- PERSONAL DATA
- DATA COLLECTION AND CONSENT
- PROCESSING OF PERSONAL DATA
- SHARING OF DATA
- DATA ACCURACY
- DATA STORAGE AND SECURITY
- DATA BREACH NOTIFICATION & ACTION PLAN
Essensys is required to process relevant personal and professional data regarding staff, candidates and customers as part of its operational activities and shall take all reasonable steps to do so in accordance with the European General Data Protection Regulation (GDPR) and the Essensys Data Protection Policy.
Essensys ensures the appropriate actions are taken to comply with GDPR and other relevant legislation.
This privacy notice is part of the Essensys Data Protection policy, available via firstname.lastname@example.org. This privacy notice focuses primarily on data collected through the Essensys website and personal data of candidates, although other means of gathering data can and will be used, as described later on in this document.
Essensys: Essensys NV, Naamloze Vennootschap with head office in Avenue de Tervueren 270, 1150 Brussels and listed in the Belgian Company register with number 0452.656.141.
Data Subject: an individual who is the subject of the personal data, referred to as ‘candidate’, also referred to as interim manager, temporary manager, etc on the Essensys website and in Essensys documentation.
Customers: all companies, private or government bodies, who entrust Essensys with assignments, temporary as well as permanent.
Consent: a legally binding expression of will, given voluntarily, in which the data subject declares his/her agreement to the processing of data.
Processing of data: any action, carried out with or without the assistance of automated processes, that serve to collect, save, organize, store, change, access, use, pass on, transmit, distribute, combine, or reconcile the data. This also includes destroying, deleting or blocking data and data storage media.
3. PERSONAL DATA
Personal data covers both personal information and contact details, as well as professional information collected by the candidate’s curriculum vitae.
Essensys does not store sensitive personal data such as race, medical information, religion, sexual orientation or criminal records. Essensys does not store personal data of minors.
Any information which falls under the definition of personal data will remain confidential and will only be disclosed to Essensys customers with appropriate consent of the candidate.
Essensys shall comply with the Data Protection Principles contained in the General Data Protection Regulation to ensure all data is:
- Fairly and lawfully collected
- Fairly and lawfully processed
- Processed for a lawful purpose
- Adequate, relevant and not excessive
- Accurate and kept up-to-date
- Not kept for longer than necessary
- Processed in accordance with the data subject’s rights
- Secured and protected in appropriate ways
- Not transferred to non-business related third parties and not transferred to countries outside the European Economic Area without proper consent from parties involved
5. DATA COLLECTION AND CONSENT
Essensys ensures that data is collected within the boundaries defined by GDPR and within its Data Protection Policy. This applies to data that is collected in person (face-to-face or over telephone), electronically by e-mail or by submitting through the Essensys website.
Essensys primarily collects personal data of candidates through her website, which operates in a secured environment. Consent to collecting and processing the data is given by specifically marking the field to agree with the Essensys privacy notice at the CV submission page upon which the candidate can attach his/her CV and the data will be transferred to Essensys. If no consent is given during the registration at the Essensys website, then no data is collected by Essensys. Essensys ensures it only collects data for which an appropriate and specific consent is given by the candidate.
Personal data of candidates can also be collected via spontaneous or personal contact with Essensys staff. In that case, the candidate will be informed of the Essensys privacy notice and his/her consent to collect and process the data will be asked before registration at Essensys.
Essensys may also collect personal data from business partners (such as but not limited to Intys NV, Intys HR NV, Talentus NV, Essensys OPEX NV, etc.) as well as disclose personal data to those companies insofar as reasonably necessary for the purposes and on the legal bases set out in the Essensys Data Protection Policy and complaint with GDPR. Essensys and/or those business partners will inform the candidate of this transmission of personal data and his/her consent to collect and process that date will be asked before registration in its databases. This transmission of personal data will most likely be in view of a potential assignment, and is therefore in the advantage of the candidate.
