ˇ

Privacy statement

1.    Introduction – who we are

 

Schelstraete Delacourt Associates Group (referred to below as "SDA", "we" or "us") takes your privacy very seriously and considers it important for your personal data (referred to below as "your data") to be treated with the necessary care and confidentiality at all times.

 

Schelstraete Delacourt Associates Group is made up of the following partnerships:

 

  • Schelstraete Delacourt Associates NV/SA, with registered office at Bagattenstraat 165, 9000 Ghent (Belgium) and registered in the KBO/BCE Crossroads Bank for Enterprises under number 0439.928.256;
  • Schelstraete Delacourt Associates BV, with registered office at Bavinckhouse - Prof. J.H. Bavincklaan 2, 1183AT Amstelveen (the Netherlands), and registered in the KVK under number 24253488;
  • Schelstraete Delacourt Associates SARL, with registered office at Rue de l'Industrie 22, 8399 Windhof (Luxembourg), registered in the RC under number B223190.

 

This privacy statement (hereinafter the "Privacy Statement") explains why we collect your data and what we do with it. If you have any questions after reading this Privacy Statement, you are welcome to discuss them with your known contact person at our offices. We can also be reached as follows:

Schelstraete Delacourt Associates Group
f.a.o. Privacy department
Bagattenstraat 165
B-9000 Gent
Belgium


2.    What is the scope of this 

Privacy Statement?

 

This statement only applies to the data that SDA processes as (joint) data controller. This means that we (jointly) determine the purpose and means for the processing of your data. In Title 4 of this Privacy Statement, we will provide further details about the situations in which we act as a (joint) data controller.

 

However, we can already clarify that this Privacy Statement applies to processing the data of (1) customers who purchase services from us, (2) candidates in the context of our recruitment and selection services or in connection with direct services that these candidates purchase from us and (3) business partners who assist us in providing our services to our customers and candidates, or whom we assist in providing services to their customers, for example by providing them with suitable, consenting candidates where appropriate (e.g., within the framework of an assignment of an international nature). The data of former and potential future customers, candidates and business partners is also handled with the greatest possible care and security, in accordance with this Privacy Statement.

 

We understand 'processing of data' as meaning any processing of data that could identify you as a natural person. Which specific data this concerns will be explained below in this Privacy Statement. The concept of 'processing' is broad and includes the collection, storage, use or distribution of your data.


3.    What we do with your data

When do we collect your data as (joint) data controller?


We may process your data if:

  • You contact us, or have contacted us:
    e.g., visiting our website www.s-d-a.eu;
    e.g., filling in the contact form on our website;
    e.g., applying for an open position with one of our customers, or submitting a general application and having yourself included in our database with a view to finding a suitable job, or applying for a position at SDA itself;
  • We provide or have provided one of our services to you, as a customer, candidate or business partner;
  • We may provide services to you in the future, as a customer, candidate or business partner;
  • You are our contact for one of our customers, candidates or business partners.

 

What data can we process about you?

Below, we will clarify which data we can process about you, depending on your relationship with SDA. This does not mean that in all cases we will have all the data about you as listed below. After all, this will always depend on the specific situation and your preferences.

 

Visitors to our website

If you visit our website, we may process the following data from you through the use of cookies and through your use of functions that we have provided on the website (e.g., the contact form).

  • Identification information: a copy of your identity card (only as necessary in order to verify your identity if you wish to exercise one of your rights as a data subject based on the GDPR);
  • Electronic identification data: including your IP address, browser type, location, connection times;
  • Contact details and contact history: including your name and e-mail address when using the contact form on our website, messages sent and received (such as by e-mail or via the contact form provided on our website).

 

Customers and business partners

We may process the following data from our (contact persons at our) current, former and potential future customers and business partners. Which data we effectively process about you will of course depend on the specific recruitment and selection services that you, as our customer, purchase from us, have purchased or may wish to purchase from us, or on the way in which you assist us as our business partner in providing the aforementioned services to our customers.

