088 - 448 70 00 Login 088 - 448 70 00 Login
Context GITP3

Privacy statement

I. Introduction

This privacy statement relates to the processing of personal data by GITP B.V., GITP Ontwikkeling B.V. and GITP Training & Opleiding B.V. (hereinafter: 'GITP'). Processing of personal data includes the collection, storage, recording, modification, collection, retrieval, consultation or destruction of personal data. GITP collects personal data from clients, participants, suppliers and visitors to our websites.

General Data Protection Regulation

GITP is responsible for complying with all applicable laws and regulations for the protection of personal data, in particular the European Regulation 2016/679 or the General Data Protection Regulation (GDPR).

GDPR and protection of personal data

GITP is ISO 27001 certified with a view to compliance with the GDPR and with the aim of assuring clients, participants, suppliers and visitors to our websites that GITP protects personal data in the best possible way. In this context, GITP has set up an information security management system.

Compliance with this ISO standard is accompanied by an awareness program for all (new) employees about privacy and information security. The whole includes GITP's system of technical and organisational security measures and procedures for incident reporting, control mechanisms, employee training, evaluation of activities and continuous improvement. The management of GITP owns this program and is assisted by a Security Officer, Privacy Officer and Data Protection Officer.

The protection of privacy has traditionally played a very important role in our organisation. All assessment psychologists are mandatory members of the NIP (Netherlands Institute of Psychologists) and are bound (by disciplinary law) to handle assessment data with the utmost care.

In all processing within our organisation, we handle personal data and customer information very carefully. The principles and obligations of the GDPR are the starting point here, as are those in professional codes to which GITP conforms.

This means, among other things, that GITP:

  • Informs in an understandable and transparent manner about how and for what purposes the personal data is processed;
  • Processes personal data only for legitimate and specific purposes and bases the data processing on one of the bases mentioned in the GDPR;
  • Takes appropriate organisational and technical security measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage;
  • Informs individuals of their rights with regard to the personal data processed by GITP;
  • Does not process more or longer personal data than necessary.

Purposes and principles

GITP collects personal data for different purposes and on different principles: for example for the provision of services as agreed with you and/or your employer, for pre-contractual activities (such as making an offer) or for processing the request you send us via one of the forms on our website.

GITP has a legitimate interest in processing your data: the processing of the data is necessary for the proper handling of your request. On various pages of our website, you are asked to enter personal information, for example when you want to contact us or request information. We only carry out certain processing operations with your permission. You can also withdraw this consent at any time.

GITP is an independent controller

Personal data – all information about an identified or identifiable natural person that is shared with GITP – is processed by GITP as an independent controller for the purpose of or in connection with: (i) the provision of GITP's services and the fulfilment of its obligations in the best and most professional way possible; (ii) the ability to make independent decisions with regard to the processing of personal data necessary for the realisation of the quality of the services offered; (iii) applicable requirements in legislation and regulations; (iv) requests from and communications to competent authorities; and (v) administrative and customer relationship purposes.

GITP complies with the applicable laws and regulations with regard to the protection of personal data and in particular, is independently responsible for compliance with the GDPR. In its capacity as independent controller, GITP has a processing register. This registry is part of GITP's Privacy Control Framework and is periodically reviewed and updated as required.

Without prejudice to the existing contractual arrangements and agreements with clients, GITP will treat all personal data in the strictest confidence and inform employees and sub-processors involved in the processing of personal data about the confidential nature of personal data. GITP ensures that such persons and parties undertake to treat personal data in the strictest confidence and to keep it secret.

On behalf of clients, test participant data can be enriched with information provided by clients or additional information collected by GITP. The processing of this information and the link to test participant data, test data and results also takes place with GITP and clients in the role of independent and autonomous controllers. GITP will only share results arising from this in aggregated and anonymised form with clients or third parties. In the event that GITP provides personal data to clients or third parties, this will only take place with the consent of the test participant (obtained by the client). More specifically, GITP provides reports to clients, unless the test participant has indicated to GITP's client that he/she does not grant permission for this.

II. WEBSITE

Cookies

We use cookies on our websites and apps. You can disable cookies for all sites and apps through your browser.

What are cookies?

Cookies are small, simple text files that your computer, tablet or mobile phone receives when you visit a website. Cookies are not computer programs and cannot be used to spread computer viruses. Cookies make visiting the website and using GITP apps more user-friendly.

Why do we use cookies?

