Privacy Statement

This is the privacy statement of HeadFirst B.V. (HeadFirst, we, our, us). We feel that it is important to exercise due care when dealing with personal data and would like to provide clarity to all data subjects in this respect. In this privacy statement we explain how we and our affiliated businesses deal with your personal data.

We process your personal data when you use our websites, including www.headfirst.nl. For example, on our websites you may contact us by email, you may request information, or you may chat with us.

We may also process your personal data if you use HeadFirst Select. HeadFirst Select is an online platform where supply and demand meet each other and where professionals (independent or otherwise) and their clients can find each other. In addition, we may process your personal data if a supplier with whom you collaborate enters your personal data in HeadFirst Select.

Who is the data controller?

HeadFirst B.V. (HeadFirst, we, our, us), having its registered office at Polarisavenue 33 in (2132JH) Hoofddorp, the Netherlands, is the primary data controller in respect of any data that is processed through HeadFirst Select. You may call us on +31(0)23 568 5630 or contact us by email at support@headfirst.nl.

We will process your personal data together with our affiliated businesses. The following companies, constituting part of our group, process personal data for their own purposes and, together with us, may be deemed to be joint data controllers:

• HeadFirst IT B.V.;
• Oyster Coast B.V.
• Source Automation B.V.;
• Source Automation BVBA (Belgium);
• Source Automation Luxembourg SA;
• Proud Payroll B.V.;
• Proud ICT B.V.;
• Associates B.V.;
• Designated Professionals B.V.

This privacy statement covers all forms of processing which we and the aforementioned associated businesses conduct.

If you are a professional whose personal data is supplied to us by a supplier, the latter is deemed to be an independent data controller in this respect. In this case the supplier will decide on the purpose and the means, and will serve as your first point of contact for the purposes of exercising your rights. Such a supplier may have their own privacy statement, and terms and conditions. We recommend that you consult them.

What personal data do we process?

What personal data we process depends on the services of which you avail yourself and in what capacity you do so.

Visitors to our websites and readers of our mailshots

1. Data which you provide to us If you visit our websites, you may provide personal data to us, for example, because you send us an email message containing a question or request, or because you use the chat function which we offer on our websites. In this respect we may process your name, email address or other contact details. In addition, we process other personal data in so far as you provide it as part of your question or request, or during a chat.

2. Personal data generated by our websites or email messages If you visit our websites certain data is generated and processed, such as your IP address, your web history, the date and time of your visit and the way in which you navigate through our websites. If you open a newsletter or commercial email message from us, we keep a record of when you opened it and of the parts on which you click.

Independent professionals who utilise HeadFirst Select

1. Registration If you register as an independent professional on HeadFirst Select, we will at any rate ask you to enter the following personal details: your first and last names, gender, address, postcode, email address, country of origin, nationality, mobile or other telephone number, date of birth, the type of assignment for which you wish to be considered, the name of your business, its Chamber of Commerce number, your password and whether you wish to avail yourself of our premium services. We will also offer you the opportunity to upload a photograph to your account.

2. Profile Once you have registered, we will ask you to add to your profile, and to supply details which will make it possible to introduce you to clients or to be able to respond to assignments. In addition to the personal data which you supply when you register, amongst other things, we will also process the following personal data: information about your account, such as your profile number, the date on which you opened it and its status. In addition, you may add information about your professional background, curriculum vitae, availability, rates and assessment results to your profile. Apart from this, we will process information about your business, such as its name and registered address, although you may also upload an auditor’s report and add information about your guarantee account and value added tax. We also request information about your identity document, such as its type, the country where it was issued, its number and term of validity. We request your bank account details and your VAT number for invoicing purposes. In so far as the law permits or renders it mandatory to do so, we may ask you for your CSN. If you avail yourself of HeadFirst Select Premium, we request certain information for the purposes of arranging professional liability insurance.

3. Electronic safe Important documents will be stored in your electronic safe. In it we may process the personal data which is mentioned in any documents that you upload, such as your work permit, auditor’s report, application for a certificate of good conduct, pre-employment screening, codes of conduct, non-disclosure undertakings, statements of assurance, accreditations and diplomas.

Clients who utilise HeadFirst Select

Clients may publish assignments on HeadFirst Select. We will process the personal data of our clients’ contact persons. This may involve your name, gender, information about the organisation for which you work, your email address, mobile or other phone number, password and profile number, information about the creation of your client account and its status, and details of the contact that you have had with us.

Suppliers who utilise HeadFirst Select

Suppliers are organisations who are able to offer the professionals with whom they work to the organisations affiliated to us in their role as clients through HeadFirst Select. If you serve as a supplier’s contact person, we may process the following personal data of yours: your name, gender, information about the organisation for which you work, your email address, mobile or other phone number, password and profile number, information about the creation of your supplier account and its status, and details of the contact that you have had with us.

Professionals whom a supplier registers

If a supplier enters your personal details into our system instead of you registering them personally in HeadFirst Select, we may also process them for our own purposes. A supplier may provide us with the same categories of personal data as those mentioned under “independent professionals”. Only you will not have your own account with your own password. The relevant supplier will supply your personal data to us and will also serve as a data controller itself.

What are the purposes for which we process personal data?

