These privacy regulations concern the processing of personal data by GITP B.V., including its subsidiary PiCompany B.V. The processing of personal data includes the collection, storage, recording, modification, collection, requesting, consultation or destruction of personal data.
GITP B.V. (hereinafter 'GITP') collects personal data from clients, participants, suppliers and visitors to our websites.
The GDPR (General Data Protection Regulation) is European legislation with direct effect within the European Economic Area. On 25 May 2018, these regulations replaced the Dutch Personal Data Protection Act.
With a view to compliance with this law, GITP secured ISO 27001 certification (most recent renewal was at the end of 2019) to provide its clients and participants additional certainty. To this end, we have also set up an information security policy management system.
Compliance with this ISO standard is accompanied by a (mandatory) awareness programme for all (new) employees about privacy and information security. [This programme] includes our system of technical and organisational security measures and procedures for reporting incidents, control mechanisms, staff training, evaluation of activities and continuous improvement. GITP management is the owner of this programme and is assisted by a Security Officer and Data Protection Officer in this regard.
The protection of privacy has always played a very important role in our organisation. All assessment psychologists must be member of the NIP (Dutch Institute of Psychologists) and are bound (under disciplinary law) to handle assessment data with the utmost care.
We handle personal data and client information with the utmost care when processing them within our organisation; the principles set out in the GDPR are the starting point, as are those in the professional codes of conduct which GITP abides by or considers itself bound by.
This means, among other things, that GITP:
collects personal data for various purposes and based on various principles; for example, for the provision of services as agreed with you and/or your employer, for pre-contractual activities (i.e. a quote or proposal) or for processing a request you submitted through one of the forms on our website. We then have a legitimate interest in processing your data; the processing of data is necessary for a proper processing of your request. On various pages of the website, you will be asked to enter personal data, for example if you want to get in touch with us or request information. We carry out certain processing operations only with your consent, which you can withdraw at any time.
acts as the Controller in respect of the processing of personal data for the provision of part of its services. In this capacity, GITP itself determines the purposes and means of the data processing and, with respect to the processing of personal data, bears ultimate responsibility for compliance with all applicable laws and regulations for the protection of personal data. As Controller, GITP has data processing accounts (processing register). This register is part of the Information Security Policy and, like other documents, is regularly reviewed and updated as necessary.
If and insofar as GITP processes personal data in the performance of its services to and on behalf of clients, the latter will act as Controller for the processing of personal data and GITP as Processor. Not GITP, but the client determines the purposes and means and is ultimately responsible for compliance with all applicable laws and regulations for the protection of personal data with respect to the processing of personal data. In that case, a Processing Agreement with the client will also be applicable. As Processor, GITP will only process these personal data in a manner that is necessary for the provision of its services arising from a contract for the provision of services and in accordance with the instructions of the Client concerned. Exceptions to the foregoing will only apply in the event of a legal obligation to which GITP as Processor is subject. Without prejudice to existing contractual arrangements with clients, GITP will treat all personal data with strict confidentiality and will inform employees and sub-processors involved in the processing of personal data of the confidential nature of personal data. GITP ensures that such persons and parties sign an appropriate confidentiality agreement. In its role as Processor, GITP will not outsource any activities that consist (partly) of processing personal data or that require processing of personal data to a third party without the client's prior consent. GITP ensures that the third party is bound by the obligations that apply to GITP and that this party complies with them. On the instructions of clients, the data of test participants may be enriched with information provided by the client or additional information gathered by GITP. The processing of this information and the linking to data of test participants, test data and results is done with GITP in the role of Processor and the client in the role of Controller. GITP will only share results obtained in aggregated form and without naming individual persons with the client or third parties; in case personal data are provided to the client or third parties, this will only happen with the consent of the test participant (as obtained by the client). The following sections provide more detailed information.
Cookies are small, simple text files that are saved on your computer, tablet or mobile phone when you visit a website. Cookies improve the user-friendliness when you visit the GITP website and/or use GITP apps.
WHAT HAPPENS WHEN COOKIES ARE TURNED OFF?
If you turn off your cookies, we have less insight into (website) use, so we cannot optimise it to serve you better in the future.
To give website visitors more choices about how their data are collected by Google Analytics, the Google Analytics Opt-out Browser Add-on can be downloaded.
GITP processes your personal data in order to be able to provide our services to you. We use the data, for example, to prepare a quote at your request and subsequently execute the contract, to maintain the relationship with you in relation to the application, to process and confirm instructions for registration or to send an invoice. We also use the data to answer information requests; it then is our legitimate interest to process your personal data for this purpose.
GITP, as Controller, may engage other parties to carry out an aspect of or part of the services for you; this may involve, for example, an external consultant, trainer or assessment psychologist, or an external test or test system as part of the assessment, or an ICT system or platform through which we carry out our services, for example, a CRM system or e-learning platform. Insofar as these third parties need access to personal data in order to perform these services, GITP has contracted the appropriate contractual, technical and organisational security measures to ensure that these third parties use or process your data solely for the intended purposes and in accordance with the instructions we have agreed with these third parties.
