Privacy Policy CFR The Netherlands B.V.

From 25 May 2018 the European General Data Protection Regulation (GDPR) is applicable.CFR The Netherlands B.V. has established its privacy policy in accordance with the AVG.

What does this policy cover?

Protecting privacy and personal information is of the utmost importance to us. We want to tell you about this as clearly as possible here in our privacy policy. This policy:

  • sets out the types of personal data that we collect about you;
  • explains how and why we collect and use your personal data;
  • explains how long we keep your personal data for;
  • explains when, why and with who we will share your personal data;
  • sets out the legal basis we have for using your personal data;
  • explains the effect of refusing to provide the personal data requested;
  • explains the different rights and choices you have when it comes to your personal data; and
  • explains what measures we take to secure your data.

Who we are

CFR The Netherlands B.V. is located in Amsterdam (Stadionkade 95/3, 1076 BL Amsterdam). CFR The Netherlands is part of CFR Global Executive Search Alliance. A network of Executive Search agencies with more than 60 branches and approximately 300 consultants. The network (hereinafter referred to as CFR Group) extends over 30 countries in Europe, North and South America, Asia and Australia

What personal data do we collect?

When you register your CV with us via email for the purposes of applying for an advertised vacancy or as a speculative approach/enquiry we may ask for certain information from you, including, but not limited to: your name, address, email address, education, skills and qualifications, employment history (including remuneration details), references, job requirements (including location, salary sought, job industry, job title) plus any other information you may volunteer to us or which is contained in your CV.

If you make an enquiry with us using our online enquiry form, we may collect certain information from you, including, but not limited to: your name, your job title, your company name, your email address, your phone number, plus any other information you may volunteer to us as part of your enquiry.

As a client we may collect certain information from you including, but not limited to: your name, your job title, your company name, your email address, your phone number, plus any other information you may volunteer to us.

We will never ask you to provide special category data. Where you volunteer special category data we will never use it to uniquely identify you.

Why do we collect your data?

It is necessary for our legitimate interests to collect and process your data in order to provide a service to you:

  • As a candidate it is necessary in order for us to consider your application for an advertised vacancy.
  • As a client we require sufficient personal information to be able to contact you.

This means that we process it in ways you would reasonably expect, which have a minimal privacy impact and because there is a compelling justification to do so.

We know that legitimate interests is our lawful basis for processing your data because we have conducted a Legitimate Interest Assessment (LIA). Based upon that assessment, we have concluded that the rights and freedoms of you – the data subjects, would not be overridden and that in no way would you be caused harm by our processing your data in the manner set out within this policy.
How do we store your data?

The information you provide to us or that we hold about you is stored, where applicable, in a secure cloud server, electronically in our databases, or in our manual databases and sometimes in hard copy. When you call us by phone we collect Calling Line Identification (CLI) information. We do not retain any other information from the calls or record them.

How long do we keep your data?

If you are a candidate or potential candidate we keep your data for two years from when we first receive it. If you are a client we retain sufficient personal information to be able to contact you indefinitely.

Your Individual Rights

Under the EU General Data Protection Regulation 2016, you have a number of specific rights over how we handle your personal data which are set out below. Further information and advice can be found by contacting the Information Commissioner’s Office.
You have the right to be informed about how we use your information in a concise, transparent, intelligible manner. It must be easily accessible, and it must use clear and plain language.
You have the right to obtain access to any personal information we hold about you.
You are entitled to have personal data rectified if it is inaccurate or incomplete.
Sometimes referred to as the right to be forgotten, you have the right to request that your data is erased where you feel there is no compelling reason for us to continue to store or process it.
You have the right to ask us to restrict processing. This means that we will stop processing your data, but may retain enough information about you to ensure we do not process it in the future.
You have the right to obtain and reuse your personal data for your own purposes across different services. For example should you wish to move, copy or transfer your data from one IT environment we will enable this in a safe and secure way, without affecting its usability.
You have the right to object to certain types of processing, including processing for direct marketing purposes.
We do not carry out this type of decision making. Which means we do not:
1) make decisions solely by automated means without any human involvement; or
2) automate processing of personal data to evaluate anything about you.

Sharing your information with third parties

We will not disclose personal information that you provide to any third party, except under the following circumstances:

  • as necessary for job applications or other services that you have requested;
  • with third parties who act for us for further processing i.e. to provide services that you have requested (such as reference checks, qualification and criminal reference checking services and psychometric assessment);
  • third parties who perform functions on our behalf and who also provide services to us (such as professional advisors, IT consultants carrying out testing and development work on our business technology systems); or
  • when we believe the law requires it; for example, to prevent and detect crime and to produce anonymised statistics.

Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable law.
Where your application is successfully shortlisted for consideration for a job opportunity, your personal information will be shared with our client. The information we share may include (but is not limited to):

  • Your CV and any other similar written documents that you have provided to us demonstrating your work experience;
  • Comments from your interview(s) with us;
  • Psychometric assessment reports; and
  • Evidence of identification and qualifications.

Transfer of data abroad

We are a global business and from time to time, with your specific consent we may transfer your personal information to CFR Global Executive Search partners located around the world. Where appropriate, before disclosing personal data to another CFR Global Executive Search partner, we contractually require them to take adequate precautions to protect that data and to comply with applicable law for their jurisdiction. We will not share your data in this manner without your specific consent. In such circumstances, you are entitled to receive a copy of our Data Sharing Arrangement for Joint Controllers should you wish.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 22 May 2018.

Complaints or queries

We aim to meet the highest standards when collecting and using personal data. For this reason, we take any complaints we receive about this seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you have any queries or wish to make a complaint you can call us on +31 6 53 15 39 78, email or write to us at:
CFR The Netherlands
Stadionkade 95 / 3
1076 BL Amsterdam

Contact with the local supervisory authority
For the Netherlands:
You can contact the Autoriteit Persoonsgegevens in the following ways:
• By telephone: (+31) 900 2001 201
• Online: available here
By post: Postbus 93374, 2509 AJ Den Haag