About Us
Agap2 is a European organization in the area of Information Systems, Science and Technology and a reference in the world of Banking, Insurance, Telecommunications, Industry, Pharmaceutical and Energy, among others. Along with its activity in this area, agap2 also develops activity in the Engineering area, providing services to clients in various sectors. It is, above all, a company committed to innovation and geared towards creating true value for its Customers and Consultants.
Based in Joan Muyskenweg 22, 4th floor, Amsterdam, agap2, within the scope of its consulting and engineering services, has the need to collect and process personal data of candidates, employees, customers, suppliers and third parties.
Being the protection of the privacy and personal data of all those who interact with agap2 a concern and priority for us, has been compliant elaborated the present privacy and data protection policy. This way it is possible to communicate in a clear and transparent way the good practices related to this process.
Any and all personal data provided will be treated with the guarantee of security and confidentiality required by the legal framework regarding the protection of personal data.
Background
This policy describes a set of guidelines, rules and principles that agap2 must observe to ensure the protection of the rights of the data subjects.
Agap2 undertakes to comply with this policy in accordance with the obligations of the Regulation 2016/679 /EU of the European Parliament and the Council from 27 April 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter referred to as "Regulation").
In this sense, agap2 seeks to ensure that its internal procedures are in compliance with the legal obligations of the Regulation and that the personal data of its employees, customers, suppliers or service providers and any other data holders whose personal data agap2 processes in the exercise of their activity, are treated in accordance with the current regulatory and legal standards and kept safely.
Data controller
Agap2, as co-responsible for the processing of personal data, undertakes, on the basis of Articles 5 and 24 of the Regulation, to apply the necessary technical and organizational measures, taking into account the nature, scope, context and the purpose of the data collected and to ensure that the treatment is carried out in accordance with the Regulation.
Contact Details:
- Postal address: Joan Muyskenweg 22, 4th floor, Amsterdam
Each area of action has a Data Controller, who applies the necessary technical and organizational measures to ensure that all obligations are met.
Agap2 should be informed and involved in all matters relating to the protection of personal data, and should always take into account the risks associated with treatment operations, such as their nature, scope, context and purpose. The company must also ensure compliance with all established processes in order to preserve the confidentiality of the data.
With regard to the request of the rights of the holders, the communication of violations of personal data and other communications related to the GDPR, the contact is as follows: gdpr@agap2.nl.
We guarantee confidentiality in the treatment of your data
The personal data are considered confidential and, as such, are covered by the legal obligations of confidentiality. Data processing is supervised by the data controller who will ensure that only duly authorized people can handle certain data.
We adopted the principle of need-to-know, where employees can only access personal data if it is strictly necessary for the performance of their duties. Treatment outside this scope is considered prohibited and subject to disciplinary sanctions.
Employees are not authorized to use personal data for private or economic purposes, communicate it to unauthorized third parties and/or allow the access in any other way.
YOUR PERSONAL DATA
How consent is given
The consent of the holder is manifested freely, voluntarily and explicitly, and is obtained by means of an acceptance record.
The removal/withdrawal of consent can be requested at any time by sending a simple request to the email address gdpr@agap2.nl.
How do we collect your data
Candidate Information: they are collected directly from the candidate, from third parties or from other sources, namely:
- Resume submission by e-mail, directly to our address;
- Resume submission by an employee;
- Contact in Universities;
- Personally;
- Telephone;
- Social Networks (i.e, Linkedin);
- By our website;
- By our "Jobsy" application;
- Sharing of information by our Clients and/or colleagues.
Consultant Data: are collected directly from the consultant via email and/or in person.
Customer Data: are collected directly from the Customer, from third parties, from other limited sources (i.e, online and offline media) namely:
- Telephone;
- E-mail, directly to our address;
- Through employees;
- Personally;
- Social Networks (i.e, Linkedin);
- Media;
- By our website;
- Sharing of information by our Clients, Suppliers.
Supplier Data: are collected directly from the Supplier, from third parties, from other limited sources (i.e, online and offline media) namely:
- Telephone;
- E-mail, directly to our address;
- Through an employee;
- Personally;
- Social Networks (i.e, Linkedin);
- Media;
- By our website;
- Sharing of information by our Clients.