In the case that personal data is transmitted to Essensys via third parties (such as for example linkedin), Essensys ensures that the data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted.
Essensys only stores personal data of its candidates which is relevant for the Essensys professional activities.
Special note to e-mail addresses: Essensys uses e-mail addresses of candidates only for contacting purposes related to assignments, checking availability via periodical update mailings or sending legal documents. Essensys does not use the e-mail address for direct marketing purposes, nor does it share these email address with direct marketing organizations.
6. PROCESSING OF PERSONAL DATA
Essensys processes personal data of candidates solely for the purpose of conducting its professional activities (such as interim management, executive search and executive coaching) and within the boundaries defined by GDPR and in compliance with the Essensys Data Protection Policy.
Essensys processes personal data of candidates for contacting purposes and for search, selection and matching of a candidate’s profile with a potential interim management assignment or executive search mission and/or any other professional activities where in Essensys is active. This selection and matching process is executed in a secured database, based on a search engine that works with keywords recognition in attached documents, more specifically in the curriculum vitae of candidates.
Essensys collects e-mail addresses of candidates to send periodical update mailings to request an updated version of his/her CV and check availability for potential assignments. With each of these mailings, the candidate will have the possibility to unsubscribe and/or to request deletion of his/her records and personal data from the Essensys database.
7. SHARING OF DATA
Any information which falls under the definition of Personal Data will remain confidential and will only be disclosed to our customers with appropriate consent of the candidate. Essensys will only share Personal Data of the candidate with its customers after the approval of the candidate during the assignment interview and by signing the Essensys Engagement and Availability Agreement.
The candidate will be made aware in all circumstances, how and with whom their data will be shared through clear communication; during intakes, assignment interviews and/or by means of Essensys agreements with the candidate (such as the Essensys Engagement and Availablilty Agreement).
Essensys will never share Personal Data to non-business related third parties or to direct marketing organizations.
Essensys may disclose personal data to business partners as described in chapter Data Collection (link). Essensys and/or those business partners will inform the candidate when sharing his/her personal data and his/her consent to collect and process that date will be asked before registration in its databases. Sharing of personal data with our business partners will most likely be in view of a potential assignment, and is therefore in the advantage of the candidate.
Essensys uses Thomas International for testing and assessment of candidates. When needed for a potential assignment, the candidate can be asked to complete a Thomas International test. The candidate has, at all time, the right to object at completing this test.
Essensys staff will always evaluate the results. Essensys does not use fully automated profiling.
The results of the Thomas International test remain confidential and will not be shared with customers without proper consent from the candidate.
Candidates have the right of access to information held by Essensys, subject to Data Protection rules. Candidates can ask what data Essensys holds about them and why, ask how it is gained, be informed of how it is kept up-to-date and be informed of how Essensys is meeting its data protection obligations.
Any candidate wishing to access their personal data or acquiring more information, should send their request by e-mail addressed to email@example.com. Essensys will respond to any ‘subject access request’ as soon as reasonably practicable and in any event, within 5 working days to provide a reply to an access of information request and within 30 days for access to records.
Essensys will provide this information free or charge, after verifying the identity of the candidate making the subject access request.
The information will be provided to the candidate in an electronic form (pdf) and by e-mail.
At any time, candidates have the right and possibility to update their personal data by emailing an updated CV to Essensys or submitting their data via the Essensys website. Essensys ensures it is updated in its system. The candidate will be informed that Essensys received his/her updated data and will confirm the update by e-mail.
Candidates have, at any time, the right to be forgotten and have their personal data be removed and erased from the Essensys databases. A 'request for deletion' should be sent to firstname.lastname@example.org. Essensys will respond to any ‘deletion request’ as soon as reasonably practicable and in any event, within 5 working days to provide a reply to the deletion request. The personal data of the candidate will be fully removed from the Essensys databases after verification of the candidate’s identity and within 30 days after the request was made.
The supply of appropriate evidence of identity will be required, for example by providing a copy of the passport. The candidate will be informed by e-mail when his/her personal data has been removed.
