088 - 448 70 00 Login
Context GITP3

Privacy Policy

I. Introduction

These privacy regulations concern the processing of personal data by GITP B.V., including its subsidiary PiCompany B.V. The processing of personal data includes the collection, storage, recording, modification, collection, requesting, consultation or destruction of personal data.

GITP B.V. (hereinafter 'GITP') collects personal data from clients, participants, suppliers and visitors to our websites.

GENERAL DATA PROTECTION REGULATION

The GDPR (General Data Protection Regulation) is European legislation with direct effect within the European Economic Area. On 25 May 2018, these regulations replaced the Dutch Personal Data Protection Act.

GDPR AND PROTECTION OF PERSONAL DATA

With a view to compliance with this law, GITP secured ISO 27001 certification (most recent renewal was at the end of 2019) to provide its clients and participants additional certainty. To this end, we have also set up an information security policy management system.

Compliance with this ISO standard is accompanied by a (mandatory) awareness programme for all (new) employees about privacy and information security. [This programme] includes our system of technical and organisational security measures and procedures for reporting incidents, control mechanisms, staff training, evaluation of activities and continuous improvement. GITP management is the owner of this programme and is assisted by a Security Officer and Data Protection Officer in this regard.

The protection of privacy has always played a very important role in our organisation. All assessment psychologists must be member of the NIP (Dutch Institute of Psychologists) and are bound (under disciplinary law) to handle assessment data with the utmost care.

We handle personal data and client information with the utmost care when processing them within our organisation; the principles set out in the GDPR are the starting point, as are those in the professional codes of conduct which GITP abides by or considers itself bound by.

This means, among other things, that GITP:

  • provides information in a comprehensible and transparent manner about how and for what purposes personal data are processed;
  • processes personal data only for justified, well-defined purposes and bases the data processing on one of the principles referred to in the GDPR;
  • takes appropriate organisational and technical security measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage;
  • informs persons about their rights with respect to the personal data processed by GITP;
  • does not process data any more or any longer than necessary.

PURPOSES AND PRINCIPLES GITP

collects personal data for various purposes and based on various principles; for example, for the provision of services as agreed with you and/or your employer, for pre-contractual activities (i.e. a quote or proposal) or for processing a request you submitted through one of the forms on our website. We then have a legitimate interest in processing your data; the processing of data is necessary for a proper processing of your request. On various pages of the website, you will be asked to enter personal data, for example if you want to get in touch with us or request information. We carry out certain processing operations only with your consent, which you can withdraw at any time.

GITP AS CONTROLLER GITP

acts as the Controller in respect of the processing of personal data for the provision of part of its services. In this capacity, GITP itself determines the purposes and means of the data processing and, with respect to the processing of personal data, bears ultimate responsibility for compliance with all applicable laws and regulations for the protection of personal data. As Controller, GITP has data processing accounts (processing register). This register is part of the Information Security Policy and, like other documents, is regularly reviewed and updated as necessary.

GITP AS PROCESSOR

If and insofar as GITP processes personal data in the performance of its services to and on behalf of clients, the latter will act as Controller for the processing of personal data and GITP as Processor. Not GITP, but the client determines the purposes and means and is ultimately responsible for compliance with all applicable laws and regulations for the protection of personal data with respect to the processing of personal data. In that case, a Processing Agreement with the client will also be applicable. As Processor, GITP will only process these personal data in a manner that is necessary for the provision of its services arising from a contract for the provision of services and in accordance with the instructions of the Client concerned. Exceptions to the foregoing will only apply in the event of a legal obligation to which GITP as Processor is subject. Without prejudice to existing contractual arrangements with clients, GITP will treat all personal data with strict confidentiality and will inform employees and sub-processors involved in the processing of personal data of the confidential nature of personal data. GITP ensures that such persons and parties sign an appropriate confidentiality agreement. In its role as Processor, GITP will not outsource any activities that consist (partly) of processing personal data or that require processing of personal data to a third party without the client's prior consent. GITP ensures that the third party is bound by the obligations that apply to GITP and that this party complies with them. On the instructions of clients, the data of test participants may be enriched with information provided by the client or additional information gathered by GITP. The processing of this information and the linking to data of test participants, test data and results is done with GITP in the role of Processor and the client in the role of Controller. GITP will only share results obtained in aggregated form and without naming individual persons with the client or third parties; in case personal data are provided to the client or third parties, this will only happen with the consent of the test participant (as obtained by the client). The following sections provide more detailed information.

