Valid from 25 May 2018
We appreciate the trust you have shown by sharing your personal data with us. Itzu Tri Team takes your personal privacy seriously and strives to treat your personal data in a fair and trustworthy manner. We will take all possible and reasonable steps to protect your data from misuse and keep it safe. It is important to us to inform you about how we will collect and process your personal data.
With regard to what happens to their data, we wish to keep users (organisations and individuals) of our websites informed, comply with their wishes and give them control in as far as this is possible. Our guiding principle is that everyone should have control over their personal data and everyone has the right not to share a part of it with us.
Itzu Tri Team is convinced that the personal privacy of all of its relations (customers, prospects, suppliers, participants, candidates, individuals, etc.) is of fundamental importance. Your personal data will therefore be treated and secured with the utmost care and in accordance with the requirements of the applicable legislation on the protection of personal data (GDPR).
- Application scope
- Who we are
- What personal data do we collect?
- How do we collect personal data?
- What do we do with your personal data?
- How do we share your personal data?
- Transferring data to other countries
- Protection and retention period
- Right of access and rectification
- Deleting your account
- Other websites
- Policy changes
- Contact and questions
The ITZU services group includes the following companies: Itzu Jobs, Itzu Cleaning, Itzu Facility, Itzu Home and Ucare.
ITZU and its subsidiaries provide the following services to their customers (organizations or individuals):
Itzu Jobs: temporary work and recruitment & selection.
Itzu Cleaning: general and industrial cleaning.
Itzu Facility: facility services.
Itzu Home: home help within the legal framework of service vouchers.
- organising outplacement, inplacement or internal mobility projects.
- organising career coaching and careers advice processes.
- organising of education, training and coaching projects.
- organising assessment & development centres.
- organising recruitment and selection projects.
- organising HR-development, HR-talent and HR-change projects.
To plan its services, ITZU uses different tools, techniques, methodologies, tests, etc. These tools can be very diverse and offered in different ways. As a result, it is sometimes possible that you need to fill in and/or leave certain personal data in order to be able to use these tools. Some possible examples are:
- an online request/application form
- scheduling program with SMS module so you can always be notified of information you are interested in
- an online and digital e-coaching platform used during outplacment, training, coaching, career guidance.
- a registration platform for recruitment & selection.
- online testing during attendance at assessment and development centres.
- apps, websites, social media, videos, photos, etc.
- Other tools or techniques that may be used in the execution of our services
A customer is anyone that uses one or more ITZU Services. Our customers are, however, very diverse in origin. In our terminology we distinguish between:
Clients: these are companies or organisations (private, public, social profit, etc.) that use our ITZU services.
Participants: these are natural persons and individuals that use one of the following services: outplacement, career guidance, training, coaching, education, assessment & development centre.
Candidates: these are natural persons and individuals that use one of the following services, recruitment, selection, talent matching. A relation is someone that is bound to Itzu Home by an agreement; this could be a supply agreement.
Individuals: these are natural persons that use our home help services through service vouchers.
A relation is anyone that is not yet a customer of our organisation. This is a very diverse group of organisations or individuals that have a relationship with ITZU for various reasons or purposes. Possible Ucare relations are: - subcontractors - suppliers of software, tools, technologies, etc. - business or commercial relations - prospects - etc.
An employee is a person who is bound to ITZU by an employment agreement (with service vouchers).
Any data that identify a natural person or by which he/she can be identified and as described below under "What personal data do we collect?”
WHO WE ARE
ITZU, headquartered in Ilgatlaan 15/01 B-3500 Hasselt, is responsible for processing the personal data it collects within the meaning of legislation in force on personal data protection (GDPR). See also www.itzu.eu.
WHAT PERSONAL DATA DO WE COLLECT?
We only collect and process Personal Data that is necessary for the professional and qualitative provision of our “ITZU Services”. Some of the data collected and processed for certain specific "ITZU services" is also required to be able to use these "ITZU services”.
Additional information may always be desirable for our "ITZU services" to be more in line with your wishes and expectations or to respond to more specific questions or obligations from our Customers/Employees.
