Privacy statement

Privacy Statement Hallmark Cards Nederland B.V

 

Applicants, employees and temporary workers

 

Preface

As an organisation, we want to meet the General Data Protection Regulation (GDPR) requirements. Also, we believe it is essential to provide you as an applicant, employee or temporary worker with information about:

  • your personal data that we process;
  • how we process it;
  • the distribution of data to the third parties within or outside Europe;
  • how long we keep your data and;
  • how we ensure the security of this data.

 

In addition, we would like to inform you about your rights and let you know whom you can contact in case of any questions, requests or complaints. We kindly ask that you read this information carefully.

 

Personal data is any information that relates to an identified or identifiable physical person. In other words, it is the information that directly concerns you or that can be traced back to you; examples of personal data: your name, date of birth and address, your personnel number, business / private e-mail address or telephone number.

 

Personal data processing comprises all actions performed with your personal data, from collection to destruction. Data processing is a broad concept. Some of the activities include:  collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, forwarding, disseminating, making available, joining, relating, shielding, erasing and destroying the data.

 

According to the law, the following grounds allow us to process your data

We process your data for one or more of the following reasons. These are stated in the law:

  • we require the data to come to a decision whether we want to enter into an employment contract with you;
  • we require the data for concluding and/or executing the employment contract;
  • we require the data to enable us to comply with our legal obligations (for example, the correct payment of taxes and premiums or the identification obligation);
  • we require the data since we as an organisation have a legitimate interest in obtaining the data (for example, a situation in which legal proceedings are ongoing or there is a threat of such and we must be able to put forward a defence) or;
  • a situation of vital importance (for example, in an emergency, such as an accident or a condition for which you need acute care). In that case, we need to have access to your personal data to, for example, administer medicines (such as health information in the event of a serious allergy, epilepsy or diabetes), to be able to arrange help or to inform others (such as your family members);
  • we have your agreed consent for certain actions.

 

Obligation to provide data

You are obliged to provide us with the requested data if: we enter into an employment contract, execute it, and/or comply with a legal obligation. registration for a pension scheme, collective insurance or lease scheme. You cannot refuse to provide the data in the above cases. If you do so, it may mean we cannot enter into employment with you, or that you will not be able to use certain facilities.

 

Personal data that we process

We only process the following data related to you:

 

Applicants

  • your surname, first names, initials, a possible title, gender, date of birth, address, zip code, place of residence, telephone number and other information that we require to communicate with you, such as your e-mail address;
  • data as referred to under the first bullet of your parents, guardians or carers in case you are a minor;
  • data on education, courses and internships you have followed and still to follow;
  • information about the position you are applying for;
  • information about the nature and content of your current job, and information about the termination of that current job;
  • information about the nature and content of the previous jobs you have had and the termination of those jobs;
  • other data related to fulfilling the position, which you have provided by means of a letter of application and/or CV or which are known to you;
  • other data required for the execution or application of the law.

 

The processing of the above data only takes place for one or more of the following purposes:

  • assessing your suitability for a position that is or may become available;
  • internal control and company security;
  • execution or application of the law.

 

 

Employees and temporary workers

We only process the following information related to you in the personnel administration:

  • your surname, first names, initials, a possible title, gender, date of birth, address, zip code, place of residence, telephone number and other information that we require to communicate with you, such as your e-mail address;
  • your bank account number;
  • a slip number that contains no information other than that referred to under the first bullet;
  • your nationality and place of birth;
  • data as referred to under the first bullet, from your parents, guardians or carers in case you are a minor;
  • a telephone number and name of a partner or family member to contact in case of an emergency;
  • data on education, courses and internships you have followed and still to follow;
  • information about your position or your former position and information about the nature, content and termination of your employment contract;
  • data related to administration of your presence at the place where the work is performed;
  • data related to administration of your absence in connection with leave, reduction of working hours, childbirth or illness, except for data concerning the nature of the illness;
  • data related to your work conditions that are stored for your interest;
  • data that is required for the agreed terms of employment. This may (insofar as relevant) include data about your family members and former family members;
  • data related to (organising) the personnel assessment and career guidance;
    • data required for the execution or application of the law;
  • permission for internal use of the passport photo earlier provided by you. Consent can be withdrawn at any time;
  • permission to give your address to colleagues for sending a card/gift. Consent can be withdrawn at any time.

 

The processing of the above data only takes place for one or more of the following purposes:

  • guidance of your work;
  • handling of personnel matters;
  • determining and (arranging) payment of your salary;
  • arranging entitlements to benefits in connection with the termination of your employment contract;
  • your education;
  • company’s medical care that applies to you;
  • corporate social work;
  • election of the members of a works council or staff representation;
  • internal control and company security;
  • implementation of an employment condition that applies to you;
  • compiling a list of dates of employees’ birthdays and other celebrations and events;
  • granting dismissal;
  • administration of the staff association and any association of former staff members;
  • collecting receivables. This also includes handing over a claim to, for example, a collection agency or a bailiff;
  • handling disputes and having an audit performed;
  • your transfer to temporary employment with another part of the group of companies, with which we are affiliated;
  • internal communication purposes;
  • the execution or application of any other law.

