Privacy Policy

May 2018

  1. WHO ARE WE AND WHAT DO WE DO?
  2. We are MrWork B.V. We provide services in the field of online recruitment processes through social media, search engines and other online marketing (“Services”). You can find more information about our Services on the website: www.mrwork.co.uk (“Website”). This privacy policy applies to the use of our Website and the Services we provide.

    This is a Privacy Policy. In this document we explain what type of personal data we collect through our Website and Services. We also explain what purposes we use the data for, how we secure them and how we store them.

  3. WHAT IS THIS?
  4. Dit is een Privacy Policy. In dit document leggen we uit welk soort persoonsgegevens we verzamelen via onze Website en Diensten. We leggen ook uit voor welke doeleinden we de gegevens gebruiken, hoe we ze beveiligen en hoe we ze opslaan.

  5. PRIVACY AND RELEVANT LEGISLATION
  6. We take your privacy very seriously. We comply with the new General Data Protection Regulation (“GDPR”) which will replace the different privacy laws in European member states as per 25 May 2018. This legislation will hereinafter be referred to as the “Relevant Legislation”.

  7. WHAT IS ‘PERSONAL DATA’?
  8. Personal Data refers to all the information that could allow you to be directly or indirectly identified. This definition is in accordance with the Relevant Legislation. This is a broad definition: even dynamic IP addresses are considered to be personal data in some circumstances.

  9. WHAT PERSONAL DATA DO WE COLLECT?
  10. We collect and process most personal data on behalf of our customers within the context of our Services. Our customers define the purpose and the means of such processing of personal data, which means they act as “Data Controller” within the meaning of the Relevant Legislation. We only process such personal data following the instructions of our customers and not for our own purposes. Within this context we therefore act as “Data Processor” within the meaning of the Relevant Legislation.

    Apart from the processing of personal data for the sake of our customers, we also collect and process some personal data for our own purposes. Within this context we act as Data Controller ourselves within the meaning of the Relevant Legislation.

  11. WHAT PERSONAL DATA DO WE COLLECT?
  12. As Data Processor we collect and process the following personal data on behalf of our customers:

    Data of job applicants
    • Name;
    • Email address;
    • Phone number (optional);
    • Personal data described in motivation;
    • Personal data described in CV.

    As Data Controller we collect and process the following personal data:

    Data of potential job applicants who send a job opening to themselves by email
    • Email address.
    Contact data of our customers
    • Name;
    • Business name;
    • Phone number;
    • Email address;
    • Job title within the company;
    • Business address;
    • Other data which are shared through email, contact form, phone or other messaging services;
    • Bank account number;
    • VAT number;
    • Chamber of Commerce number.
    Login data of the accounts of our users
    • Name;
    • Email address;
    • users ID;
    • Password;
    • IP address;
    • Browser data;
    • Registration data;
    • Time registration;
    • Login times history;
    • Password reset times history.
    Contact data of potential customers of persons who complete a form e.g. on our website
    • Name (optional);
    • Business name (optional);
    • Phone number (optional);
    • Email address;
    • Job title within company (optional);
    • Other data which are shared within the message (optional).

  13. WHAT IS THE PERSONAL DATA FOR?
  14. As Data Processor

    Data of job applicants

    We process the personal data on behalf of our customers exclusively for the sake of transferring the data of a job applicant to the customer. This implies inter alia that we will never view these personal data for our own purposes or will store a copy for ourselves. Furthermore, we will also delete the personal data, as soon as our customers ask for this. These and other commitments have been laid down in the Data Processing Agreement we enter into with our customers.

    Data of potential job applicants

    We process the data of potential job applicants on behalf of our customers exclusively to provide our Services to them. This means, for example, that we can show the potential job applicants personalised advertisements (also known as ‘advertisements based on interests’ or ‘retargeting’) and to measure the conversion of an online campaign, by using trackers. We will delete the personal data as soon as our customers ask for this. These and other commitments have been laid down in the Data Processing Agreement [link] we enter into with our customers.