You are always responsible for the accuracy and relevance of the data provided to ITZU.
On registration and during the execution of our "ITZU services", we collect and process the following information from you:
o last name and first name,
o an address,
o a telephone number
o an email address
o any other contact information that will enable us to keep in contact easily
o date of birth,
o a curriculum vitae (CV),
o recent positions,
o present and previous employers,
o information relating to education, experience, language skills, competencies, etc.
o information on employment objectives, salary expectations, interests, motivations, etc.
o your social media profile(s) and relevant profiles from your network
o results of certain tests and/or tools that you have completed with us
o data over availability and leave, etc.
o other information that might be of interest in the context of assessing your suitability, e.g. references, etc.
o passport photo and/or video
o information on your customer satisfaction or other feedback regarding our "ITZU services”.
o your participation in certain ITZU or ITZU Tri Team events or receipt of information (newsletters, seminars, breakfast sessions, etc.)
ITZU exceptionally and exclusively keeps additional and special personal data when it is necessary to comply with its legal obligations and to the extent that it has been expressly authorised by interested parties. ‘Additional and special personal data’ means information on race, religion or belief, political affiliation, health, sexual life, trade union membership, criminal-law personal data and/or personal data relating to unlawful or disruptive behaviour.
For the purpose of performing its "ITZU services", ITZU has various online tools and applications. When creating an account or leaving Personal Data for the use of these applications and/or tools, we always ask for a unique username and password. You can then use this login information to access your account and our tools and applications.
When creating and using this account, you agree to protect the confidentiality of your username and password to a maximum degree. If you do not keep them confidential, you are solely responsible for possible misuse, theft, alteration, unjustified disclosure or other loss related to your personal information.
In a continuous effort to improve our quality and service for users of the "ITZU services", ITZU regularly conducts research on the demographic data, results and behaviour of its users based on the personal data and other information provided to ITZU. These analysis results on results and/or assessments of the user may be collected and analysed on a combined basis. This combined information never identifies you personally. ITZU may also disclose aggregated user statistics to demonstrate its "ITZU services" to current and future business partners, and also to other third parties for legal purposes.
WHEN DO WE COLLECT PERSONAL DATA?
Clients: If a client requests us to organise an "ITZU service", we collect Personal Data about the client.
Participants: If a client requests us to organise an "ITZU service" for designated natural persons or individuals, we collect Personal Data about these participants. If a natural person or individual wishes to take part in an ITZU service on its own initiative, we collect Personal Data about these participants.
Candidates: If a natural person or individual submits his/her candidacy for an ITZU service, we collect Personal Data.
We collect Personal Data on all of our Relations that do not fall under the term Customer.
We also collect your Personal Data from the moment you leave your details on our ITZU websites, ITZU Tools, ITZU tests, etc. or sign up with an account to use one of our ITZU applications or tools.
WHY DO WE COLLECT PERSONAL DATA?
We collect and process your Personal Data in order to be able to provide an optimal offer of our ITZU services to our customers along with quality performance. In particular, your Personal Data are collected and processed:
1. to be able to organize and have our ITZU services performed and also to determine which additional ITZU or ITZU Tri Team Services could provide added value for you.
2. to be able to provide you with information and to make proposals about the ITZU service(s) that apply to you and to better tailor them to your wishes and qualities. This information can be delivered to you via our ITZU employees and/or can be partially digital or automated.
3. to get an idea of your professional competencies, talents, expectations and demands and to assess any suitability and availability in relation to your current or future professional challenges. To achieve this we also make use of test results, questionnaires, advice, face-to-face conversations, reference checks, e-mail exchanges and other channels, etc.
4. to support and advise a client through the ITZU services for outplacement, inplacement, career coaching, assessment & development centre, recruitment & selection services and this with regard to its previous, current or potential future employee(s).
5. to be able to set out a project with a Client in a cooperation agreement and to be able to provide quality management and execution of this cooperation agreement.
6. to contact you via employees and/or digital channels for commercial offers, newsletters and promotional actions that may be of interest to you.
7. for own business and management purposes including internal controls and aspects of industrial safety and the conducting of audits.
