We are DTEK GROUP B.V. (identification number 59950293) – holding and limited consulting support services providing company. As far as we determine the purposes and means of the processing of your personal data, GDPR defines us as a Controller. This means we, as a Controller, have legal responsibility for how we collect and process your personal data. Information about controller and person responsible for data protection:
If you have any questions about your personal data, how we handle or process it, or about this Privacy Policy – feel free to contact us:
Controller
DTEK Group B.V.
(or its subsidiary with whom you are in employment/business relations)
Data Privacy Manager
E-mail: dpm@dtek.com
Your privacy is our priority. We know how important is the information about processing your personal data. This Policy sets out how and why we are processing your personal data, what we do with your personal data, your rights and ways of its realization.
This Policy covers the office premise of the DTEK Group B.V., the website which we use, social media accounts, and other platforms where you may interact with us.
Personal data from candidates for employment
From time to time we are looking for new members of our team. If you want to join us - we want to know some more information about you. We use your personal information to evaluate and follow-up on your application. During application process, we will ask you to fulfill our questionnaire and provide us with your Curriculum Vitae.
We are processing your personal data for the purposes, listed below:
Personal data — We use your personal data to
We don’t process personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and we aren’t processing of genetic data, biometric data to uniquely identify you, data concerning health or data concerning your sex life or sexual orientation, except for some limited data explicitly required in accordance with the applicable employment regulations.
We also offer you an opportunity to provide supplementary information and attachments and if you find necessary to connect your application to your social media accounts (such as LinkedIn or Facebook). Providing this supplementary information is entirely voluntary. Whether you provide this information or not, will not affect your application process in any way.
Please note, that interviews, reference checks and review of information in your social media accounts may be a part of the application process.
We base our processing of these data on the legal basis of performance of a contract (i.e. in order to take steps at your request prior to entering into an employment contract and/or service agreement). For background checks we base our processing of your data on the legal ground necessary to comply with a legal obligation.
Since we process your personal data before entering into an employment contract with you, we will delete all your personal data regarding your employment if you won’t join our team. More details you may find in the Notice about personal data for job candidates which you received during your application.
Compliance checks
We also may collect information connected with your shareholding/participation of legal entities and your politically exposed person status, together with the existence of the restrictive covenants/conditions under your current and/or previous employment contract. We base our processing of these data on the legal basis of legitimate interest to check that there is no conflict of interest in case of your employment or engagement with us.
AML and KYC checks for counterparties
As part of our commitment to comply with applicable legal and regulatory requirements, we may collect and process personal data from our counterparties to conduct Anti-Money Laundering (AML) and Know Your Customer (KYC) checks. This information is collected to verify the identity of our counterparties, assess potential risks, prevent fraud, and fulfill our obligations under financial and anti-money laundering regulations.
Personal data processed for AML and KYC purposes may include information assisting to define the UBO of the business, including UBO's full name and country of citizenship/permanent residence, date of birth, full name and country of citizenship/permanent residence, date of birth of the trustee (if the ultimate owner is a nominal holder), full name/names of participants or shareholders holding 10% or more of shares, country of their citizenship/residency, date of birth is the counterparty is a legal entity; and first name(s) and surname(s) of the person, birth surname(s) of the Person (if different from the above), date of birth, nationality, National Identification Number, passport number, tax ID number, or other unique identification number (if any) and Place of permanent residence (please provide full home address, including street name; street number; city; post/zip code; country) if counterparty is an individual or a private entrepreneur and relevant documents as required by law. We may share this data with competent authorities or external service providers strictly for compliance and verification purposes.
Data retained for AML and KYC purposes will be stored securely and kept for as long as necessary to fulfill legal obligations. We base our processing of these data on the legal basis of legal obligations to check that there is no violation of applicable financial and anti-money laundering legislation in case of your employment and/or engagement.
Our Talent bank
It may happen we can’t propose work relevant to your skills and qualifications at that time. But from time to time, we need new team members. Even if we didn’t enter an employment contract with you at a certain period - we would like not to lose contact with you. For this purpose, we invented our Talent bank.
We will process your personal data for the purposes, which we collected from you as it is stated in the Section Personal data from candidates for employment stated above.
We base our processing of this data on the legal basis of your consent. If you give us your consent for processing data for our Talent bank, we will store your personal data in our Talent bank for 3 (three) years since we receive data from you. During this period, we may contact you about other existing or future job opportunities. After 3 (three) years we will delete all your personal data.
Whistleblowing and Trust line
We follow the principles of business ethics outlined in the DTEK Ethics and Business Conduct Code and treats colleagues, partners, stakeholders, clients, suppliers and advisors with honesty and integrity.
We support your right to express concerns about the results of our common goal and report inappropriate actions. If you decide to submit a report connected with violation of DTEK Code of Ethics and Business Conduct and/or any applicable legislation to the Trustline, your first name, last name, e-mail address, phone number and position might be processed as a part of examination of the violation reports or whistleblowing reports. Whistleblowing reports, except for the personal data you provide, may be shared with a limited number of third parties to investigate the incident you have described. Your personal data will be stored and may be used to communicate with you.