  • Identification information: including a copy of your identity card (only as necessary in order to verify your identity if you wish to exercise one of your rights as a data subject based on the GDPR);
  • Contact details: including your name, address, landline telephone number, mobile phone number, private and/or personal e-mail address; professional position;
  • Contact history: including messages sent and received (such as by e-mail or via the contact form provided on our website);
  • Public data: publicly available data (e.g., data on the website of the company to which you belong);
  • Payment details: including payment card details, account number, if you make payments to us or receive payments from us.

Candidates and applicants

We may process the following data from our (contact persons at our) current, former and potential future candidates for positions that we are trying to fill on behalf of our customers. The same applies to candidates who purchase services directly from us, persons who rely on us to provide services outside the standard recruitment and selection services (e.g., CEO training), and persons who apply for a position within SDA itself. Naturally, the data processed in this case depends to a large extent on the data that you yourself provide to us in the context of your application, this specific service or application.

  • Identification information: including a copy of your identity card (only as necessary in order to verify your identity if you wish to exercise one of your rights as a data subject based on the GDPR);
  • Personal details: including age, gender, date of birth, place of birth, marital status, nationality ;
  • Contact details: including your name, address, landline telephone number, mobile phone number, private and/or personal e-mail address; professional position;
  • Contact history: messages sent and received (such as by e-mail or via the contact form provided on our website);
  • Work-related data: including CV, education, diplomas, language skills, employer (incl. background), professional activities, professional skills, publications, salary, assessment & development reports, interview report, reference checks, social media profiles;
  • Lifestyle preferences and personality profile: including hobbies, social activities, personality, community involvement;
  • Public data: including publicly available data (e.g., press reports, your profile on professional social networks).

 

Special categories of data


In principle, we will not process special categories of data (e.g., medical data, political views, religious or philosophical beliefs, trade union membership) unless you provide it to us with your explicit consent.

 

For the fulfilment of the agreement (e.g., the submission or assessment of your application), it may be necessary for us to ask to view your certificate of good conduct or other information regarding criminal convictions and offenses. However, we will not process this data in any way, and we will therefore not ask you to provide us with a copy. In the event that other parties request such information, we ask that you provide this information – if feasible – directly to the requesting party.

 

What are the legal grounds that we apply for processing your data?


We only process your data for legitimate purposes, and it will always be processed according to the grounds for processing as listed in the General Data Protection Regulation (GDPR).

 

In general, we process your data because it is necessary for the performance or termination of the agreement with our customers, candidates and business partners and in order to provide you with our services, or to allow you to provide your services to us.

 

In addition, we may process your data on the basis of our legitimate interests which, in specific cases, may outweigh any potential harm to your rights. In such cases, to this end, we will have made a careful assessment, thoroughly balancing our interests against your interests, with a view to the valid application of this legal basis. In addition, you retain the right at all times to object to the processing of your data based on our legitimate interests. When we rely on the legal basis of our legitimate interests, depending on the case, this will concern one of the specific interests listed below:

  • To be able to offer a secure and well-functioning website by using strictly necessary cookies;
  • To improve our services to our customers by engaging, where appropriate and relevant, an international network of companies with expertise and experience in recruitment and selection, by involving InterSearch WorldWide (an international network of executive search companies of which we are a part), by providing InterSearch itself and members of this network with limited information for the sake of the optimal execution of our assignments, when we deem it appropriate to involve this network in a (potential) assignment (for example due to the international nature of the (potential) assignment, or the need for specific information that could be valuable for the completion of an assignment with an optimal result), whereby the data that we share is, however, limited to that which would appear useful and where, in normal cases, no or only very limited personal data is shared, which moreover only relates to (potential) customers and never to candidates, unless you, as a candidate, would specifically give your permission for this;
  • To improve our services by requesting your valuable feedback on them as our current or former customer, candidate or business partner, or to investigate your interest in services not yet offered with a view to the possible expansion of our offering as a company;
  • To provide information about our activities and services, via electronic channels or otherwise, that we believe may be of interest to you based on the existing relationship you have with us as our current or former customer, candidate or business partner in the context of our recruitment and selection services, whereby you always have the absolute right to object to this as far as direct marketing is concerned.
  • The limited use of publicly available information (such as on the candidates' profiles on professional social networks), including for the purpose of being able to offer our services to you, for example in light of open positions that we believe may be of interest to you and for which we believe that the customer may be interested in your profile;
  • To combat fraud and abuse of the services we offer;
  • To ensure the legal exercise or defence of our interests, if we believe that our interests are being harmed and legal proceedings are required, or if legal action would be taken against us by a person who believes that they have been harmed by us.

