Prepared by Essensys NV,
Woluwelaan 270, 1150 Brussel
www.essensys.eu
info@essensys.eudataprotection@essensys.eu

CONTENT

  1. INTRODUCTION
  2. DEFINITIONS
  3. PERSONAL DATA
  4. PRINCIPLES
  5. DATA COLLECTION AND CONSENT
  6. PROCESSING OF PERSONAL DATA
  7. SHARING OF DATA
  8. PROFILING
  9. RIGHTS
  10. DATA ACCURACY
  11. DATA STORAGE AND SECURITY
  12. DATA BREACH NOTIFICATION & ACTION PLAN
  13. ENFORCEMENT
  14. COOKIES
  15. AMENDMENTS

1. INTRODUCTION

Essensys is required to process relevant personal and professional data regarding staff, candidates and customers as part of its operational activities and shall take all reasonable steps to do so in accordance with the European General Data Protection Regulation (GDPR) and the Essensys Data Protection Policy.

Essensys recognizes the GDPR adapted April 27th 2016, the two-year transition period and the application date of May 25th 2018 and is actively working towards compliance with that directive.

Essensys ensures the appropriate actions are taken to comply with GDPR and other relevant legislation.

This privacy notice is part of the Essensys Data Protection policy, available via dataprotection@essensys.eu. This privacy notice focuses primarily on data collected through the Essensys website and personal data of candidates, although other means of gathering data can and will be used, as described later on in this document.

2. DEFINITIONS

Essensys: Essensys NV, Naamloze Vennootschap with head office in Avenue de Tervueren 270, 1150 Brussels and listed in the Belgian Company register with number 0452.656.141.

Data Subject: an individual who is the subject of the personal data, referred to as ‘candidate’, also referred to as interim manager, temporary manager, etc on the Essensys website and in Essensys documentation.

Customers: all companies, private or government bodies, who entrust Essensys with assignments, temporary as well as permanent.

Consent: a legally binding expression of will, given voluntarily, in which the data subject declares his/her agreement to the processing of data.

Processing of data: any action, carried out with or without the assistance of automated processes, that serve to collect, save, organize, store, change, access, use, pass on, transmit, distribute, combine, or reconcile the data. This also includes destroying, deleting or blocking data and data storage media.

3. PERSONAL DATA

Personal data covers both personal information and contact details, as well as professional information collected by the candidate’s curriculum vitae.

Essensys does not store sensitive personal data such as race, medical information, religion, sexual orientation or criminal records. Essensys does not store personal data of minors.

Any information which falls under the definition of personal data will remain confidential and will only be disclosed to Essensys customers with appropriate consent of the candidate.

4. PRINCIPLES

Essensys shall comply with the Data Protection Principles contained in the General Data Protection Regulation to ensure all data is:

  • Fairly and lawfully collected
  • Fairly and lawfully processed
  • Processed for a lawful purpose
  • Adequate, relevant and not excessive
  • Accurate and kept up-to-date
  • Not kept for longer than necessary
  • Processed in accordance with the data subject’s rights
  • Secured and protected in appropriate ways
  • Not transferred to non-business related third parties and not transferred to countries outside the European Economic Area without proper consent from parties involved

5. DATA COLLECTION AND CONSENT

Essensys ensures that data is collected within the boundaries defined by GDPR and within its Privacy and Data Protection Policy. This applies to data that is collected in person (face-to-face or over telephone), electronically by e-mail or by submitting through the Essensys website.

Essensys primarily collects personal data of Candidates through her website, which operates in a secured environment. Consent to collecting and processing the data is given by specifically marking the field to agree with the Essensys privacy notice at the CV submission page upon which the candidate can attach his/her CV and the data will be transferred to Essensys. If no consent is given during the registration at the Essensys website, then no data is collected by Essensys. Essensys ensures it only collects data for which an appropriate and specific consent is given by the candidate.

Personal data of candidates can also be collected via spontaneous or personal contact with Essensys staff. In that case, the candidate will be informed of the Essensys privacy policy and his/her consent to collect and process the data will be asked before registration at Essensys.

Essensys may also collect personal data from business partners (such as but not limited to Intys NV, Intys HR NV, Talentus NV, Essensys OPEX NV, etc.) as well as disclose personal data to those companies insofar as reasonably necessary for the purposes and on the legal bases set out in the Essensys Data Protection Policy and complaint with GDPR. Essensys and/or those business partners will inform the candidate of this transmission of personal data and his/her consent to collect and process that date will be asked before registration in its databases. This transmission of personal data will most likely be in view of a potential assignment, and is therefore in the advantage of the candidate.

