Employee Data Protection Directive

 

Goal of this directive

For whom?
This directive is for employees of Precedence BV and in particular for the HR manager and the unit managers and board. This directive is not about customer data.

Privacy is comprehensive theme. As employee you often (unconsciously) have to deal with privacy-sensitive data. It is impossible to make a check list in the field of privacy, that answers to all possible questions and situations from praxis. Often you can’t indicate exactly what is and what isn’t allowed. There is a grey area. Basic assumptions in recording data are that you do it professionally and only if the data is necessary for the development of the employee within Precedence (in addition to legal rules and data required from tax rules)

What are personal data?
Personal data is information you can trace back to a natural persons, such as name, address, residence, date of birth and citizen service number.

What does ‘processing’ mean?
Processing includes all actions you perform with personal data, such as inspection, copying, storing, forwarding, adjusting, archiving, deleting or recording data.

Whose personal data is recorded and what data is recorded?

  • People that apply for a job with Precedence
    • Letter of application and CV with personal data
    • Possible mail contact
    • Notes on interviews with the applicant
  • Employees of Precedence BV
    • Name, address, residence, date of birth, phone number, e-mail address
    • Copy ID
    • Bank data
    • Income tax declaration
    • Employment contract(s)
    • Permission portrait right
    • ICE contact data (on request)
    • Names and dates of birth partner and children (on request)
    • Notes and reports HR checkpoints
    • Hours-, holidays-, absenteeism-, and expenses administration
    • At termination of contract:
    • Salary letters and annual statements
    • At termination of contract:
      • Letter of cancellation
      • Settlement agreement
      • Testimonial
    • In case of long-term sickness absence:
      • Problem analysis Health and Safety Executive
      • Reintegration plan
      • Notes on reintegration

When employees join Precedence BV they are requested by the HR manager to provide contact data in case of emergency (CE) and names and dates of birth of partner and children (for sending a little present on birthdays). Only upon the employee’s approval this data is stored in an ‘encrypted dropbox folder’ and birthdays are registered on a birthday calendar.

Data with regard to hours-, holidays-, absenteeism- and expenses administration is registered by the employee him/herself in the tool ‘Timewax’. All employees of Precedence BV have access to this data. For security of Timewax, we refer to this link: https://www.timewax.nl/general/privacynotice.html

Data with regard to the HR checkpoints inclusive of notes and reports of unit manager, HR, board and employee is registered in an encrypted Excel file in Dropbox. The access to specific information has been recorded in the different authorisation profiles in Boxcryptor.

Security of personal data of applicants and employees

  1. Safety of personal data of applicants is secured as follows:

Applicants send their letter of application to Precedence BV through the Website (with SSL certificate) or directly by e-mail. Precedence BV uses the mail-address info@precedence.nl to forward it to the HR manager. Then, the e-mail is deleted from the info-mail box. The HR manager follows the process ‘recruitment’and ‘hire Precedencial’.

If the HR manager shares the letter of application and the CV with a college (for example because this college will have/attend the interview) he/she is requested to delete the applicant’s data after the interview.

The HR manager deletes the applicant’s data from the mailbox max. 4 weeks after completion of the selection procedure. If Precedence BV wishes to include the candidate in the Talent Pool, a request is sent by e-mail to the candidate. Only with the explicit consent (in writing) the data is stored in the encrypted Dropbox folder ‘HR > 14 Recruitment’ for a period of max. 6 months.

If Precedence BV wishes to share the details of a candidate with Precedence GmbH, prior permission will be requested from the relevant candidate.

The data of applicants is not printed, as Precedence BV prefers to work paperless as much as possible.

  1. The security of personal data of employees is secured as follows:

Below data is only stored in an ‘encrypted dropbox file’. The access to this file is limited to the Board, HR Manager and unit managers of Precedence BV.

  • Copy ID
  • Bank data
  • Income tax declaration
  • Employment contract(s)
  • Permission portrait right
  • Notes and reports HR checkpoints
  • Salary letters and annual statements
  • At termination of contract:
    • Letter of cancellation
    • Settlement agreement
    • Testimonial
  • In case of long-term sickness absence:
    • Problem analysis Health and Safety Executive
    • Reintegration plan
    • Notes on reintegration

A processor agreement to secure the safety of personal data is concluded with all suppliers (of tools or another service).

How long do we retain the data?
Starting point is that personal data is retained for as long as required by law. Guideline:

People that apply for a job at Precedence BV
Up to 4 weeks after completion of the selection procedure:

  • Letter of application and CV with personal data
  • Mail contact
  • Notes on interviews with the candidate

With the explicit consent of the candidate, Precedence BV can retain the data for up to 6 months if Precedence wishes to include the candidate in the Talent Pool.

Employees of Precedence BV
Below data is retained up to 6 months after termination of employment:

  • Phone number, e-mail address
  • ICE contact data
  • Names and dates of birth partner and children

Below data is retained for up to 2 years after termination of employment:

  • Notes and reports HR checkpoints
  • Hours-, holidays-, absenteeism-, and expenses administration
  • At termination of contract:
    • Letter of cancellation
    • Settlement agreement
    • Testimonial
  • In case of long-term sickness absence:
    • Problem analysis Health and Safety Executive
    • Reintegration plan
    • Notes on reintegration
  • Employment contract(s)
  • Approval portrait right

Below data is retained for up to 5 years after termination of employment:

  • Copy ID
  • Bank data
  • Income tax declaration

Below data is retained for up to 7 years after termination of employment:

  • Salary letters and annual statements
  • Payroll administration general

Right of inspection
(Former) Employees have right of inspection in the personal data that Precedence BV has recorded. It means, that they may ask what personal data is recorded, where and how, without reason given. If a person wants to inspect his/her data, Precedence BV will clearly inform him/her:

  • What data have been recorded;
  • The purpose of using this data;
  • To whom Precedence BV has passed on this data;
  • The origin of the data (if known)

 

Data breach
Precedence does it utmost to secure the safety of the contact data of (former) employees and applicants. In case of a data breach, the process ‘Handle Privacy Notification’ is applied and all necessary steps are followed. After discovery, the data breach will be investigated within 24 hours. Based on the outcome of the investigation, Precedence will personally inform people who have been or are affected by the data breach.

Scope of right of inspection
You may only inspect your own data. (Former) employees have no right to view information about others, unless they actually or hierarchically manage the person in question. Personal work notes are not covered by the right of inspection, unless these notes are stored in the personnel file.

Application inspection
If a (former) employee wants to view and/or adapt his/her own data, he/she can submit a request, by sending an e-mail to info@precedence.nl. Precedence will react within 5 days. After verification Precedence usually provides the information within max. two working weeks. Changes or deletion of information only occur if it is in accordance with the legal rules. 

Employee Data Protection Directive_May 2018

Maastricht, 23rd May2018, version 1.0