 

In addition, we may process your data on the basis of your (explicit) consent. In particular, we rely on consent as a legal basis, regarding our candidates, to include them in our database and to submit their application to organisations that have suitable positions available. If you have granted us verbal permission to process your data, we will always send you an e-mail confirming your consent. You may withdraw your consent at any time by contacting us. We ask that you confirm a verbal withdrawal of your consent in writing, or that you withdraw your consent by e-mail or letter.

 

Finally, we process your data for legal purposes in order to fulfil the legal obligations incumbent upon us. For example, we are legally required to comply with your requests based on data protection laws and regulations, and we as a company must keep the relevant accounting documents for the legally required term.

 

If we further process your data for purposes other than those for which it was collected, we will contact you and, if necessary, offer our services and/or ask for your consent. If this contact is made by telephone, we will subsequently send you an e-mail stating that we will process your data in accordance with this statement.

 

For what purpose do we collect your data?


We collect your data for various purposes.

  • Operational purposes: for example, in order to keep our services user-friendly, answering your contact request, considering your application;
  • Business purposes: for example, to manage relationships with our customers, candidates and business partners and to offer or provide you with our services, to inform you about our policies and terms and conditions, to communicate candidate information to customers, to invoice the services provided to our customers, candidates and business partners and to collect these amounts, to communicate with our employees regarding the provision of our services to you as our customer, your application as our candidate or the services we provide to you outside the scope of recruitment and selection, or our collaboration with you as our business partner;
  • Commercial purposes: for example, sending newsletters by e-mail or another channel, conducting market research, ascertaining your satisfaction as our customer, candidate or business partner;
  • Judicial or legal purposes: including for legal reasons and proceedings, compliance with laws and government orders, compliance with our internal and external audit requirements, data security, or to protect or enforce our rights, privacy, security or property or those of other persons.

 

Sometimes supplying your data is necessary for the provision of our services. For example, you cannot apply for one of the open positions for which we are recruiting without providing us with certain information and without us being able to provide this information to the company or other organisation that is our customer or our business partners and where the position is open. In our view, this is only logical, as otherwise our customer or our business partner's customer would not have sufficient information to consider your application.

 

If we wish to process your data for any purpose other than the one for which the data was obtained, we will contact you before proceeding with further processing.

How long do we store your data?


We do not store your data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed.

 

Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our retention periods for personal data are based on legal requirements and balancing your rights and expectations against what is useful and necessary to provide our services, or allow you to provide your services to us.

 

For example, we retain certain data and correspondence in order to be able to offer you services in the future that are similar to the ones we have already provided. Thus, we may, for example, offer previous candidates or applicants attractive opportunities and services in the future.

 

When it is no longer necessary to process your data, we will delete or anonymise your data. If this is not (technically) possible, for example because your data is stored in backup archives, then we will retain your data, but we will not further process it and will remove it when this becomes possible.

From whom do we receive your data?


We may obtain your information from you directly, from our customers, from public sources or from third parties.

 

If we obtain your data from our customers (e.g., as our contact person or potential candidate), and when we are not acting merely as a processor (e.g., when we only conduct an assessment, test or specific evaluation of the person concerned), we will take all reasonable measures to verify whether the data has been lawfully collected and further processed by our customer, and whether the data can be passed on to us by virtue of the legal basis used. If this is not the case, we will refuse the processing of the data concerned.

 

If we obtain your data from external (public or other) sources and we process your data in our systems as data controller, we will notify you, at the latest at the time of our first contact with you, about the processing of your data.

