This is an old revision of the document!
Table of Contents
Privacy Regulations
The Privacy Regulations are a company-wide document that governs how FritsJurgens deals with GDPR-qualifying personal data. It is one of the policies governed by the Operations circle.
Privacyreglement
Naar dit reglement wordt verwezen vanuit:
- Website (of op de website moet een variant komen met alleen het publieke gedeelte)
- Diverse wiki-pagina's
This policy is based on the General Data Protection Regulation (GDPR: link), which took effect on May 25, 2018.
The Privacy Policy for the Protection of Personal Privacy in the Context of Personal Registration was held for services provided by FritsJurgens.
Responsible publisher: FritsJurgens© December 5, 2023. All rights reserved. No part of this publication may be reproduced, stored in an automated database, or disclosed in any form or manner without prior written consent from the responsible publisher.
1. Definitions
In this policy, the following terms are defined:
| Privacy | The right of individuals to protect personal privacy concerning recording and providing personal data. |
|---|---|
| Data Subject | The individual whose data is processed. This includes employees, network contacts, customers, debtors, and suppliers. |
| Data Controller | The entity determining the purpose of processing personal data; within FritsJurgens, this is the management. |
| Processor | The entity authorized to process personal data; within FritsJurgens, this includes the administration and employees, including hired external subcontractors. |
| Processor Supervisor | The entity processing personal data under the authority of the data controller. |
| Recipient | Someone who receives personal data. |
| Personal Data | All information that can be traced back to an identified natural person. |
| Health Data | Personal data related to a person's physical or mental health, including healthcare data provided. |
| Processing of Personal Data | Any action involving personal data, including but not limited to collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, disseminating, or destroying data. |
| Consent | Demonstrable agreement of the data subject to the intended data processing, provided through signature, checkbox + signature on a consent form, data submission by the data subject who has previously consented to recorded data, or written consent such as email or WhatsApp message. |
| Confidentiality | Every employee of FritsJurgens who has access to the personal data of employees and customers is obliged to maintain confidentiality. This obligation also applies after termination of employment. |
2. Scope
This policy applies to all paper and digital files, unwritten information within FritsJurgens, and associated data exchange and processing.
FritsJurgens processes information in the following categories:
- Unordered List ItemFor Salary: Name, Address, Postal Code, Citizen Service Number, contact details such as position/salary scale/salary, a copy of ID, and the signed tax declaration.
- Unordered List ItemIn case of sick leave, Include name, address, postal code, citizen service number, salary, nature of sick leave, and reintegration progress.
- Unordered List ItemFor Internal Communication: Name, position, business email address, business phone number, schedule, and tasks.
opmaak
For Business Activities: Dietary preferences and allergies.
For Emergencies: Emergency contact information.
Regarding employment, we share data with:
Payroll administration (Mulderij & Partners): for payroll administration. They use the online payroll administration package Loket.nl. The payroll administration also provides the legally required information to the Tax Authorities. Pension Fund (ASR): exclusively for the initial registration with them (you subsequently permit them to process and transmit your data to the payroll administration; they are the data processor for this). Possible Sick Leave Insurance (currently not applicable): This includes personal data such as Name, Address, Citizen Service Number, Salary, and sick leave percentage. Occupational Health Service: The occupational health service has insight into the nature of sick leave. Possible Absence Guidance (Alpina@Work): Communication with the absence guidance organization involves reintegration in case of prolonged illness. Accountant (Afier): The accountant has access to and receives a copy of the entire administration, including the payroll administration. For work-related activities, we share data with:
IT partner (MatenICT), software suppliers (Microsoft, Zoho, Holaspirit): your name and business contact details. Colleagues: All employees and interns within FritsJurgens. Through the administration package, all employees have access to all colleagues' work schedules and business contact details. This includes name, position, business email address, business phone number, work schedule, and roles. Organizer of company outings: name, dietary preferences, and allergies (if participating). Subcontractors and FritsJurgens seconded employees: considered external colleagues. The administration ensures that these external colleagues have access to the business contact details of the employees they are dealing with. Customers: only name, position, business email address, and work schedule. Website: the name and position of the employee. Emergency contact involves the contact details of one or more individuals who should be contacted in emergencies. Regarding data of potential customers and network contacts: We register:
Name, business contact details, inquiry, and role within the company we have contact with. All communication (emails, chats, phone notes). All other information these customers offer, including search behavior on our website and media expressions. Company data, including what we can find through data enrichment from publicly accessible internet sources. This policy applies within FritsJurgens and relates to the processing of personal data of:
Employees, including interns. (Potential) customers and network contacts, such as the relationship with and data of other individuals in the personal network. Debtors, such as clients and budget managers. Suppliers, including subcontractors and other companies. 3. PURPOSE OF PERSONAL REGISTRATION
The purpose of collecting and processing personal data is to have the necessary information for conducting market analysis, sending newsletters (if subscribed), and managing personnel and the company's functioning.
The data of employees are collected and processed for: A. Making and executing an employment or internship agreement. B. Conducting payroll administration. C. Collaborating as colleagues. D. Being prepared for emergencies.
The data of (potential) customers and network contacts are collected and processed for: A. Communicating in emergencies. B. Coordinating services with the individual's network.
The data of debtors, or clients, are collected and processed for: A. Executing and communicating about provided orders. B. Invoicing and receiving payment. C. Discussing potential new orders.
The data of creditors, or suppliers and subcontractors, are collected and processed for: A. Executing and communicating about provided orders. B. Paying invoices and accounting for payments. C. Discussing deliveries or services.
Responsibility for management and liability:
The management is responsible for ensuring the proper processing and management of personal data and can be held liable for it, except in case of force majeure. 4. RIGHTS OF THE DATA SUBJECT
When the data subject has given written consent for the processing of their data, the management must be able to prove that this has occurred. The data subject has the right to withdraw their consent at any time. The data subject has the right to data portability. The data subject has the right to be forgotten. The data subject has the right to access. The data subject has the right to rectification and supplementation. 5. DATA RETENTION
Different documents have different retention periods:
Destroying paper files: 2 years after departure. Destroying digital files: 5 years after release. Destroying access logbook: 5 years after mutation date. Destroying email archive: 5 years after release. Destroying digital calendars: 5 years after the end of the fiscal year. Destroying paper day sheets: 2 years after the end of the fiscal year. Destroying time registration: 5 years after the end of the fiscal year. Destroying personnel file: 2 years after termination of employment. Destroying payroll administration: 7 years after the end of the fiscal year. Destroying financial information (debtors): 7 years after the end of the fiscal year. Destroying list of destroyed files: 20 years after destruction. Destroying digital backups: 5 years after backup date. Destroying data in administration: 5 years after departure. Destroying after approved destruction request: 3 months after the request. Destroying job application letter and CV: 4 weeks after completion of the job application process, or one year for open applications. 6. COMPLAINTS PROCEDURE
The data subject can file a complaint with the management about data processing. This can be done in writing via info@fritsjurgens.com.