out the screening if your privacy interests do not impede it.
If we carry out screening, we will process data about your suitability, reliability and integrity that are relevant to the performance of the assignment. The extent of the screening depends on the assignment. We may, in any event, check the data that you or the supplier completed in Select as part of the screening. Added to that, and depending on the nature of the screening, we may process information about references, former employers/clients, antecedents, data on previous performance, suspension or dismissal, a certificate of good conduct or a certificate of no-objection and a list of ancillary positions.
Depending on the nature of the screening, we disclose your personal data to the client. We may also ask you to fill in a screening form provided by the client. The information completed on the form is only processed for the deployment at the client stated on the form and shared with this client, unless otherwise agreed. It is also conceivable that we carry out screening and only let you know whether you completed the screening with a positive result. In that case, we will not share any other data with the client.
If you are a professional, we may analyse the personal data you have disclosed which relate to your professional background and prepare profiles based on those data. That helps us to ascertain which assignments and which clients would best suit your knowledge and experience. We prepare profiles using the keywords you have filled in and one of our staff members will check the result. Added to that, we may use special software to match the text in your profile and CV with an assignment.
We will not take fully automated decisions (without human intervention) that significantly impact you as a professional on the basis of the profiles prepared by us and the outcomes of the matching software.
We offer you the option to subscribe to our newsletters and to other direct-marketing communications from us or from other companies within our group. If you have consented to this, we may also send you messages about initiatives taken by our associate partners. You can easily unsubscribe from our communications at any time by using the unsubscribe link in the emails or by updating your preferences in your profile environment.
We use conventional tracking techniques that provide information on the reach and effectiveness of our direct marketing communications. This enables us to improve our service provision and to focus our information and communications on the relevant target groups.
Who can access your personal data?
Our staff members can access your personal data on a need-to-know basis. This also means that people working for the companies affiliated to us can access your personal data to the extent necessary to provide our services.
In certain situations, we may share personal data with third parties. We will do so only if this is necessary to provide our services and if it is in keeping with the purposes described in this Privacy Statement.
Will your personal data be safe?
We have taken appropriate technical and organisational security measures in order to protect the personal data we process against loss or unlawful use. For example, we secure our systems and applications in accordance with the information security standards currently in force. In addition, we have made arrangements with our service providers and obliged them to take adequate security measures.
Will your personal data be processed outside the EEA?
In principle, we process your personal data within the European Economic Area (EEA). We use servers that are in Europe and our group companies are established in the EEA. Because we may use the services of processors who have their main establishment outside the EEA, it cannot be ruled out that we may share personal data with organisations outside the EEA, either directly or indirectly. Where this is the case, we will take appropriate measures to legitimise such processing, including entering into a transfer agreement on the basis of standard contractual clauses (SCCs) approved by the European Commission. If required, we will take additional measures to ensure an adequate level of protection. If you want to know more about the transfer of personal data and how this is legitimised, contact us using the contact details provided in this Privacy Statement.
How long do we retain your personal data for?
We retain personal data only for as long as this is necessary for the purposes described in this Privacy Statement. We have drafted a retention policy in this regard. This includes the following retention periods:
What are your rights regarding your personal data?
Under privacy legislation, you have a number of rights in relation to your personal data and their processing. You can invoke your rights by contacting us using the contact details provided in this Privacy Statement under the heading “Who are the controllers?” We will assess your request and handle it within one month. If we need more time to comply with your request, we will let you know within one month that we will need another two months. We may ask you additional questions after you have submitted your request in order to establish your identity. Alternatively, we may ask you to specify your request.
Access to personal data
You have the right to hear from us about whether we are going to process your personal data and, if so, to be granted access to those personal data and to obtain additional information about the processing of your personal data. If you are a supplier or a professional, you can access your personal data clearly and easily by logging in to Select. If you want a more complete overview or more information about the data processing, you can submit a request for access to us.
Right to rectification
You are entitled to the rectification of incorrect or incomplete data. You may also supplement your personal data. If you have access to Select as a professional, you can supplement or alter your personal data in it.
Right to be forgotten
In certain circumstances, you are entitled to the deletion of your data. At your request, we will remove your personal data if processing is no longer necessary. If you have access to Select as a professional, you can delete your personal data in it.
Right to restriction of processing
In some instances, you are entitled to restrict the processing of your personal data, for example if you are of the opinion that your personal data are not correct. If we grant your request for a restriction, we will not be allowed to process your personal data for as long as that restriction applies.
Right to data portability
You have the right to receive the personal data you have disclosed to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller, where the processing is based on your consent or an agreement.
Right to object
You have the right to object to the processing of personal data based on HeadFirst’s legitimate interests. HeadFirst will then no longer process the personal data unless we can demonstrate that there are grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of a legal claim.
Where personal data is processed for direct marketing purposes, you can unsubscribe in any communication.
If you have any complaints about how we deal with your personal data, you can telephone us on +31 (0)23 – 568 5630. Alternatively, or you can send an email to firstname.lastname@example.org. We would be happy to help you find a solution. If you are not satisfied, then you can always contact the Dutch Data Protection Authority.
Events evolve rapidly, which can sometimes lead to changes in your personal data which we ask of you and process. Laws and regulations can also change. Consequently, we may amend this Privacy Statement from time to time. The amended Privacy Statement will be published on our website, stating the date when the amended version becomes effective. If there are substantial or material changes that could considerably affect one or more Data Subjects, we will also endeavour to inform the Data Subjects in question about that directly. This Privacy Statement was most recently amended on 15 December 2020.