 

In addition to consulting public sources, such as the Crossroads Bank for Enterprises, press articles, your profile on professional social networks and other publicly available information, we have joint operating agreements with various partners such as companies specialised in collecting business information, companies specialised in providing prospect lists and other data suppliers.

 

If we further process data from external sources for other purposes than those for which they were collected, we will contact you and offer you our services and/or request your permission for the processing of your data, so that you will be aware of the processing of your data. If this contact is made by telephone, we will send you an e-mail stating that we will process your data in accordance with this Privacy Statement.

 

Where do we store your data?

We store your data chiefly on IT systems in Belgium. However, the management of some of our IT systems is outsourced to third parties, whereby the data is stored within the European Economic Area (EEA). We have also engaged IT service providers located outside of the EEA, which means that your data may also be stored outside the aforementioned countries. In this case, however, we will meet the requirements of the GDPR to ensure the adequate protection of your data in these third countries. These external service providers (e.g., the company hosting our website) act as data processors on our behalf (see also below).

 

We only share your data with the aforementioned external service providers to the extent that this is necessary for the relevant purpose. They may not use the data for other purposes. Moreover, these service providers are contractually bound to guarantee the confidentiality of your data by means of a so-called "processor agreement" concluded with these parties.


We and our processors have taken the necessary physical and appropriate technical and organisational (precautionary) measures in order to secure your data against any form of unlawful processing. Access to your data is restricted to personnel and third parties where such access is necessary for legitimate, relevant business purposes.

 

Do we share your data with third parties?

We have engaged several data processors to process your data on our behalf, including affiliates, InterSearch Worldwide and their members, IT service providers and other business service providers. We may also share your data with other third parties if this is necessary for the purposes for which the data was collected. For example, if you apply for a particular position, we may, in certain cases, pass on your data to the relevant companies or other organisations that are our customers or our business partners and are interested in your profile.


In concrete terms, this means that we share your data, where required as specified below, with the following third parties for the following purposes, whereby these third parties act as processors on our behalf:


  • Postal, transport and delivery companies with regard to your contact details for the purpose of sending mail to you as our current, former or prospective customer, business partner or candidate;
  • Payment service providers for the data that is relevant for processing your payments to us as our customer or business partner, or for processing (reimbursement) payments by us to these parties, with a view to efficient management of the payment administration within our company;
  • The processors who assist us in the IT field in operating our business, with a view to efficient digital data management within our company, including the retention of our files on customers, candidates and business partners, the sending to customers, candidates and business partners of transactional e-mails such as those for customers in connection with the performance of our assignment, for invitations to candidates for an interview, or for business partners in connection with the performance of the agreement, sending e-mails with a view to promoting our commercial activities, hosting and managing our website, mailboxes, providing us with insight into how you use our website through the services offered by Google Analytics, managing our calendar;
  • The companies or other organisations that are our customers or our business partners, where positions are open that match your profile, or for which you are specifically applying, in particular the managers within these companies or organisations and the persons responsible for HR within these companies or organisations;
  • InterSearch Worldwide (an international network of executive search companies) and other companies that are members of this network when we believe that it is appropriate to involve them in a (potential) assignment (for example due to the international nature of the (potential) assignment, or the need for specific information that could be valuable for the completion of an assignment with an optimal result), whereby the data we share is limited to what appears useful and where, in normal cases, no or only very limited personal data is shared, which moreover only relates to (potential) customers and never to candidates, unless you, as a candidate, would specifically grant your permission for this;
  • Business partners we rely on as part of the offering and delivery of our recruitment and selection services, to enable them to assist us in providing our services to you as our customer;
  • Government bodies and practitioners of regulated professions such as accountants and lawyers, with a view to complying with our legal obligations as a company, and the efficient defence of our interests in the context of any legal dispute, with regard to the data that is strictly necessary for this purpose.