GITP uses cookies to anonymously keep track of how many visitors the site receives, which pages are visited and which information requests are made. The cookies that GITP uses do not contain name and address data; only data related to your use are stored (pages visited, technical details and IP address). This data is used for analysis of use and visits so that we can optimise our websites and apps and provide you with an even better service in the future. We will, of course, handle this information with care.

What happens if cookies are disabled?

If you disable your cookies, we have less insight into the (website) use, which means we cannot optimise it to serve you better in the future.

Which cookies does GITP use?

GITP uses functional cookies, analytical/statistical cookies and marketing/tracking cookies.

Third Party Cookies

Third-party cookies are also placed on our website. The privacy and cookie policy of this third party applies to the use of cookies by third parties. We advise you to regularly consult the websites of these third parties and refer you to the following link for a complete overview of parties that place cookies and/or other technologies on our website: Cookie Policy GITP

Unsubscribe from cookies

If you prefer not to use cookies and/or other technologies, you can disable or delete them at any time via your browser. Instructions for adjusting the browser settings can be found under 'Help' in the toolbar of most browsers.

To give website visitors more choice about how their data is collected by Google Analytics, you can also download the Google Analytics Opt-out Browser Add-on.

III. TALENT INTELLIGENCE PLATFORM (TIP)

On GITP's Talent Intelligence Platform, HR professionals, managers, participants and our advisors work together to select new employees, map talent and show which development opportunities people have in-house.

How does TIP work?

The Talent Intelligence Platform makes it easy to choose, compile and plan assessments. The Talent Intelligence Platform contains a personal customer dashboard with 'real-time' insight into the progress of current processes, final reports and advice. By using the Talent Intelligence Platform, our clients build a wealth of information that helps them to make strategically sound HR decisions. Prior to taking an assessment via TIP, test participants are given the opportunity to accept this privacy statement.

Which of your personal data is processed on TIP?

GITP only collects and uses personal data that is necessary for carrying out assessments via TIP.

IV. YOUR PERSONAL DATA – PURPOSES, PRINCIPLES AND USE OF YOUR DATA

Providing (pre-)contractual services

GITP processes your personal data in order to provide our services to you. For example, we use the data to make an offer at your request and then to implement the agreement, to maintain the relationship with you in relation to the order, to process and confirm an order for registration or to send an invoice. We also use the data to answer information requests and have a legitimate interest in processing your personal data for this purpose.

Third party involvement and sharing

As a controller, GITP may engage other parties to perform an aspect or part of the services for you; this may concern, for example, an external consultant, trainer or assessment psychologist, or an external test (system) as part of the assessment, or an ICT system or platform with which we provide our services, for example, a CRM system or e-learning platform. To the extent that these third parties need access to personal data to perform these services, GITP has contracted appropriate contractual, technical and organisational security measures to ensure that these third parties only use or process your data for their intended purposes and in accordance with the instructions, provided we have agreed with these third parties.

Share with third parties for legal reasons

We may share your personal information with third parties if we believe that access to and use of the personal information is reasonably necessary to (i) comply with applicable laws, regulations and/or court orders, (ii) prevent fraud, (future) prevent or detect or resolve security issues or technical problems and/or iii) protect the interests, properties or safety of GITP, our users or the public to the fullest extent permitted by law.

Marketing and sales activities

GITP is happy to inform customers about offers, innovations and other relevant (professional) content related to our services, in accordance with the applicable regulations, or because you have given explicit permission for this. We can do this by phone, email, newsletters or direct personal contact. Of course, you always have the right to say that you do not or no longer wish to receive these.

Processing of your data on the GITP website

GITP collects and uses your personal data on our website to provide you with (personalised) web content and to communicate with you in the most targeted way. Your data is also used for research and analysis to improve our services and websites, as set out above. We may also use information entered on our websites to email you information about other GITP services, provided you have consented to this. You can, of course, revoke this consent at any time.

Application purposes for vacancies at GITP or our clients

We offer you the option on the website to send us your cover letter and CV in the context of (open) job applications at GITP or one of our clients, to subscribe to our job alert or to be included in our talent pool. Your data is stored in a database maintained by GITP and hosted by a third party. In that case, it is our legitimate interest to process your personal data. The processing is necessary to ensure that the application procedure runs smoothly or to provide you with job alerts.