    As Data Controller

    We use the personal data as Data Controller for the following purposes:

    Data of potential job applicants who send the job opening to themselves by email
    • These data are used to send an email as reminder to yourself or to bring a job opening to the attention of someone you know. These data are solely used to allow sending the email. We do not use these data for any other purposes and we do not share these data with our customers or other parties.
    Contact data of our customersn
    • To identify our customers, to stay in touch regarding the cooperation and to send our customers invoices for the Services we perform for them.
    Login data of the accounts of our users and customers
    • To create and manage the accounts for users and customers on our Website;
    • To recognize a user who logged in;
    • To protect data in the event of abuse through the same IP address;
    • To secure IP addresses in the event of a request for password reset.
    Contact data of potential customers of persons who complete a form e.g. on our website
    • To contact and inform the recruitment and HR departments of companies about our Services.

  15. HOW LONG DO WE KEEP THE PERSONAL DATA?
  16. As Data Processor:

    As Data Processor we store the personal data for our customers as long as the customer in question uses our Services and uses the personal data within such context. If the cooperation with the customer ends, then we will still store the data for 2 months. After this term we will remove or destroy the personal data and all their copies, save we are held by law to store the data for a longer period.

    As Data Controller:

    As Data Controller, we remove the personal data as soon as they are no longer necessary for the purposes stated above. In no event will the personal data be stored for more than five years following the date on which they have been changed for the last time. We keep the personal data of our own employees as long as required by the applicable laws.

  17. DO WE SHARE YOUR PERSONAL DATA WITH OTHERS?
  18. As Data Processor:

    As Data Processor, we process the personal data on behalf of our customers only according to their instructions. We will never share these personal data with someone else, save our customers order us to do so.

    However, it is possible that we use the services of “Sub Data Processors” (by order of our customers), for instance for storing the data and monitoring recruitment campaigns. Within this context such Sub Data Processors will receive personal data. The Sub Data Processors must strictly follow our instructions and those of our customers regarding the processing of such personal data. Therefore, they will not use the personal data for their own purposes. We will ensure that all Sub Data Processors comply with the requirements of the Relevant Legislation.

    The Sub Data Processors we may use as Data Processor, with the consent of our customers, are for instance: Amazon, Google, Dropbox and Exact Online. It is also possible that we use the services of Sub Data Processors for personalized advertisements (also known as ‘interest-based ads’ or ‘retargeting’). The Sub Data Processors we may use for this as Data Processor, with the consent of our customers, are for instance: Google, Facebook, Twitter and LinkedIn. These external providers can post your ads on sites on the internet.

    As Data Controller:

    We also use the services of Sub Data Processors for the personal data we process for our own purposes.

    The The Sub Data Processors we may use as Data Controller are for instance: Amazon Web Services, MailChimp and Salesforce.

    Apart from the above, we will not share your data with third parties – unless we are legally obliged to do so.

  19. DATA EXPORT OUTSIDE THE EUROPEAN UNION
  20. We may transfer personal data to parties outside the EU, if our customers ask for this or if one of our Sub Data Processors is established outside the EU. The personal data will only be transmitted to countries and/or parties offering an adequate level of protection which meets the European standards. We will check inter alia whether an organization outside the EU is listed in the Privacy Shield List and whether the level of protection of the third country has been approved by the European Commission.

    If we use Sub Data Processors established outside the EU on behalf of our customers and the Sub Data Processor does not offer an adequate level of protection in accordance with the European standards, then we will record this in the agreements with our customer. De customer, being Data Controller, will ensure that the required permission is obtained from the data subjects for the use of these parties.

    Transfer of data outside the EU will always be in accordance with the Relevant Legislation (such as Article 76(1) of the Dutch Data Protection Act – replaced as per 25 May 2018 by Chapter 5 of the GDPR).

  21. GENERAL AGGREGATED (NON-PERSONAL) DATA
  22. We may convert your personal data in non-personal data. This means that the data will be fully and irreversibly anonymized and aggregated: in that case they do not include any personal data anymore, because no identification can take place on the basis of the data. We may share such aggregated data with business partners for analytical purposes, demographic profiling and improving our services.