Some of these external parties are located outside of the EEA. If, for example, you apply for a job outside of the EEA, in certain cases we may provide your data to the company or other organisation that is located outside of the EEA. If we provide data to external parties outside of the EEA, we will ensure that the transfer of data takes place in accordance with the relevant legislation and that there is an appropriate degree of protection. In addition, we will implement safeguards for such transfers, such as standard contractual clauses.


The transfer of your data to the parties identified above for the stated purposes, will be based, depending on the case, on (1) its necessity for the performance of the agreement we have with you as our customer, candidate or business partner, or your request to take certain measures before entering into such a contract, (2) our legitimate interests, (3) the need for this in order to comply with a legal obligation to which we are subject, or (4) your consent.


4.    When do we act as data 

controller?


We act as data controller for the data that we process from (the contact persons at) our current customers and business partners in the context of our collaboration. The same applies to data that we process from (our contact persons at) potential new customers and business partners, for example in the context of a request for information regarding our services. We also act as controller with regard to the data of persons who purchase a service directly from us that falls outside the standard recruitment and selection services (e.g., CEO training), and the data of candidate employees who submit an application to us because they would like to obtain a job with us.

 

However, in the context of the recruitment and selection services that we provide to our customers that involve the processing of candidate data, a distinction must be made. With regard to the candidates, we act in various capacities in the light of data protection legislation. For this purpose, we divide our services into three components:

Including candidates in our database


If we include you in our database of potential candidates, we will act as data controller. This only concerns the inclusion in our databases, so that we can later submit your application to customers for whom we consider your profile suitable.

 

From the moment we submit your application to one of our customers, we act together with this customer as joint data controllers for the further processing activities associated with this, as set out below.

 

Recruitment & selection


When a customer engages us to find the most suitable person to fill a particular position within the company, we act together with that specific customer as joint data controllers.

 

This means that, together with this customer, we determine the purpose and means for the processing of your data and share responsibility for this. In principle, we will check our own database for such an assignment. However, the customer is also free to propose possible candidates themselves, whom we will also consider for the execution of our assignment.

 

This joint responsibility starts when we present your application to the customer, or as soon as the customer asks us to include your application in our search for a suitable person for a specific position. The joint responsibility ends when a final decision about your application has been made.

 

For more information on the situation in which we act together with one of our customers as joint data controllers, please refer to Title 5 of this Privacy Statement.

Performing assessments, tests or specific evaluations


If we conduct an assessment, test or specific evaluation on behalf of a customer of a person proposed by the customer, we only act as a data processor in this process. In that case we are therefore strictly bound by the instructions of the customer. In that case, not SDA, but our customer is the data controller and we thus refer you to its own privacy policy and statement. In such situations, you should in principle contact the latter party with any questions, requests or complaints.

 

Should we nevertheless receive a question, request or complaint in connection with this activity, we will forward it for processing to the customer who commissioned us.

5.    Recruitment and selection: 

joint responsibility with our 

customers


In providing our recruitment and selection services to our customers, as set out under Title 4, for some of the processing activities we act together with our customers as joint data controllers. This means that, together with a specific customer, we determine the purpose and means for the processing of your data and, consequently, share the responsibility in this regard. Such a situation arises when the customer engages us to find the most suitable person to fill a particular position within the company.


If we have your data as a candidate, you retain the right at all times to request, based on your right of access, that we identify the specific customers to whom we have provided your data in the context of a recruitment and selection assignment.


In our agreement with the customer, we have made arrangements for the situation in which we act together as joint data controllers. We have thereby established the division of our respective responsibilities.


As a candidate, we will always inform you about our processing activities via this Privacy Statement, unless you have already received all relevant information from our customer. Furthermore, together with the customer, we will, of course, comply with the responsibilities that apply to all data controllers under the GDPR.


In addition, we have a mutual commitment with our customers to support each other in complying with the GDPR.


Our customer is also contractually bound to delete candidate data provided by us as soon as it is no longer relevant, for example because the customer has made a final decision not to recruit the candidate.


Who can you contact as a data subject in this case?

In this case, you can contact us, as well as our customer to whom we have passed on your data with a view to your possible recruitment.