Our core operations comprise mediation for the purposes of hiring external staff and of contract management. HeadFirst Select ensures that professionals and clients can easily find each other and that it is possible to make the most appropriate match. In this respect we process your personal data for the following purposes:

Administration

• the registration of professionals (independent and otherwise), suppliers and clients;
• the creation of HeadFirst Select accounts;
• account management, and dealing with questions and requests from professionals, clients and suppliers;
• verification of accounts in relation to comprehensiveness and other matters;

Provision of Services

• the presentation of professionals to clients and the supply of professionals;
• the conclusion of agreements with professionals, suppliers and clients for the purposes of an assignment;
• contract management, the financial settlement of contracts, and the calculation of costs and expenditure;
• the provision of services to professionals, clients and suppliers as agreed;
• support for professionals, clients and suppliers when complying with administrative obligations and executing agreements;
• maintaining contact and responding to questions and requests;
• offering additional services and improving existing ones;
• providing information about the services provided by HeadFirst and its partners, and relevant developments in the market;

Compliance and security

• internal verification and security in order to prevent any breaches of our security from occurring, to track them down and to investigate them;
• compliance with legislation and regulations, and tracking down, preventing and combating fraud and illegal activities;
• dealing with claims and complaints;
• complying with judicial rulings and orders, and responding to requests from public authorities;
• complying with any tax obligations imposed on us or our suppliers or clients, and the limitation of liability;
• the enforcement of our conditions of use and arrangements pursuant to agreements;
• the protection of our operations, rights, privacy, security and property.

What are our grounds for processing personal data?

We only process personal data if there are legal grounds for doing so.

Execution of an agreement We enter into agreements with professionals, suppliers and clients, based on which we process personal data. Such agreements involve the services that we provide. It is also conceivable that we may request personal data from you before entering into an agreement, so as to enable us to do so.

Consent In specific cases we may request your consent before processing your data. For example, we may request your consent before sending you specific news reports.

Legal obligations In some cases we have a duty to process specific personal data. Such a duty may entail that we have an obligation to share specific personal data with clients or any other parties for further processing.

Legitimate interest We may process personal data, because we have a legitimate interest in doing so or because an organisation to which we supply your personal data has such a legitimate interest. For example, this would be the case if we wanted to avoid any tax liability or wished to limit the risk of this occurring, or if we wanted to track down and prevent fraud from occurring.

Profiling

If you are a professional, we may analyse any personal data which you provide in relation to your professional background and prepare profiles based on that. In this way we are better able to identify which assignments and clients would be the most appropriate given your expertise and experience. We draw up profiles based on the keywords that you enter, and the outcomes are checked by one of our staff. No automatic decisions are taken which have a significant impact on you as a professional based on those profiles.

Direct marketing

We offer you the possibility of registering for our newsletters and any other direct marketing messages which we and/or any other business within our group issues. Where you consent to us doing so, we may also send you messages concerning initiatives taken by those of our partners with whom we collaborate.

You may easily unsubscribe from any messages that we send you at any time by using the link in the relevant email messages or by modifying your preferences in relation to your profile.

Cookies

We use cookies and similar technologies on our website, www.headfirst.nl, and in our apps. Because we wish to safeguard your privacy and make HeadFirst Select more user-friendly, we feel that it is important that you know how and why we use cookies. Here [link] you may read more about the way in which we use cookies.

Who has access to your personal data?

Our staff have access to your personal data on a need-to-know basis. This also means that the staff of the businesses that are affiliated to us have access to your personal data in so far as this is necessary for them to be able to provide our services.

In certain cases we may share your personal data with other parties. This we will only do if it is necessary in order to provide our services and for the purposes set out in this privacy statement.

• We may share professionals’ personal data with our clients and possibly with any supplier who has registered a professional in HeadFirst Select. In addition, we may share personal data with any other party with whom we collaborate, such as a financial service provider.

• We may share personal data with a group of companies of which HeadFirst constitutes part, and which may then be deemed to act as joint data controllers. In addition, we may share personal data with our legal successors (as envisaged or otherwise) if they intend to continue to provide our services.

• We make use of service providers to manage HeadFirst Select and for hosting, for example. In so far as such service providers process personal data on our behalf in their capacity as a data processor, we make arrangements with them in the form of a data processing agreement.

• Only provided that and in so far as we have a legal duty to do so, will we share your personal data with regulatory, tax and investigative authorities.

Is your personal data secure?

We have adopted appropriate technical and organisational security measures to protect personal data which we process against its loss or unlawful use. For instance, we secure our systems and applications in accordance with the applicable data security standards. We have also made arrangements with our service providers and have made it mandatory for them to adopt appropriate security measures.

Will your personal data be processed outside the EEA?

In principle, we will process your personal data within the European Economic Area (EEA). We use servers which are located within Europe and our group companies have their registered offices within the EEA. Because we use data processors that have their registered office outside the EEA, the possibility cannot be precluded that we will directly or indirectly share personal data with an organisation outside the EEA. In so far as this is the case, we will adopt appropriate measures to legitimise such processing.

How long will we keep your personal data?

We will keep your personal data for as long as this is required for the purposes mentioned in this privacy statement. This means that at any rate we will process your personal data for as long as you are registered with us and/or are party to an agreement with us.

Requests to inspect, correct and delete

Any data subject may exercise certain rights in relation to their personal data in accordance with the law. For instance, you are entitled to inspect, rectify and delete any personal data pertaining to you. You may also object to the use of your personal data or ask that its use be limited. You may exercise these rights by logging in to HeadFirst Select, where you may inspect, modify or delete your personal data. You may also contact us using the contact details mentioned in this privacy statement. In this respect please clearly indicate the data processing concerned.

Complaints

If you have a complaint concerning how we deal with your personal data, you may contact us by telephone on +31 (0)23 568 5630 or by email at privacy@headfirst.nl. We look forward to helping you find a solution. In the event that we are nevertheless unable to do so, you may always approach the Dutch Data Protection Authority.

Changes

Developments occur quickly and as a result something may change at some stage in the personal data which we receive from you and which we will process further. Regulations may also change. For this reason we will amend our privacy statement from time to time and we recommend that you consult it regularly.

Update: June 2018