The General Data Protection Regulation (GDPR – AVG in Dutch) is the most important change in data privacy regulation in 20 years. We all received many emails last year, telling us about this new law and that companies couldn’t keep our data anymore without our consent. At Abroad Experience things also changed a bit and we’re going to tell you how.
What is the GDPR?
The GDPR is designed to protect all EU citizens’ data privacy, harmonize data privacy laws across Europe and reshape the way organizations across the region approach data privacy. The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified.
This new regulation includes 8 basic rights:
- Right to be informed: Individuals have to be informed about how their data will be gathered, processed and stored by a company before they give their official and explicit consent.
- Right to access personal data: Companies must provide individuals’ personal information if they request it. They can also ask a company how their data are used or shared internally or with third parties.
- Right to data portability: Individuals can retain or reuse their personal data for their own purposes if they want.
- Right of rectification: Individuals can ask a company to update their personal data if those are incomplete or incorrect.
- Right to restrict processing: Individuals can ask a company not to process their personal data. In this case, they can still keep those data but not use them anymore.
- Right to be notified: Individuals must be notified if a company noticed any problem regarding the personal data of their clients (security breach, data being stolen)
- Right to be forgotten: Individuals can ask a company to delete all personal information they collected and stored in the past if they are not clients anymore.
- Right to object: Individuals can also object to the processing of their personal data when they are used for direct marketing for example or for the public interest.
Those are the basics of the GDPR, if you are interested in getting more details, we advise you to visit the Europa website.
How does Abroad Experience deal with your data?
As a recruitment agency, we daily deal with a lot of personal data from job seekers. We have to make sure we never collect more personal information than needed to fulfil our service’s purposes like: understanding the qualifications, making an inventory of the needs and preferences of the job seeker and identifying the most suitable job opportunities. We also need to fulfil our client’s requests for information about job seekers.
Keeping our job seekers informed and updated about the Abroad Experience data processing policy, is an essential part of the GDPR as transparency is one of the key points within the GDPR.
Our job seeker’s personal data is never traded, sold or leased by us to any external company. We guarantee that details will never be sent to third parties without the job seeker’s consent. Before introducing a job seeker’s CV to one of our clients we ask them permission and discuss the vacancy that the application concerns.
In case of temporary employment through Abroad Experience the job seeker’s data can be shared with partners (like the accountant, the UWV, the pension fund, the database provider) whenever this is required for processing salaries, reporting illness or pensions etc.
We don’t collect the same amount of data, depending on the stage the person is in our process. For example, job seekers only have to give the required data for an effective recruitment/job placement like personal details, work permit or language skills. Hired job seekers need to provide more official documents like their BSN number (burgerservicenummer), a copy of ID or passport, banking details, date of birth, nationality and address details.
Abroad Experience doesn’t contact, collect or keep information from anyone under the age of 16. If a parent or a guardian suspects that his/her child has provided Abroad Experience with personal information, he/she should contact us so that we can remove that information.
How long do we keep your data?
Again, depending of your stage in the process of recruitment, we keep personal data for different time periods. Job seekers who applied for jobs on our website will have their data kept for one year after they gave us their consent. At the end of this period, the job seeker receives an email asking if they want to stay in our database for the next year.
If job seekers directly send their CV or a copy of their ID to us without going through our website or if we get information from a third party, we ask for their consent with a specific form. However, if we don’t get their consent, we delete personal data from our system.
For job seekers who have been working on our contract, the data storage periods are a bit more complex.
The longest storage period is for all details based on payroll administration: 7 years after the last working day. This concerns name, address, contact details, BSN, start date, pension plans, salary raise and secondary benefit agreements. Then there are some data that are removed after 5 years: copy ID, and payroll tax declarations.
After 2 years after the last working day, we remove: contracts and assignments, performance review administration, sick leave administration, copies of certifications/recommendation letters, all correspondence about promotions, changes in responsibilities etc.
You can check our Privacy Statement for additional information.
Abroad Experience BV is an international recruitment agency which offers unique career opportunities to multilingual job seekers. See our vacancies.