We and the customer will notify each other of any requests and/or complaints that we receive as part of our processing activities as joint data controllers.


In this case, the processing of your request will be assigned to the party best suited for this in the light of your specific request and/or complaint. In any case, SDA and the customer will provide each other with mutual support in handling such requests and complaints.


6.    What are your rights?


You have various rights with regard to the data processed about you. If you wish to exercise one of the following rights, please contact us via the contact details stated under Title 1, as well as under Titles 8 and 9 of this Privacy Statement.

 

In particular, you have the following rights:

 

Rights to access and copy

You have the right to view your data and to receive a copy of it. This right also includes the possibility to request further information about the processing of your data, including the categories of data that are processed about you and for what purposes this is done.

 

Right to amendment or rectification

You have the right to have your data amended if you believe that we have incorrect data.

 

Right to have data deleted (right to be forgotten)

You have the right to request that we delete your data without unreasonable delay.

 

However, we will not always be able to (fully) comply with such a request, including when retaining certain data for a certain period of time is required by law.

 

Right to limit the processing

You have the right to limit the processing of your data. Thus, processing will be temporarily stopped until, for example, there is certainty about its accuracy.

 

Right to object

You have the right to object to the processing of your data that is based on our legitimate interests. This should be done for specific reasons related to your situation. In this case, we must stop the processing, unless we demonstrate compelling legitimate grounds to continue processing it.

 

However, you can always object to the use of your data for direct marketing, whereupon we are obliged to stop processing it for these purposes.

 

Right to transferability

You have the right to receive your data that you have provided to us yourself in a structured, commonly used and machine-readable form. That way the data can easily be transferred to another organisation.

 

However, the exercise of the above rights is subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals.

 

When you submit a request to exercise your rights, in the event of reasonable doubt about your identity, we will first and foremost verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands. We request that you strike through any irrelevant information, such as your national register number and photo.

 

Exercising your rights is in principle free of charge. However, if your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.

 

In any case, we will always notify you within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests) of the response to your request. In the latter case, we will inform you of the reasons for the extension of the normal response time.


7.    Changes to the Privacy 

Statement


We may unilaterally decide to make changes to this Privacy Statement. In that case, the new version will take effect immediately. The most recent version will always be made available on our website. In the event of a substantial change to this Privacy Statement that is relevant to you, we will inform you directly, if possible. The date on which this Privacy Statement was last amended is indicated below.

8.    What are your options for 

filing a complaint as data 

subject?


Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we process your data.

 

Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint.

In case of a complaint, you can contact us at any time via the contact details below

Schelstraete Delacourt Associates Group
f.a.o. Complaints - Privacy department
Bagattenstraat 165
B-9000 Gent Belgium


In addition, you can complain to the data protection supervisory authority of the EEA member state where you usually reside, have your workplace or where the alleged infringement was committed. Since we mainly conduct our activities in and from Belgium, we refer below to the contact details of the Belgian Data Protection Authority. For further information and the contact details of the supervisory authority of each EEA member state, please refer to the following website page of the European Data Protection Board: https://edpb.europa.eu/about-e....

 

Belgian Data Protection Authority You can reach the Belgian Data Protection Authority via the contact details below:

Data Protection Authority
Rue de la Presse 35
1000 Brussels
Belgium


Secondly, if you were to suffer damage, you can also file a claim for compensation with the competent court of the EEA member state where you usually reside.


For more information regarding complaints and options for redress, we invite you to consult the following page on the website of the Belgian Data Protection Authority: https://www.gegevensbeschermin...


9.    Where can I get additional

information?

We have appointed an external Data Protection Officer (DPO). Should your questions not be answered to your satisfaction, or should you have any questions or recommendations for our DPO regarding data protection in the context of our activities, you can contact our designated Data Protection Officer at any time directly via the contact details below:

  • By e-mail: dpo@s-d-a.eu
  • By letter:                 

Schelstraete Delacourt Associates Group
f.a.o. DPO
Bagattenstraat 165
B-9000 Gent
Belgium

 

Last modified on: 19/10/2020