  23. HOW DO WE PROTECT THE PERSONAL DATA?
  24. We protect all the personal data we process from unauthorized or unlawful access, change, disclosure, use and destruction. We take the following technical and organizational measures to protect the data:

    • Security of network connections through Transport Layer Security (TLS);
    • Restricted access to the (personal) data for employees through two-step verification;
    • Encryption for passwords and authentication tokens;
    • Passwords that are complicated and have to be replaced every 2 months;
    • Encryption of personal data through XTS-AES-128 encoding with a 256-bits-code;
    • The employee agreed upon signing the employment agreement next to the general terms and conditions and the privacy policy, to secrecy of all data and all details both during and after the employment;
    • Every employee at MrWork is aware of the latest developments in the privacy policy. Furthermore, there is a privacy FAQ and a contact point to address questions to;
    • Every employee at MrWork is aware of the clean desk policy. Hard copy documents are physically stored in closed cabinets and laptops are automatically locked within 15 minutes;
    • Annual internal security audits.

  25. COOKIES
  26. We may use cookies on our Website. In this respect we act as Data Controller. A cookie is a simple small text file that can be stored in your computer when visiting the Website. This text file identifies your browser and/or computer. When visiting our Website again, the cookie ensures that our Website recognizes your browser or computer.

    We use the following type of cookies

    Functional cookies

    Functional cookies are essential to the operation of our Website. They allow you to navigate through our Website and use the functions incorporated in it.

    Analytical or statistical cookies

    Analytical cookies are used to review the quality and effectiveness of the Website. For instance, we can see how many users visit the Website and what pages are visited. We use this information to improve our Website and services.

    Tracking cookies

    Tracking cookies follow the click behavior and surfing behavior of our visitors. Through cookies of external providers, including Google, Facebook, Twitter, LinkedIn can be used to post ads based on previous visits of a user to our job website.

    If you do not wish to have cookies sent to your computer, you can change this through the cookie settings of your browser. Bear in mind that some functions or services of our Website may not function, or not so well, without cookies.

    We use the following cookies
    - Google Analytics;
    - Adwords remarketing tag;
    - Facebook Pixel;
    - Twitter Pixel;
    - Linkedin remarketing tag.

    If you do not want cookies to be sent to your computer, you can unsubscribe to the use of an external provider by going to the unsubscribe page of the Network Advertising Initiative.

    You can also unsubscribe to cookies of Google-cookies. Information about this is available in the Settings for ads of Google.

  27. THIRD PARTY WEBSITES
  28. You can find links on our Website which link to the websites of partners, providers, advertisers, sponsors, licensors or any other third parties. We have no control of the content or the links which appear on said websites and we are not responsible for the practices of websites linked to or from our Website. Furthermore, these websites, including their content and links, may constantly change. These websites may have their own privacy policies, user conditions and customer policies. Browsing and interaction on any other website, including websites linked to or from our Website, are subject to the terms and conditions of such website.

  29. AMENDMENTS OF THIS PRIVACY POLICY
  30. We are constantly looking for ways to improve our Website and Services. Therefore, we may update this privacy policy from time to time. If we change the privacy policy significantly, then we will post a notification on our Website together with the updated privacy policy.

  31. YOUR RIGHTS AND OUR CONTACT DATA
  32. As described in the Relevant Legislation, you have the right to:

    • Ask us to correct and update your data;
    • Ask us to remove your data from our data records, without stating any reason;
    • Ask us for a copy of all personal data we processed of you. We may also forward this copy to another daya manager at your request;
    • Ask us for a copy of all personal data we processed of you. We may also forward this copy to another daya manager at your request;
    • Withdraw your consent for processing your data. This does not affect the validity of the processing before the moment you withdraw your consent;
    • File an objection with us to the processing of your data;
    • File a complaint with the Personal Data Authority, if you believe that we process your data unlawfully;

    If you have any questions, comments or concerns regarding the way in which we process your personal data, please contact us through the contact data below.

    MrWork B.V.
    Westblaak 7A
    3012 KC Rotterdam
    T: 010 737 15 21
    M: info@mrwork.nl
    W: www.mrwork.nl
    KvK nummer: 57298890
    BTW nummer: NL852521480