User data of the Website: when you visit our website, whenever you accept the use of cookies, in accordance with your browser's cookie settings and where appropriate and in accordance with the law, your data can be collected automatically or through you. If you want to know more about this topic, you can consult the information by clicking in COOKIES.
What data do we need to collect?
The personal data collected must be those necessary for the purposes for which they are intended, which are determined, explicit and legitimate.
The personal data must be subject to a legal, fair and transparent treatment in relation to the data subject.
The data subject must be informed about the purpose of the treatment in a rigorous manner and in accordance with the established a priori processes.
In order to fulfil the business activity and as the collector, agap2 needs to collect and process the following data:
Data category
|
Data to be collected
|
Candidate Data - Recruitment
|
Name; date of birth or age; sex; nationality/citizenship/place of birth; residence address; phone number; e-mail address, mother tongue; data and copy of the identification document; immigration status (in case you need a work permit); academic qualifications; academic record; professional history; photography; marital status; household and data on any dependents.
|
Candidate Data - Contractual Process (Admission)
|
Name; date of birth or age; sex; nationality/citizenship/place of birth; residence address; phone number; e-mail address, mother tongue; data and copy of identification document (citizen's card or passport), BSN; data and copy of your driver's license and/or other proof of address; financial information (country of banking address, account holder, domiciliation (name of bank), IBAN, BIC (or SWIFT)); criminal record (if necessary), other tax information; immigration status (in case you need a work permit); academic qualifications, proof of qualifications, academic record; professional history, photography, emergency contacts; marital status, household and data on any dependents.
|
Customer Data - Contractual Process
|
Name, telephone number and e-mail address of employees of the client company.
|
Supplier Data - Contractual Process
|
Name, telephone number and e-mail address of employees of the client company, as well as financial information (country of bank domicile, account holder, domiciliation (name of bank), IBAN, BIC (or SWIFT)).
|
User Data of Website
|
Cookies collect generic information, namely: i) IP address; ii) date, time, duration and frequency that you access the site; iii) the way you arrive and use the website; ii) information related to your preferences; iii) the area of the country in which you access the website.
|
What is the purpose of the treatment?
Candidate Data: Are used for recruitment:
- Framing the candidate in the respective business opportunities;
- Conducting interviews;
- Forward the candidate for qualification on client;
- Presentation of pre-proposal and
- Other specific independent purposes of these that may be communicated in due course.
Employee Data: Are used for the following purposes:
- management of human resources;
- selection of staff and recruitment;
- processing of remunerations, benefits and allowances, including pledges of remuneration and reimbursement of expenses;
- management of disciplinary sanctions;
- video surveillance;
- time/attendance control;
- creation of the pension plan;
- assignment of transport pass.
- Other specific independent purposes of these that may be communicated in due course.
Customer Data: the data collected from our Customers are very limited, and the main reason for this collection is to ensure that the contractual provisions established are properly applied, so that the relationship is unconstrained. The use of these data is based on the main purposes:
- Provide a consulting service;
- If the service we provide is performed in association with any of our partners, we will have to share your data in order to provide you with the best possible service;
Supplier Data: we use the data only to ensure that the contractual provisions comply with legal obligations, that our relationship and communication is unconstrained, as well as to ensure the processing of payments.
Website user data: Are used to:
- Track record effects;
- Improvement of the experience of using our website;
- It allows us to showcase contents that we think are of interest to you;
- Other specific independent purposes of these that may be communicated in due course.
With whom do we share your data
In order to fulfil the purposes indicated in this Privacy Policy, it is necessary to give access to your personal data to third parties who provide us with support in the services we offer you, for example:
- to entities in the group of companies to which agap2 belongs, namely the HIQ Consulting group;
- to companies which provide services to them, in particular, in provision of services
- public entities that have legal legitimacy to process the data in question, especially in view of the calculation and payment of rewards and remunerations, supplementary payments, other allowances and gratuities; the calculation, withholding tax and operations related to deductions on remuneration, mandatory or optional, arising from legal provision;
- lawyers and internal and external auditors of agap2.
Only strictly necessary data will be transmitted to third parties, by voluntary agreement, which will safeguard compliance with the Regulation.