We may share your personal data with third parties if we believe that access to and use of the personal data is reasonably necessary to (i) comply with applicable laws, regulations and/or court orders; (ii) prevent, detect or resolve fraud, (future) security issues or technical problems; and/or (iii) protect the interests, properties or safety of GITP, our users or the public insofar as this is in conformity with the law.
GITP informs clients about special offers, innovations and other relevant (professional) content related to our services, in accordance with the applicable regulations, or because you have given your explicit permission for this. We can do this by telephone, e-mail, newsletters or direct personal contact. Of course, you always have the right to indicate that you wish to opt out.
We collect and use your personal data on our website in order to provide you with (personalised) web content and for targeted communication. Your data will also be used for research and analysis in order to improve our services and websites, as explained above. We may also use data entered on our websites to send you information about other GITP services by e-mail, provided you have given your consent for this. You can, of course, revoke this consent at any time.
We offer you the possibility on the website to send us your motivation letter and C.V. within the scope of open or regular job applications at GITP or one of our clients, to subscribe to our job alerts or for inclusion in our talent pool. Your data will be stored in a database managed by GITP and hosted by a third party. It is then our legitimate interest to process your personal data. This processing is necessary to have the application procedure run smoothly or to be able to provide you with job alerts.
Pseudonymised test data can be used by the scientific department of GITP for validation and standardisation of tests as well as for benchmarking purposes and statistical analyses. The data are protected by additional security measures. It is our legitimate interest to ensure the quality of tests and to continue doing so.
Under no circumstances will GITP sell your data to third parties.
GITP does not store your personal data longer than is necessary for the purposes for which the data were collected. The retention period depends on the nature of the information and the purposes of the processing.
Below we list the retention periods of personal data for different purposes and services.
Insofar as personal data are involved in the tax retention obligation: 7 years
Participant data in our accounting records or marketing system: 5 years after the last registration or activity, so that we can continue to advise and inform you about next development steps, based on previous activities. Or, for example, to be able to verify your right to a certificate of participation (which you have lost); in short, to be able to provide services to you.
For job application procedures: 4 weeks, unless you indicate that you would like a longer retention period of 1 year. You can renew this annually.
Inclusion in the talent pool or subscription to job alerts: 1 year with an annual renewal option.
Your assessment file and test data: 2 years. The final report will only be shared with the client with your consent. You will have access to it in advance and can ask for further clarification.
Your coaching file: 2 years.
Learning activities within the framework of e-learning or blended learning: 1 year or 90 days, depending on the contract.
Your personal participant portal (if applicable within a service) will remain open to you by way of service, unless you indicate that it can be removed. We will inform you in good time about the destruction of your assessment reports, for example, so that you can download them to your own computer at any time.
You have the right to request the following in writing:
You can ask us whether we process personal data of you. If so, we will explain which of your personal data we are processing, how we do this and for what purposes. You can also ask us for a copy of the personal data we process of you. This is subject to a necessary restriction of the right to inspect the raw test material; we cannot provide a copy of that. However, according to the Dutch Data Protection Authority, allowing access during an interview, combined with the written final report containing the results of the test, leads to a reasonable balance between the right of access on the one hand and preserving the value of the tests and the copyright protection of the psychological tests on the other.
If you believe that the personal data of you we are processing are incorrect or incomplete, you may request us to supplement or amend your data.
You can ask us to delete the personal data we process of you. We will delete your data without unreasonable delay after receiving a request to do so if: the data are no longer necessary for the purpose for which we have processed them; you no longer give us your consent for processing, if that was the basis for processing; the data have been processed by us for direct marketing purposes; you object to the processing and there is no reason (any longer) why we should continue to process the data; or there is a legal reason for deleting the personal data.
In some cases, you may wish to restrict the processing of your personal data. In this case, you can ask us to restrict the data processing. We will comply with such a request if it appears after examination that this is possible, for example, if you do not wish to have all your data deleted but other data are no longer required for the original purpose.
You may have a question, request or complaint.
For questions and requests, please contact us using this form.
If you wish to file a complaint, you can use our complaint form below
You will receive a written response within 4 weeks .
The Dutch Data Protection Authority is the Dutch watchdog monitoring compliance with the GDPR. You have the right to file a complaint with this Authority if you believe that your rights have been violated. The website of the Dutch Data Protection Authority (www.autoriteitpersoonsgegevensp.nl) provides an option for this.
Versiebeheer van dit privacyreglement LET OP DIT IS NOG NIET VERTAALD
GITP behoudt zich het recht voor om dit privacyreglement te wijzigen. Gewijzigde versies worden gedateerd gepubliceerd op onze website. Dit privacyreglement is voor het laatst bijgewerkt in oktober 2020.