Privacy Statement employees and applicants
The Blauwtrust Group (hereinafter: BTg) consists of the holding company Blauwtrust Groep B.V. and its subsidiaries Quion Groep B.V. (Quion Hypotheekbemiddeling B.V., Quion Hypotheekbegeleiding B.V., Quion Services B.V. and Quion Business Continuity B.V.), De Hypothekers Associatie B.V. and Dutch Mortgage Portfolio Management B.V.1 (hereinafter collectively: the business units). Within BTg, personal data are processed of (candidate) employees and of persons with whom we maintain a (potential) customer relationship on behalf of a lender.
BTg and the business units handle personal data with care, acting within the limits of the law, including the General Data Protection Regulation (AVG). Within the meaning of the AVG, BTg is the data controller for the processing of the personal data of (candidate) employees.
In this Privacy Statement we inform you about the purposes for which BTg and the business units process personal data and about exercising your privacy rights.
1. From whom do we process personal data?
We process personal data of all employees working at or for BTg and/or the business units. This includes, for example, the personal data of:
Temporary, hired and seconded employees;
2. For what purposes are data processed?
We process personal data in our records and use them for:
Recruiting suitable personnel.
Managing and performing functional and administrative employment relationships.
Determining and paying salaries, allowances, sums of money and rewards.
Creating a pleasant working atmosphere or out of good employment practices.
Terminating and facilitating when an employment relationship ends or terminates.
Facilitating building and parking lot security.
Requesting an e-recognition account.
3. How do we obtain your personal data?
In most cases, you have provided it yourself. In addition to the information we receive from you, we may also receive data about you from third parties, such as (former) employers, the screening agency, a secondment organization or other third parties. We may also consult public sources to protect BTg and the business units.
4. What personal data do we process and why?
Below is the type of personal data we may process and what we use it for.
4.1 Recruiting suitable staff.
Diplomas and references
Should a person be hired then the data used for the purpose of entering into the employment relationship will be retained. Should a person not be hired, the data used during the application process will be deleted in accordance with the BTg retention period policy.
4.2 Managing and performing functional and administrative employment relationships
VOG (Certificate of Good Conduct)
Proof of identity
Terms of employment
Interview cycle reports
Sick and recovery details
Leave and overtime
These data are necessary for the execution of the employment contract. In addition, we are required by law to process some data for government agencies, such as the Tax Office.
4.3 Determination and payment of salaries, allowances, sums of money and remuneration
Bank account number/IBAN
Leave and overtime
This data is processed based on the execution of the employment contract. Without this data we cannot pay salaries.
4.4 Creating a pleasant working atmosphere or out of good employment practice
In connection with an anniversary or birthday
Name / contact details
Contact details in case of emergencies
We use this information because we believe we have a legitimate interest to send you special gifts in case of an anniversary or birthday or to inform your personal relations in case of an emergency.
4.5 Ending and facilitating at the end or termination of employment relationship
Private email address and details of any partner for pension purposes
Date of leaving employment
We process this data based on the performance of the contract and our legal obligation. We use your email address to send you information.
4.6 Facilitating security of the premises and parking lot
License plate number
We process this data based on a legitimate interest. We consider it important that our premises are properly secured against unauthorized access by strangers, which is why your access card is linked to your identity. In addition, the barriers are set up so that specific employees have access to the parking lot. To be able to use the automatic opening of the barrier, we use your license plate number.
4.7 Requesting an e-recognition account
Certain functions require the use of an e-recognition account. An e-Recognition account is personal and must be requested from the central government by the employer. Requesting an account requires us to provide a copy of your valid ID.
4.8 How do BTg and the business units handle my personal data?
With whom do we share personal data?
BTg and/or the business units provide your personal data to third parties when we are legally obliged to do so or when there is an agreement entered into by you or us. For example, the Tax Authorities (legally required in the context of the tax to be levied), but also the pension administrator (for collecting the premium based on the agreement).