How do we design new products
Whenever a new product is developed it is ensured that it has the technical and organizational measures required by the Regulation. This way, it guarantees the limitation of the purposes, the minimization of the data, the limitation of the conservation, the security in the integrity and the confidentiality, as well as the rights of the holders of the data are guaranteed (right to the information, right to access, right to the rectification, right to erasure/forgetfulness, right to limitation, right to portability and right of opposition).
How long will the data be kept
Personal data will be stored, without prejudice to legal provisions or regulations to the contrary, for the period necessary for the purposes for which they are intended and for which they are processed.
The table below shows the deadlines for the preservation of personal data, according to the legislation currently in force:
Purpose
|
Retention period
|
Administrative management of personnel
|
1 year starting on 31/12 in the year the employee leaves
|
Management of human resources;
|
5 years after the employee leaves
|
Selection of personnel and recruitment;
|
5 years
|
Processing of remunerations, benefits and allowances, including pledges of remuneration and reimbursement of expenses;
|
10 years for accounting documents
|
Management of disciplinary sanctions;
|
1 year starting on 31/12 in the year the employee leaves
|
Professional training;
|
1 year starting on 31/12 in the year the employee leaves
|
Video surveillance;
|
30 days
|
Violation of personal data
It is considered a violation of personal data any act that calls into question the security of the data, in an accidental or unlawful manner, and causes the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of treatment.
As examples of cases that may compromise the security of personal data, we indicate the following:
- Loss or theft of mobile phone/laptop;
- Loss or theft of a Curriculum Vitae or Competence Dossier;
- Emails exchanged by mistake;
- Hacking;
- Unauthorized access.
Agap2 has been working to maintain and preserve personal data with a high level of security. However, small unexpected deviations may occur. Should any of our candidates, employees, customers or subcontractors detect or suspect of a possible data violation, they should immediately send an email to gdpr@agap2.nl, indicating what has happened, as well as identify the data that may be involved. In this way, the responsible department can act quickly and adequately, in accordance with the rules established in the Regulation.
YOUR RIGHTS
Rights of the data subject
In accordance with current legislation, the data subject may exercise his or her right to information, access, rectification, erasure, limitation of treatment and portability of personal data. The holder may also oppose to the processing of the personal data or withdraw consent.
The data subject may request information on the data controller, treatment purposes, data retention period, categories of recipients of personal data and information on the existence of data transfers to third countries, if applicable.
Should any of the above rights be denied, the data subject may file a complaint with the competent authority.
How can I exercise my rights?
For the exercise of any of these rights or for any questions regarding the processing of your personal data, the holder of these rights must address a request to the person in charge of the entity, through the email address gdpr@agap2.nl.
RESPONSIBILITY
Security of processing
Agap2 is committed to guaranteeing and protecting the security of the personal data made available to it, using appropriate technical and organizational measures to ensure and prove that the treatment is carried out in accordance with the General Data Protection Regulation.
Person responsible for the treatment
The controller shall be responsible for implementing technical and organizational measures, taking into account the nature, scope, context and purpose of the data collected and ensuring and prove that the processing is carried out in accordance with the rules of the Regulation.
Quality and Management Support Department (QMSD)
The QMSD is responsible for informing and advising the controller of all duties and obligations under the Regulation, as well as monitoring and controlling the compliance of the processes with the Regulation and with the implemented Policies. This department is also responsible for advising on impact assessment on data protection.
Subcontractor
The subcontractor treats the personal data on behalf of the controller and should therefore document all the points mentioned and ensure that the subcontractor complies with the agreed, in written and voluntarily.
If the subcontractor understands that any action violates, or may violate, the rules of the Regulation or other data protection provisions, it undertakes to inform the controller immediately.
COOKIES
What are cookies?
Cookies are small text files, which are stored on your computer or on your mobile device through your browser. By browsing, they record their preferences and allow the website to identify your device the next time you access it.
At any time, you can decide to be notified about the receipt of cookies, check or change the type of cookies, and block the entry of cookies in your system, through the settings of your browser.
Changes to the privacy policy
If necessary and appropriate, at any time agap2 may modify the information set forth in this Privacy Policy and Data Protection. If any change occurs, it can be consulted on the website. In any case, we suggest that you review this Policy regularly so that, should changes occur or if updates are introduced, you can always be properly informed about them.