Your data will be stored in the message database for 36 months after providing the information. The legal basis for the processing of the data that you may provide, if you wish, is legitimate interest.
Footage from the CCTV.
We want to make our office safe for our guests and employees, protect the property of our company. To achieve these goals, we use the CCTV system as a complement to other security measures. Our CCTV systems do not infringe on restricted areas (i.e. toilets/restrooms and other similar places). More detailed information about our CCTV system, legal basis of processing, retention period and your privacy rights you may find in our CCTV Policy.
Information about your devices.
When you connect to our guest Wi-Fi network in our office, we collect IP and MAC (Media Access Control) addresses of your device. We process this info only for technical reasons and store it for 7 (seven) days after which this data is deleted automatically. If you don’t want us to process this data, please, use your mobile internet and don’t connect to our Wi-Fi network.
Also, we may process your personal data, that we gather via Cookie files. Cookies are small text files that are stored on your computer or mobile device when you navigate the Internet and that, in particular, contain a number that allows the user’s computer or mobile device to be unequivocally identified, even if the user changes locations or IP addresses. We use only necessary cookies, without which you would not be able to undertake activities on our website. More detailed information about Cookie files, that we use, and their retention period you may find in our Cookie Policy.
Information you post on our social media accounts.
We have social media accounts (Facebook, LinkedIn). If you comment or otherwise provide information in a public space, we process a record of it and any personal information included in the comment. For example, this may include comments under our posts through social media, your tags or reposts of info on our social media accounts or when you otherwise interact with us through social media.
We use the complex of organizational and technical measures for your personal data protection.
Thus, DTEK Group B.V.:
In critical areas, the Controller makes periodic assessments of impacts related to personal data protection, taking into account the risks implied by processing, particularly due to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the personal data transmitted, stored or otherwise processed.
Pursuant to the Regulation (EU) 2016/679 (General Data Protection Regulation), the Controller also uses methods to pseudonymize, anonymization and encode personal data collections. The systems and services provide continuous confidentiality, integrity, accessibility and resilience. Technical and organizational measures to provide processing security are regularly tested, assessed and evaluated.
We may involve affiliates (as a Data Processor) to process your personal data for the services connected with AML/KYC checks, compliance check, and some other services, including IT and ancillary services. We may transfer your personal data to our Affiliates outside the European Economic Area (EEA) under condition that the transfer will occur in accordance with applicable Data Protection Laws. We take reasonable steps to ensure that the personal data is treated securely (typically through the use of EU-approved Standard Contractual Clauses and related Transfer Impact Assessments).
You have many rights regarding your personal data. Read more about them below. If you would like to exercise your rights or learn more, feel free to contact us. Please note that some of the rights may not be applicable to your situation.
We respect your privacy and need to make sure, that the request for realization of your rights was sent by a person, who has a right to do this. For identification and verification, we may send you an E-mail and ask you for additional information - please, check your E-mail folders (i.e., Inbox, SPAM).
We won’t proceed with this additional information except for identification.
Please note, that if you don’t provide us with such additional information – we can’t verify your identity thus such a request may leave without an answer.
Upon receipt of the written request, it is referred to the Data Protection Manager who will determine whether realization of your rights is lawful.
Please, keep in mind that in some cases we may charge a reasonable fee for providing a copy of your personal data to cover administrative costs.
Right of access
You have the right to know what personal data we process and why. That’s why we inform you in advance about our processing activities via this Privacy Policy. If you have any questions, or would you like to learn more about what information we process from you, you are always welcome to contact us and we will provide you with further information.
Right to rectification
If you suppose we process incorrect information about you, such as your name, address, date of birth, etc., you can ask us to correct this.
Right to erasure / right to be forgotten
You have the right to tell us to permanently erase your data from our records. You can do this for example if you think there’s no longer any need for us to keep it. Or, if you previously have given your consent, you can just decide to withdraw it.
Right to restrict the processing activities
You have the right to restrict our processing activities in certain situations. This means we will continue to store your information, but we’ll temporarily stop any other processing. Why would you want to do this? For example, if you’ve asked us to fix incorrect information. In this situation you may want us to stop processing until the information is correct.
Right to data portability
In certain situations, you have the right to ask us to send your personal data in digital form to you, so that you can forward it to someone else.
Right to object
You have the right to object to the processing of your information, even when we have a legitimate legal reason to process it. You can do this when we process your information on the basis of our legitimate interest, and you believe that your personal interest outweighs ours.
Right to withdraw consent
If we process your personal data based on your consent, you have the right to withdraw your consent anytime.
Right to contact the Netherlands Data Protection Authority
If you have any complaints, for example, about the way in which we use your data or how we respond to your privacy-related questions, you can submit a complaint to the Netherlands Data Protection Authority, Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands.
Yes, we may update our Privacy Policy from time to time.
Data privacy laws are improving regularly, the Netherlands Data Protection Authority regularly publishes its recommendations and guidelines, we may change technology or our business model.
If we update our Privacy Policy, we will notify you by publishing the actual version of the Privacy Policy on our website with the new effective date before the update takes effect.
Please, check the updates of the Privacy Policy from time to time to be sure, you have read the actual version of our Privacy Policy.