8. for quality purposes such as the obtaining of statutory certifications, quality labels, accreditations, mandates, etc.
9. to improve the content and permanent quality of ITZU Services and to better understand and support users.
10. for mandatory reporting within the framework of certain legal expectations and/or requirements
HOW DO WE COLLECT YOUR DATA?
ITZU and the ITZU Tri Team may receive and collect all your Personal Data or other information both digitally and through interactions with its employees. Additionally, ITZU may incorporate all personal data and other information from or about you in its databases.
The Personal Data collected about you are housed in our own databases and can be stored on servers owned by ITZU or on servers hosted elsewhere.
ITZU employees are allowed to access your account online, they can determine needs and/or action points, share test results with you, request and provide feedback, and if you are looking for work, they can post jobs to your account.
In order to ensure the permanent accuracy and security of your personal data and other registered information, ITZU may ask you to verify your personal information and other information in your account, and to confirm or modify this information.
ITZU takes all possible appropriate measures to protect the Personal Data and other information provided through the ITZU Services and ITZU Tools against loss, misuse and unauthorized access, disclosure, alteration or destruction.
No contact name provided via internet or email is always completely safe or error-free. In particular, email or other methods used to send information to or from the "ITZU services" may not be secure. Accordingly, you should always be very proactive and careful about what data you send to ITZU via email or through any other method.
WITH WHOM CAN WE SHARE YOUR PERSONAL DATA?
ITZU is always entitled to provide your personal data to:
-its employees who, on behalf of ITZU, provide the ITZU Services or carry out assignments
-its suppliers and this within the framework of certain online tests and other ITZU Tools
-public authorities within the framework of legal obligations-business partners within the framework of quality monitoring, quality improvement, marketing actions, etc.
-and in all other cases where we may be obliged to do so, for example following a court order or a court ruling.
The provision of Personal Data is always made on the basis of a legitimate interest, a legal obligation and/or for the implementation of the agreement in accordance with the objectives set out in "Why do we collect your Personal Data? "
ITZU has taken the necessary measures to ensure that Personal Data transmitted are adequately protected against loss or wrongful processing.
ITZU may, as part of its development process, sell certain activities, assets and "ITZU services". In the case of a sale, merger, reorganisation, dissolution or similar event, Personal Data and other information may always be part of the transferred assets.
FOR HOW LONG DO WE STORE YOUR DATA?
The retention periods of the Personal Data we process are always subject to the applicable statutory retention periods.
For outplacement and career guidance, we are required, due to legal obligations, to keep your Personal Data for 5 years from the start of the project.
For recruitment and selection, we keep your Personal Data for up to two years after the last contact.
If you no longer wish to use our ITZU services and, if unsubscribing is legally an option, you can unsubscribe from ITZU.
WHAT ABOUT TECHNICAL INFORMATION AND COOKIES?
Our websites automatically collect certain information about the users and visitors of the websites, such as the Internet Protocol (IP) address of your computer, the IP address of your Internet Service Provider, the date and time of access to the website, the Internet address of the website from which you are linked to our websites, the operating system you use, the parts of the website you are visiting, the pages of the website you are visiting and the information you are viewing, information about the type device you use for visiting our websites, your geographic location and the material you send or download from the websites. This technical information is used to manage and improve the websites. These technical data can and may be transmitted to third parties and may be stored permanently for future use.
You are always entitled to access and/or modify your personal data.
For Participants, Candidates and Clients
We will take acceptable measures to update and/or improve your Personal Data in our possession that you have provided to us at a previous stage for the purpose of providing you with an ITZU service(s). If you have your own account with a login, you will always have access to a large part of your registered Personal Data. You can change some of this information yourself at any time. If you wish to have access to all of your personal total data processing and/or to modify or delete data that you cannot modify through your account, please contact ITZU.
You are entitled to access and modify the Personal Data that you have registered. You can always contact ITZU for this purpose.
ITZU and ITZU Tri Team are committed to protecting your personal data from loss or unlawful use. We achieve this using physical, administrative, organisational and technical measures.