In addition, we may provide personal data to parties (processors) who perform work for us. Parties can only receive our order if they have demonstrably taken appropriate security measures and guarantee confidentiality. An example is ADP; they provide us with (digital) HR services.
Below is an overview of third parties who may receive or view your personal data:
Occupational health and safety service
Temporary employment agency
Assessment or screening agencies
4.9 Processor agreement with third parties
When we provide personal data to third parties for a specific assignment, we use a processor agreement. In the processor agreement, we make arrangements with this party regarding the use and security of personal data.
4.10 How long do we keep your personal data?
We do not store personal data longer than necessary. In doing so, we follow the BTg retention period policy. For example, we retain personal data of job applicants for 28 days after the completion of the application process. Employee personal data is generally retained for 7 years after termination of the employment contract.
5. Security, confidentiality and monitoring
We handle your personal data with care and pay great attention to the security of personal data in our systems. This includes measures to secure our IT systems and prevent misuse. But also security of the physical spaces where personal data is stored. We have an up-to-date Information Security Policy and employees are periodically trained in the handling and security of personal data.
We have a Data Protection Officer who oversees how personal data is processed within BTg and the business units. In addition, we have a fully equipped IT department supervised by a CISO and Privacy Officers who oversee the proper handling of personal data in relation to information security.
5.1 Employees of BTg and the business units
All our employees have signed a declaration of confidentiality and taken the financial sector oath or pledge. We handle personal data with care and only authorized personnel can view and process personal data of employees and job applicants (personnel data).
These authorized persons are employed or supervised by BTg. BTg may outsource the processing of personnel data to authorized employees of BTg and/or its business units abroad. Personnel data may also be processed outside the EEA by employees of BTg for reporting and administrative support tasks.
6. What privacy rights do you have?
You have the right to access your personal data and can generally access the personal data we process about you within one month of your request to us.
You can ask us to correct inaccuracies in your personal data.
Information about retention periods can be requested via HR or firstname.lastname@example.org.
You can ask us to delete personal data under certain circumstances. We will in that case take all reasonable steps to inform other processors who process personal data on our behalf that you have requested the deletion of links to and copies of your personal data.
6.4 Objection to processing
If you object to certain processing of your personal data, you may indicate this.
6.5 Restriction of processing
You can request us to restrict the processing of personal data under certain circumstances, for example if the accuracy of personal data is disputed.
You can ask us to obtain the personal data you have provided to us digitally, which we store automatically, in a structured, common and machine-readable form from us, for example, in order to then send it to a third party. This is called "data portability.
6.7 Withdrawal of consent
Where you have given consent to use your personal data, you may withdraw this consent, whereby we will no longer process the personal data you have consented to.
When exercising these rights, exceptions may apply, as a result of which certain rights cannot be exercised in all cases. It is possible, for example, that on the basis of a legal obligation or a more important legitimate interest, we will not (yet) remove your personal data or not remove them completely. In that case you will receive a message about this.
7. Adjustment of the Privacy Statement
Privacy legislation is changing. We may amend this privacy statement in order to remain up-to-date. For example in case of new developments, when our business changes or as a result of a legal ruling. We encourage you to periodically review this Privacy Statement in the Policy house. If an important change is made, we will inform you via the intranet.
8. Questions, complaints and exercise of rights
Do you have questions about the way we handle your personal data? Please drop by the Data Protection Officer or send a message to email@example.com.
If you wish to exercise your privacy rights, or if you have a complaint about the use of your personal data, please contact our Data Protection Officer in writing. You will receive a response within four weeks of receiving your message. If we are unable to resolve your complaint together, you can report your privacy complaint to the Dutch Data Protection Authority (AP) or choose to go to court.
You can send your letter or e-mail to:
Blauwtrust Groep B.V.
Attn: Data Protection Officer
P.O. Box 280
3000 CX Rotterdam