Research & Development

Only anonymised test data can be used by the Research & Development department of GITP for the validation and standardisation of tests, as well as for benchmarking purposes and statistical analyses. The data is protected with additional security measures. It is our legitimate interest to (continue to) guarantee the quality of testing. GITP will not sell your data to third parties under any circumstances.

V. RETENTION PERIODS

GITP does not store your personal data for longer than is necessary for the purposes for which the data was collected. The retention period depends on the nature of the information and the purposes of the processing.

Below we list the retention periods of personal data for various purposes and services:

  • Insofar as personal data is subject to the statutory fiscal retention obligation: seven (7) years
  • Participant data in our administration or marketing system: five (5) years after the last registration or activity, so that we can continue to advise and inform you about the next development steps based on previous activities. Or, for example, to verify your right to a (lost) participation certificate, in short, to be able to offer you services.
  • For application procedures: four (4) weeks, unless you indicate that you would like the longer retention period of one (1) year. You can renew this annually.
  • Talent Pool Inclusion or Job Alert Subscription: One (1) year with annual renewal option.
  • Your assessment file and test data: two (2) years. The final report will only be shared with the client with your permission. You will have prior access to this and can request further clarification.
  • Your coaching file: two (2) years.
  • Learning activities in the context of e- or blended learning: one (1) year or ninety (90) days, depending on the agreement.

Your personal participant portal (if this is the case within a service) will, in principle, remain open to you as a service, unless you indicate that it may be removed. We will inform you in good time about the destruction of your assessment reports, for example, so that you can download them to your own computer at any time.

VI. YOUR RIGHTS

You have the right to request us in writing or by email to:

1. Access to your personal data.

You can ask us whether we process your personal data. In that case, we will explain which of your personal data we process, how we do so and for what purposes. You can also request us to send you a copy of your personal data that we process with the exception of the raw test material. In connection with the right to inspect the raw test material, a necessary restriction applies: we cannot provide a copy of this raw test material. According to the Dutch Data Protection Authority, providing access during an interview, in combination with the written final report in which the results of the test are described, leads to a reasonable balance between the right of access on the one hand and preserving the value of the data. tests and the copyright protection of our assessments, (psychological) tests, test material, questionnaires, etc. on the other.

2. Correction of your personal data.

If you believe that the personal data we process about you is incorrect or incomplete, you can request us to supplement or change your data.

3. Deletion of your personal data.

You can request us to delete the personal data we process about you. We will delete your data without undue delay upon receipt of a request to do so if: (i) the data is no longer necessary for the purpose for which we have processed it, (ii) you no longer give us permission for processing, if that was the basis for processing, (iii) the data has been processed by us for direct marketing, (iv) you object to the processing and there is no (further) reason why we should continue to process the data or (v) there is a legal reason for deleting your personal data.

4. Restriction of the processing of your personal data.

In some cases, you may wish to restrict the processing of your personal data. In such a case, you can request us to limit the data processing. We will comply with such a request if after investigation it appears that this is possible, for example, if you do not want all your data to be deleted, but other specific data is no longer necessary for the original purpose.

QUESTIONS, REQUESTS, COMPLAINTS AND MONITORING

Filing a complaint with GITP

If you wish to submit a complaint directly to GITP, you can use the complaint form below or via:

GITP B.V.
Privacy Office
PO Box 2182
3500 GD Utrecht
Phone: 088 – 448 70 00
E-mail: privacy.office@gitp.nl

You will receive an answer by e-mail within four (4) weeks at the latest.

Submitting a complaint to the Data Protection Officer

GITP has appointed a Data Protection Officer. They monitor the application and compliance of the GDPR by GITP. You can submit a complaint directly to this Data Protection Officer. This can be done by e-mail via privacy.office@gitp.nl for the attention of the Data Protection Officer.

Submitting a complaint to the Dutch Data Protection Authority
The Dutch Data Protection Authority is the Dutch supervisory authority that monitors compliance with the GDPR. You have the right to file a complaint with the Dutch Data Protection Authority if you believe that your rights have been violated. You will find an option for this on the website of the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

You may have a question, request or complaint. Please contact us using this form.

In order to fulfill your request, we process your personal data. More information about how we handle your data can be found in our Privacy policy

Amendments

GITP expressly reserves the right to amend this privacy statement. The latest amendments are effective as of 1 January 2022 and concern the positioning of GITP as data controller, an addition to the right of inspection, the inclusion of the Talent Intelligence Platform (TIP) in this privacy statement, the exclusive use of anonymised personal data for Research & Development and a change to the postal address of the Privacy Office.