In the case that personal data is transmitted to Essensys via third parties (such as for example linkedin), Essensys ensures that the data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted.

Essensys only stores personal data of its candidates which is relevant for the Essensys professional activities.

Special note to email addresses: Essensys uses e-mail addresses of Candidates only for contacting purposes related to assignments, checking availability via periodical update mailings or sending legal documents. Essensys does not use the email address for direct marketing purposes, nor does it share these email address with direct marketing organizations.

6. PROCESSING OF PERSONAL DATA

Essensys processes personal data of candidates solely for the purpose of conducting its professional activities (such as interim management, executive search and executive coaching) and within the boundaries defined by GDPR and in compliance with the Essensys Data Protection Policy.

Essensys processes personal data of candidates for contacting purposes and for search, selection and matching of a candidate’s profile with a potential interim management assignment or executive search mission and/or any other professional activities where in Essensys is active. This selection and matching process is executed in a secured database, based on a search engine that works with keywords recognition in attached documents, more specifically in the curriculum vitae of candidates.

Essensys collects email addresses of candidates to send periodical update mailings to request an updated version of his/her CV and check availability for potential assignments. With each of these mailings, the candidate will have the possibility to unsubscribe and/or to request deletion of his/her records and personal data from the Essensys database.

7. SHARING OF DATA

Any information which falls under the definition of Personal Data will remain confidential and will only be disclosed to our customers with appropriate consent of the Candidate. Essensys will only share Personal Data of the Candidate with its Customers after the approval of the Candidate during the assignment interview and by signing the Essensys Engagement and Availability Agreement.

The candidate will be made aware in all circumstances, how and with whom their data will be shared through clear communication; during intakes, assignment interviews and/or by means of Essensys agreements with the candidate (such as the Essensys Engagement and Availablilty Agreement).

Essensys will never share Personal Data to non-business related third parties or to direct marketing organizations.

Essensys may disclose personal data to business partners as described in chapter Data Collection (link). Essensys and/or those business partners will inform the candidate when sharing his/her personal data and his/her consent to collect and process that date will be asked before registration in its databases. Sharing of personal data with our business partners will most likely be in view of a potential assignment, and is therefore in the advantage of the candidate.

8. PROFILING

Essensys uses Thomas International for testing and assessment of candidates. When needed for a potential assignment, the candidate can be asked to complete a Thomas International test. The Candidate has, at all time, the right to object at completing this test.

Essensys staff will always evaluate the results. Essensys does not use fully automated profiling.

The results of the test remain confidential and will not be shared with customers without proper consent from the candidate.

9. RIGHTS

Candidates have the right of access to information held by Essensys, subject to Data Protection rules. Candidates can ask what data Essensys holds about them and why, ask how it is gained, be informed of how it is kept up-to-date and be informed of how Essensys is meeting its data protection obligations.

Any Candidate wishing to access their personal data or acquiring more information, should send their request by email addressed to dataprotection@essensys.eu. Essensys will respond to any ‘subject access request’ as soon as reasonably practicable and in any event, within 5 working days to provide a reply to an access of information request and within 30 days for access to records.

Essensys will provide this information free or charge, after verifying the identity of the Candidate making the subject access request.

The information will be provided to the Candidate in an electronic form (pdf) and by e-mail.

At any time, Candidates have the right and possibility to update their personal data by emailing an updated CV to Essensys or submitting their data via the Essensys website. Essensys ensures it is updated in its system. The Candidate will be informed that Essensys received his/her updated data and will confirm the update by email.

Candidates have, at any time, the right to be forgotten and have their personal data be removed/erased from the Essensys databases. A request for deletion should be sent to dataprotection@essensys.eu. Essensys will respond to any ‘deletion request’ as soon as reasonably practicable and in any event, within 5 working days to provide a reply to the deletion request. The personal data of the candidate will be fully removed from the Essensys databases after verification of the candidate’s identity and within 30 days after the request was made.

The supply of appropriate evidence of your identity will be required, for example by providing a copy of your passport. The candidate will be informed by e-mail when his/her personal data has been removed.

Essensys will keep logs of ‘deletion requests’ and whose personal data was removed, without further storing any personal data, in order to comply with GDPR and possible GDPR compliancy checks.

Essensys may retain data for differing periods of time required for legal purposes or statutory obligations and to the extent permitted by law, even if the candidate requested to have that data removed.