Only authorised employees have access to data. If and to the extent that data are provided to data processing workers who provide Itzu Home services or carry out assignments on our behalf, Itzu has agreed with them that they should also protect personal data in the best possible way.
ITZU appreciates the confidence that our Customers/Employees have in us as data managers. We take our responsibility to protect and secure your information seriously and strive for fully transparent security procedures. These are set out below.
Physical security and compliance
The information systems and technical infrastructure of ITZU and ITZU Tri Team are hosted by leading, licensed SOC 2 data centres. Some physical security measures that we take in our data centres include day and night surveillance, cameras, logs for visitors, limited accessibility and special demarcated spaces for ITZU hardware.
Access to the technology resources of ITZU is only possible via a secure connection (e.g. VPN, SSH). In this regard, two-step verification is a requirement. Our policy is that passwords must be complex, have an expiration date and be blockable. These passwords must not be reused. ITZU has a system of individual access, checks authorisations every quarter and terminates access within 24 hours after an employee's employment is ended.
ITZU and ITZU Tri Team maintains, monitors and revises its data security policy on an annual basis. Employees need to confirm the policy every year and follow additional training, including HIPAA training, safe programming, PCI, function-specific development of security and skills, and/or training in privacy laws for those in important positions. The training schedule must comply with all of the guidelines and rules applicable to ITZU.
ITZU conducts background checks when new employees are hired (to the extent permitted by applicable law). In addition, ITZU informs all employees about its data security policy, requires new employees to sign confidentiality statements, and provides ongoing privacy and security training.
Dedicated Security Personnel
ITZU also has a dedicated trust and security team that deals with the security of applications, networks and systems. This team is also responsible for compliance with security policies, training and the handling of incidents.
Management of vulnerabilities and penetration tests
ITZU works with a documented vulnerability management program. This program scans, identifies and resolves vulnerabilities in the security of servers, workstations, network devices, and applications. All networks, including the testing and production facilities, are regularly scanned by trusted third-party service providers. High priority is given to providing servers with critical patches. Other patches are applied when needed. We also perform regular internal and external penetration tests and solve problems based on the severity of the results.
We encrypt the data we send with our secure cryptographic TLS protocols. The data of ITZU and ITZU Tri Team are also protected for as long as they are stored.
Logs and audits
In application and infrastructure systems, information is maintained through a centrally managed log. Authorized ITZU employees resolve problems, monitor security, and perform analyses. The logs are maintained on the basis of legal guidelines. If there are security incidents that affect customer accounts, we provide customer assistance and access to our logs in as far as this is reasonably possible.
Management of Resources
ITZU has a policy for managing its resources. This policy defines how resources must be identified, classified, stored, and deleted. The company's devices are equipped with full hard drive encryption and have up-to-date antivirus software. Only devices provided by the company have access to company and production networks.
Security Incident Management
ITZU and ITZU Tri Team have policies and procedures for dealing with security incidents. It lays down initial responses, research, notifications to customers (with minimum applicable legislation being adhered to), public notices and remedial measures. This policy is evaluated on a regular basis and tested twice a year.
Notification of breaches
Despite all efforts, no method of transmission via the internet and no method of electronic storage is completely safe. We cannot guarantee absolute safety. However, if ITZU or ITZU Tri Team become aware of a security breach, we inform affected users so that they can take appropriate protective measures. Our procedures for informing users of breaches follow the guidelines set out in applicable national, state and federal laws and regulations, as well as any industry rules or standards that apply to us. We do everything we can to keep our customers fully informed about issues that affect the security of their account. Furthermore, we are committed to providing customers and relations with all the information they need to comply with their own statutory reporting obligations.
Information security and management of business continuity
Full and partial backups are made on a rotational basis of the ITZU and ITZU Tri Team databases, which are regularly verified. Backups are encrypted and stored in the production environment, keeping them confidential and maintaining their integrity. We check regularly whether backups are available.
CONTACT, QUESTIONS, COMPLAINTS, SUSPECTED DATA LEAKS
If you have any questions, comments or complaints about the protection of your personal data by ITZU or ITZU Tri Team, please contact us in writing or by email.
This version was drawn up in 2018.