Essensys will keep logs of ‘deletion requests’ and whose personal data was removed, without further storing any personal data, in order to comply with GDPR and possible GDPR compliancy checks.
Essensys may retain data for differing periods of time required for legal purposes or statutory obligations and to the extent permitted by law, even if the candidate requested to have that data removed.
10. DATA ACCURACY
Essensys will keep Personal Data of its candidates as up-to-date and accurate as possible.
Essensys and its staff will take every opportunity to ensure data is updated as inaccuracies are discovered. For example, updating contact details if they appear to be invalid, updating availability status if it appears to be outdated. However Essensys also encourages candidates, in their own interest, to notify Essensys of any changes in personal- or professional information and availability.
Essensys guarantees to do its best efforts in data maintenance by regular contact with the candidate and thereby updating a candidate’s personal data, and evaluating relevance and accuracy. Essensys ensures it will periodically request consent to continue storing personal data of its candidates, and ensures it does not store data older than 5 years, data irrelevant for its professional activities or data which is not collected within the legal boundaries of GDPR and the Essensys Data Protection Policy.
11. DATA STORAGE AND SECURITY
Essensys will take appropriate technical and organizational steps to ensure the security of the candidate’s Personal Data. Data security measures are in place for Personal Data stored in Essensys databases and for the processing being performed.
These technical and organizational measures form part of an integrated information security plan, and are constantly revised in accordance with technological developments and organizational changes.
Essensys ensures that data stored electronically, is protected from unauthorized access, accidental deletion and malicious hacking attempts.
Essensys ensures that data processed by external processors (such as but not limited to GFI for hosting of the Essensys databases, WebKrunch for hosting and maintaining the Essensys website and Thomas International for testing) are compliant with this policy and the relevant data protection legislation.
Personal Data of Candidates can only be accessed by authorized Essensys staff. Essensys staff is aware of the Essensys Data Protection Policy, this privacy notice and the internal IT policy, and their duties that come with it.
12. DATA BREACH NOTIFICATION & ACTION PLAN
Essensys must notify supervisory authority of data breaches without undue delay or within 72 hours after discovery, unless the breach is unlikely to be a risk to individuals. If there is a risk towards individuals, then these must be informed as well.
Essensys foresees, in compliance to art. 34 GDPR, appropriate procedures to, as quickly as possible, determine a data leak and adequately respond to it.
If a candidate believes that Essensys has not complied to this privacy notice or acted otherwise than in accordance with GDPR, a complaint should be filed via email@example.com. Essensys will respond to any complaint as soon as reasonably practicable and in any event, within 30 working days to provide a reply to a complaint.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. They serve to help Essensys track web traffic, to check if the visitor arrived directly or indirectly to the Essensys website, to measure how many times a page has been visited, whether a page has been visited through an advertisement or by other means, to determine a visitor’s preferences (location, language), etc.
Cookies are not used to determine the personal identity of anyone who is visiting the Essensys website. The information is collected on an anonymous basis via trusted third party suppliers (such as but not limited to Google Analytics, Facebook, Drupal).
The cookies used on the Essensys website perform 2 functions and are classified as following: non-functional cookies (Google Analytics tracking cookies and Facebook tracking cookies) and functional cookies (Drupal cookies).
Cookies can be disabled via an option in the settings of your browser.
This privacy notice and the Essensys Data Protection policy will be updated as necessary to reflect best practices in data management, security and control; and to ensure compliance with any changes or amendments in the GDPR.
Essensys will publish updated versions on her website. Candidates are encouraged to check occasionally to ensure they are comfortable with any changes made to this privacy notice.
Essensys will notify its candidates of changes to this policy by e-mail if required by GDPR.
Version 1.0, last reviewed on: 18/04/2018
Copyright © 2018 Essensys NV
All rights reserved. No part of this privacy notice may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of Essensys NV, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, contact Essensys NV via firstname.lastname@example.org.