II. WEBSITE

COOKIES

We use cookies on our websites and in our apps. You can disable cookies for all sites through your browser.

WHAT ARE COOKIES?

Cookies are small, simple text files that are saved on your computer, tablet or mobile phone when you visit a website. Cookies improve the user-friendliness when you visit the GITP website and/or use GITP apps.

WHY DO WE USE COOKIES?

GITP uses cookies to keep anonymous track of the number of visitors to the site, the pages visited and the information requests made. The cookies used by GITP do not contain any name and address data; only data about your use are stored (pages visited, technical details and IP address). These data are used to analyse usage and visits, so that we can optimise our websites and apps and serve you even better in the future. Naturally, we will handle this information with care.

WHAT HAPPENS WHEN COOKIES ARE TURNED OFF?

If you turn off your cookies, we have less insight into (website) use, so we cannot optimise it to serve you better in the future.

OPTING OUT OF COOKIES

If you prefer not to use cookies, you can block or delete them via your browser at any time. Instructions for adjusting the browser settings can be found under 'Help' in the toolbar of most browsers.

To give website visitors more choices about how their data are collected by Google Analytics, the Google Analytics Opt-out Browser Add-on can be downloaded.

III. YOUR PERSONAL DATA - PURPOSES, PRINCIPLES AND USE OF YOUR

THE PROVISION OF (PRE-) CONTRACTUAL SERVICES

GITP processes your personal data in order to be able to provide our services to you. We use the data, for example, to prepare a quote at your request and subsequently execute the contract, to maintain the relationship with you in relation to the application, to process and confirm instructions for registration or to send an invoice. We also use the data to answer information requests; it then is our legitimate interest to process your personal data for this purpose.

INVOLVEMENT OF AND SHARING WITH THIRD PARTIES

GITP, as Controller, may engage other parties to carry out an aspect of or part of the services for you; this may involve, for example, an external consultant, trainer or assessment psychologist, or an external test or test system as part of the assessment, or an ICT system or platform through which we carry out our services, for example, a CRM system or e-learning platform. Insofar as these third parties need access to personal data in order to perform these services, GITP has contracted the appropriate contractual, technical and organisational security measures to ensure that these third parties use or process your data solely for the intended purposes and in accordance with the instructions we have agreed with these third parties.

SHARE WITH THIRD PARTIES FOR LEGAL REASONS

We may share your personal data with third parties if we believe that access to and use of the personal data is reasonably necessary to (i) comply with applicable laws, regulations and/or court orders; (ii) prevent, detect or resolve fraud, (future) security issues or technical problems; and/or (iii) protect the interests, properties or safety of GITP, our users or the public insofar as this is in conformity with the law.

MARKETING AND SALES ACTIVITIES

GITP informs clients about special offers, innovations and other relevant (professional) content related to our services, in accordance with the applicable regulations, or because you have given your explicit permission for this. We can do this by telephone, e-mail, newsletters or direct personal contact. Of course, you always have the right to indicate that you wish to opt out.

PROCESSING OF YOUR DATA ON THE GITP WEBSITE

We collect and use your personal data on our website in order to provide you with (personalised) web content and for targeted communication. Your data will also be used for research and analysis in order to improve our services and websites, as explained above. We may also use data entered on our websites to send you information about other GITP services by e-mail, provided you have given your consent for this. You can, of course, revoke this consent at any time.

JOB APPLICATION PURPOSES FOR VACANCIES AT GITP OR OUR CLIENTS

We offer you the possibility on the website to send us your motivation letter and C.V. within the scope of open or regular job applications at GITP or one of our clients, to subscribe to our job alerts or for inclusion in our talent pool. Your data will be stored in a database managed by GITP and hosted by a third party. It is then our legitimate interest to process your personal data. This processing is necessary to have the application procedure run smoothly or to be able to provide you with job alerts.

SCIENTIFIC RESEARCH

Pseudonymised test data can be used by the scientific department of GITP for validation and standardisation of tests as well as for benchmarking purposes and statistical analyses. The data are protected by additional security measures. It is our legitimate interest to ensure the quality of tests and to continue doing so.