 

In the payroll administration, we only process the following information related to you:

  • your surname, first names, initials, a possible title, gender, date of birth, address, zip code, place of residence, telephone number and similar information required for communication, citizen service number (BSN) and your bank account number;
  • a slip number that does not contain any information other than that referred to in the previous bullet;
  • your nationality and place of birth;
  • data as referred to under the first bullet, from your parents, guardians or carers in case you are a minor;
  • data related to calculating, recording and paying your salary, allowances and other sums of money and non-cash rewards to you or on your behalf;
  • data related to calculating, recording and paying taxes and premiums on your behalf;
  • data related to an employment condition that applies to you. This may (insofar as relevant) also concern data relating to your family members and former family members;
  • data required for the execution or application of the law.

 

The processing of the above data only takes place for one or more of the following purposes:

  • calculating, recording and paying your salary, allowances and other sums of money and non-cash benefits to you or on your behalf;
  • calculating, recording and paying taxes and premiums on your behalf;
  • an employment condition that applies to you;
  • the personnel administration;
  • arranging entitlements to benefits in connection with the termination of your employment contract;
  • your transfer to a temporary employment with another part of the group of companies, with which we are affiliated in a group;
  • granting dismissal;
  • collecting claims, including placing claims in the hands of third parties;
  • handling disputes and having an audit carried out;
  • the execution or application of any other law.

 

Transfer of your personal data

Generally, we solely use your personal data for the company’s internal purposes (our business operations) in the context of the application process and the (execution of) the employment contract. We only use this data for the purposes for which we obtained this data. In some cases, it may be required to transfer your data to others, such as to a third party that processes data on our behalf. A few examples:

  • salary processing: data is provided to our salary processor;
  • illness and reintegration: data is provided to the Occupational Health and Safety Service and/or Institute for Employee Benefit Schemes (UWV);
  • insurance: data is provided to the insurance companies (e.g. pension, the Work and Income according to Labour Capacity Act (WIA), health insurance, accident insurance);
  • training courses: data is provided to training institutes to register training courses, seminars, etc.
  • lease cars: data is provided to the lease companies.

 

We provide processing agreements with parties that process personal data on our behalf (the so-called ‘processors’) to establish that they too properly secure the data provided by us, they are required to report to us any suspected or actual data breaches.

Provision of information outside the EU: personal data could be provided outside the EU to the Hallmark headquarters in Kansas City, USA; that concerns only the data required for the execution of the contracted work.

 

Storing your personal data

When storing personal data, our standpoint is that we do not keep data longer than is necessary for the purpose for which we have processed it. We follow as far as possible legal retention periods. We may retain the data for a more extended period only if we have a legitimate interest in doing so (for example, in case of the ongoing or expected legal proceedings when we must defend ourselves).

 

Securing your personal data

We have well-organised the security of your personal data through physical, administrative, organisational and technical measures. We, therefore, have an appropriate level of protection. When necessary, we periodically adjust the measures and levels of data protection. Hallmark IT security policies must be strictly adhered to by all employees and involved third parties.

In addition to securing the systems, we want to restrict access to your data within Hallmark. Therefore, only a selected group of employees who require access to the data to perform their work, have access to the personal data storing systems.

 

Confidentiality

We assume that your data is always confidential by nature. Every Hallmark employee is therefore bound to confidentiality. The same applies to third parties hired or otherwise engaged by Hallmark to perform work. For example, individuals performing technical work on our systems are too bound to confidentiality. In short, everyone who has access to your data is bound to confidentiality.

 

Your rights

Under  GDPR, you have the right to ask us the following concerning the personal data that we process in relation to you:

  • access to your data, such as your personnel file (except for any personal notes from your supervisor(s) and others);
  • a copy of your data (except for personal notes from your supervisor(s) or others within our organisation);
  • receive information about the processing of your data (this privacy statement also serves this purpose, but you may still have questions that are not referred to here);
  • have the information corrected that is factually incorrect (please note: you cannot have a performance or assessment report corrected if you disagree with such. You can draw a statement that will be added to your personnel file);
  • complete incomplete information for the purpose that requires data processing;
  • in some cases, to have your data removed (please note: we do not have to comply with the request in case we have a legitimate interest in storing your data (longer), in case the data is required for the execution of your employment contract or to comply with legal obligations or based on another ground specified by law;
  • in some cases to ‘limit’ the data related to you (please note: we aim to collect as little data as possible (data minimisation);
  • in some cases to object to your data being used;
  • to withdraw previously granted permission to use your data (such as permission to post your photo on a who’s who page or on our website). The withdrawal then applies to the future use of your data;
  • to receive your data in a common digital format and, if technically possible, to have this data transferred to another party in the following cases: you have provided the data yourself, or you have created the data (for example, when using our HR system) and given your permission for its processing or the data is required for the execution of the agreement; furthermore, in case the data is being processed digitally;
  • to submit a complaint to the competent organisation that monitors compliance with the privacy legislation in the Netherlands. In the Netherlands, this is the Dutch Data Protection Authority (AP), Bezuidenhoutseweg 30, 2594 AV, The Hague, tel. 0900-2001201. In such a case, we would highly appreciate it if you contact us first to give us a chance to resolve your complaint.

 

 

 

 

Contact

Hallmark Cards Nederland B.V.
Rietbaan 48
2908 LP Capelle a/d Ijssel
careers@hallmark.com