10. DATA ACCURACY

Essensys will keep Personal Data of its Candidates as up-to-date and accurate as possible.

Essensys and its staff will take every opportunity to ensure data is updated as inaccuracies are discovered. For example, updating contact details if they appear to be invalid, updating availability status if it appears to be outdated. However Essensys also encourages Candidates, in their own interest, to notify Essensys of any changes in personal- or professional information and availability.

To keep its data as update and accurate as possible, Essensys will periodically send update mailings to request an updated CV and to check on candidate’s availability for potential assignments. As part of these update mailings, Essensys also informs its candidates of its privacy policy and possible changes to it. With each update mailing, the candidate has the right to unsubscribe as well as have his/her personal data be removed from the Essensys database.

Essensys shall not keep personal data for longer than is necessary. Personal data will be retained/stored for a maximum period of 5 years following registration in the Essensys database and/or update of the candidate’s personal data. With each submit of an updated CV of a candidate via individual contact with an Essensys staff member, submission through the Essensys website or as reply to an Essensys update e-mailing, consent to store the personal data for another period of 5 years is given. Essensys ensures it will, with each of these actions, inform the candidate of the privacy policy.

Essensys guarantees to do its best efforts in data maintenance by regular contact with the candidate and thereby updating a candidate’s personal data, and evaluating relevance and accuracy. Essensys ensures it will periodically request consent to continue storing personal data of its candidates, and ensures it does not store data older than 5 years, data irrelevant for its professional activities or data which is not collected within the legal boundaries of GDPR and the Essensys Privacy and Data Protection Policy.

11. DATA STORAGE AND SECURITY

Essensys will take appropriate technical and organizational steps to ensure the security of the Candidate’s Personal Data. Data security measures are in place for Personal Data stored in Essensys databases and for the processing being performed.

These technical and organizational measures form part of an integrated information security plan, and are constantly revised in accordance with technological developments and organizational changes.

Essensys ensures that data stored electronically, is protected from unauthorized access, accidental deletion and malicious hacking attempts.

Essensys ensures that data processed by external processors (such as but not limited to GFI, for hosting of the Essensys databases, WebKrunch for hosting and maintaining the Essensys website and Thomas International for testing) are compliant with this policy and the relevant data protection legislation.

Personal Data of Candidates can only be accessed by authorized Essensys staff. Essensys staff is aware of the Essensys Data Protection Policy, this privacy notice and the internal IT policy, and their duties that come with it.

12. DATA BREACH NOTIFICATION & ACTION PLAN

Essensys must notify supervisory authority of data breaches without undue delay or within 72 hours after discovery, unless the breach is unlikely to be a risk to individuals. If there is a risk towards individuals, then these must be informed as well.

Essensys foresees, in compliance to art. 34 GDPR, appropriate procedures to, as quickly as possible, determine a data leak and adequately respond to it.

13. ENFORCEMENT

If a candidate believes that Essensys has not complied to this privacy notice or acted otherwise than in accordance with GDPR, a complaint should be filled via dataprotection@essensys.eu. Essensys will respond to any complaint as soon as reasonably practicable and in any event, within 5 working days to provide a reply to an access of information request and within 30 working days for access to records.

14. COOKIES

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. They serve to help Essensys track web traffic, to check if the visitor arrived directly or indirectly to the Essensys website, to measure how many times a page has been visited, whether a page has been visited through an advertisement or by other means, to determine a visitor’s preferences (location, language).

Cookies are not used to determine the personal identity of anyone who is visiting the Essensys website. The information is collected on an anonymous basis via trusted third party suppliers (such as but not limited to Google Analytics, Facebook, Drupal).

The cookies used on the Essensys website perform 2 functions and are classified as following: non-functional cookies (Google Analytics tracking cookies and Facebook tracking cookies) and functional cookies (Drupal cookies).

Cookies can disabled via an option in the settings of your browser.

15. AMENDMENTS

This privacy notice and the Essensys Data Protection policy will be updated as necessary to reflect best practices in data management, security and control; and to ensure compliance with any changes or amendments in the GDPR.

Essensys will publish updated versions on her website. Candidates are encouraged to check occasionally to ensure they are comfortable with any changes made to this privacy notice.

Essensys will notify its candidates of changes to this policy by e-mail if required by GDPR.

 

Version 1.0, last reviewed on: 18/04/2018
Copyright © 2018 Essensys NV

All rights reserved. No part of this privacy notice may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of Essensys NV, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, contact Essensys NV via dataprotection@essensys.eu.