Through this privacy statement, MarshBerry International Coöperatief U.A. (hereinafter: “MBI” or “we/our”) wishes to inform the person of whom it collects, uses and stores (processes) personal data. These persons include people who apply for a job at MBI, business contacts, vendors, persons working for prospective target companies, our clients and their representatives, employees and/or shareholders, as applicable. MBI shall qualify as a data controller for such processing activities. In this statement, we use the word “you” to refer to anyone within the scope of this statement.
Personal Data – how we collect it
Personal data is any information relating to an identified or identifiable natural person, such as you. We use personal data on a day-to-day basis to run our business, provide our services, enter into a contract, and to protect our interests.
We collect personal data when you provide it to us, or when we collect it from you, for instance in the course of your dealings with us, because you use certain services or because your information is included in our, our customers’ or our vendors’ invoices, contracts, business documentation, files or systems. We may also receive it from talent agencies or recruitment agencies, in the context of recruitment.
Depending on the processing activity, the information we process in relation to you may consist of:
- In relation to job applicants: resumé, motivation letter, background check, references, public internet profile
- First and last name;
- Job title, function within a company or group of companies and any information relating to you in public registers;
- Phone number;
- E-mail address;
- Your communication preferences;
- Data regarding your equipment, such as an IP address;
- Information regarding your employer, employment or client.
- Other information relevant for the particular service you engage us for, or for the purpose of your contact with us.
It is mandatory to provide certain personal data for us to be able to provide you with our services, as applicable. If you do not provide the personal data which is marked as mandatory from time to time, we may not be able to provide you with our services, for instance if you refuse to provide information that we need for mandatory checks.
Personal data – who has access to it
Access to personal data relating to you is limited. It is MBI’s policy that persons within the organization should only have access to personal data on a need-to-know basis.
In some cases we share personal data with third parties. MBI may share your personal data with:
- Internal departments that are involved in handling a transaction to which you are – directly or indirectly – a party, such as Finance, Sales, Marketing, Operations;
- Customers, suppliers or service providers of MBI, acting as data processor or data controller, such as hosting providers, IT service providers (supporting our website or content generation), and external advisors, accountants and lawyers;
- Supervisory authorities and other governmental bodies, to comply with legal obligations;
- Third parties involved in a transaction (such as a mergers or acquisitions) pursuant to which (a part of) our business is sold or transferred.
We will only transfer your personal data to the above mentioned third parties for the purposes stated in this privacy statement, and only to the extent that is permitted under the applicable data protection law, or if you have consented thereto.
Third parties to whom we transfer your personal data are themselves responsible for compliance with data protection law, unless they act as our data processor. We are neither responsible nor liable for the processing of your personal data by third parties if they act as an independent data controller.
International transfers of personal data
In connection with our business and for administrative, management and legal purposes, when processing data in line with this statement we may transfer your personal data to a recipient who is outside the EEA (including to the United States), such as in the case of documents archiving. If we transfer personal information outside the EEA, for instance to our parent Marsh, Berry and Company, Inc., we will put in place appropriate safeguards in accordance with our legal obligations to ensure that your personal data is adequately protected irrespective of the country to which it is transferred. These safeguards may include obtaining contractual assurances from any third party given access to your personal data that your personal data will be protected by standards which are equivalent to those that protect your personal data when it is in the EEA.
If you would like to know more about the safeguards implemented to protect personal data when it is transferred outside the EEA, please contact Olaf Werkhorst at email: firstname.lastname@example.org.
Legal ground for processing
Under data protection laws, we are allowed to process personal data only if we can rely on one or more of the legal grounds for processing. The legal grounds we are most likely to rely on for processing personal data in relation to you are:
- Consent – In some situations we may rely on your consent.
- Contract – The processing is necessary for performance of a contract with you/your company or to take steps at your request to enter a contract. This covers carrying out our contractual duties and exercising our contractual rights.
- Legal obligation – The processing is necessary to comply with our legal obligations, such as mandatory screening and monitoring in the context of anti-corruption laws and regulations, and ensuring we perform our other legal and regulatory obligations. For example, to comply with our social insurances and tax-related obligations.
- Public interest – The processing is necessary for the performance of a task carried out in the public interest.
- Legitimate interests – The processing is necessary for our or a third party’s legitimate interests. We as a service provider, or a third party, have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. These interests also include IT security, the monitoring of transactions and marketing. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms. You may ask us to explain how we make this assessment by contacting us.
- Vital interests – Where processing is needed to protect your vital interests (or someone else’s interests) and you are not capable of giving your consent. This is only likely to apply in very exceptional circumstances such as in a medical emergency.
Purposes and legal ground for the processing of personal data
MBI processes your personal data for certain purposes, described below. As explained above, processing in this context might include transfers to third parties and/or outside of the EEA. We have tried to make this as comprehensive as possible but it is not possible to identify all information processed and this is not a definitive list. From time to time, the Company may publish specific notices setting out details regarding particular processes or programs being adopted by us.
|Establishing and maintaining a customer or vendor relationship with you or the organisation you represent.||Contract|
|Researching another company or business as part of an agreement with our customer, which may involve the processing of personal data relating to persons working for that company or business, or otherwise involved in its activities.||Legitimate interests|
|Recruitment, handling of job applications received via our website or otherwise, including any background screening relating thereto, as indicated.||Legitimate interests|
|Contract record keeping – Name, title, contact address, phone numbers, personal email address, date of birth, workplace location, gender, national insurance number, start date, emergency contact information and information on your next of kin.||Contract|
|Ensuring physical and system and IT security, including information gathered through the use of swipe and similar entry cards and sound and image data such as CCTV or photographs.||Legitimate interests|
|The handling, management and invoicing of orders.||Contract|
|Corporate transactions/due diligence – in the course of a potential merger or takeover, your personal data may be provided to a potential buyer or investor.||Legitimate interests|
|Dispute resolution, defence of legal claims, compliance.||Legal obligation|
|Compliance, fraud detection and prevention, background checks||Legal obligation|
We are not engaged in any automated decision making without human intervention, which affects data subjects.
You, as a data subject, have the following rights:
- Right of access, this means you can make a request to obtain access to the personal data concerning you;
- The right to rectification or correction of your personal data;
- The right to erasure of the personal data concerning you;
- The right to restriction of the processing;
- The right to data portability, this means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit those data to another controller;
- The right to object to certain types of processing;
- The right to lodge a complaint with a supervisory authority;
- The right to withdraw your consent.
The above stated rights (with the exception of the right to lodge a complaint) can be exercised by submitting a request to us via the contact details included in this statement, and only to the extent that you enjoy such rights under applicable law.
We will not store your personal data longer than necessary to achieve the purposes stated in this privacy statement, unless we are required by law or regulations to do so. Please note that we are legally required to keep most of the personal data we hold about you (whether directly or indirectly) for a period of 7 years after the information has lost its relevance, for tax and corporate law purposes. Further to above mentioned, we will generally keep personal data collected for recruitment purposes for a period of 4 weeks following the end of the relevant process, or – if you have consented thereto – for a period of 1 year.
Changes to this privacy statement
We reserve the right to unilaterally change or update this privacy statement. You will be notified of any changes, if we are obliged to do so.
If you have any questions or comments about this privacy statement and/or the processing of personal data, please contact Olaf Werkhorst at email: email@example.com.