Under no circumstances will GITP sell your data to third parties.

IV. RETENTION PERIODS

GITP does not store your personal data longer than is necessary for the purposes for which the data were collected. The retention period depends on the nature of the information and the purposes of the processing.

Below we list the retention periods of personal data for different purposes and services.

Insofar as personal data are involved in the tax retention obligation: 7 years

Participant data in our accounting records or marketing system: 5 years after the last registration or activity, so that we can continue to advise and inform you about next development steps, based on previous activities. Or, for example, to be able to verify your right to a certificate of participation (which you have lost); in short, to be able to provide services to you.

For job application procedures: 4 weeks, unless you indicate that you would like a longer retention period of 1 year. You can renew this annually.

Inclusion in the talent pool or subscription to job alerts: 1 year with an annual renewal option.

Your assessment file and test data: 2 years. The final report will only be shared with the client with your consent. You will have access to it in advance and can ask for further clarification.

Your coaching file: 2 years.

Learning activities within the framework of e-learning or blended learning: 1 year or 90 days, depending on the contract.

Your personal participant portal (if applicable within a service) will remain open to you by way of service, unless you indicate that it can be removed. We will inform you in good time about the destruction of your assessment reports, for example, so that you can download them to your own computer at any time.

V. YOUR RIGHTS

You have the right to request the following in writing:

ACCESS TO YOUR PERSONAL DATA.

You can ask us whether we process personal data of you. If so, we will explain which of your personal data we are processing, how we do this and for what purposes. You can also ask us for a copy of the personal data we process of you. This is subject to a necessary restriction of the right to inspect the raw test material; we cannot provide a copy of that. However, according to the Dutch Data Protection Authority, allowing access during an interview, combined with the written final report containing the results of the test, leads to a reasonable balance between the right of access on the one hand and preserving the value of the tests and the copyright protection of the psychological tests on the other.

RECTIFICATION OF YOUR PERSONAL DATA.

If you believe that the personal data of you we are processing are incorrect or incomplete, you may request us to supplement or amend your data.

DELETION OF YOUR PERSONAL DATA.

You can ask us to delete the personal data we process of you. We will delete your data without unreasonable delay after receiving a request to do so if: the data are no longer necessary for the purpose for which we have processed them; you no longer give us your consent for processing, if that was the basis for processing; the data have been processed by us for direct marketing purposes; you object to the processing and there is no reason (any longer) why we should continue to process the data; or there is a legal reason for deleting the personal data.

RESTRICTION OF THE PROCESSING OF YOUR PERSONAL DATA.

In some cases, you may wish to restrict the processing of your personal data. In this case, you can ask us to restrict the data processing. We will comply with such a request if it appears after examination that this is possible, for example, if you do not wish to have all your data deleted but other data are no longer required for the original purpose.

QUESTIONS, REQUESTS, COMPLAINTS AND MONITORING

You may have a question, request or complaint.

For questions and requests, please contact us using this form.

If you wish to file a complaint, you can use our complaint form below

FILE A COMPLAINT

Or via the contact details below:

GITP B.V.
Attn. Data Protection Officer
Ptolemaeuslaan 40
Telephone: 088 – 448 70 00
E-mail: privacy.office@gitp.nl

You will receive a written response within 4 weeks .

FILING A COMPLAINT WITH THE PERSONAL DATA AUTHORITY

The Dutch Data Protection Authority is the Dutch watchdog monitoring compliance with the GDPR. You have the right to file a complaint with this Authority if you believe that your rights have been violated. The website of the Dutch Data Protection Authority (www.autoriteitpersoonsgegevensp.nl) provides an option for this.

You may have a question, request or complaint. Please contact us using this form.

Om aan uw aanvraag te kunnen voldoen, verwerken wij uw persoonsgegevens. Meer informatie over hoe we met uw gegevens omgaan vindt u in onze Privacy policy *

Versiebeheer van dit privacyreglement LET OP DIT IS NOG NIET VERTAALD

GITP behoudt zich het recht voor om dit privacyreglement te wijzigen. Gewijzigde versies worden gedateerd gepubliceerd op onze website. Dit privacyreglement is voor het laatst bijgewerkt in oktober 2020.