Privacyverklaring EMEA
We are People 2.0 Holding Netherlands BV (People2.0). This Privacy Notice provides information about the personal data we collect from you as a client representative, an employee or employee applicant, what we use that personal data for, and to whom we disclose it.
For purposes of this notice:
- The words “our,” “us,” “we,” and “People2.0” refer to People2.0, our subsidiaries and other affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
- The term “employee” or ‘’you’’ refers to all employees, workers, directors, officers and Board members of People2.0. For the purposes of this Privacy Notice, it also refers to other consultants and individual contractors engaged by People2.0, even though they are not otherwise employees. ‘You’ may also refer to personal data you supply as an independent contractor in business of your own
- The term “employee applicant” will refer to individuals who have submitted information, or have had information submitted, to 0 (such as a resume or job application) in order to apply to be a People2.0 employee or worker;
- The term “personal data” means all information relating to an identified or identifiable person, for instance any information which relates to an identifiable, living individual and references one or more factors specific to their physical, physiological, mental, economic, cultural or social
- The term “sensitive personal data” means personal data about physical or mental health, racial or ethnic origin, political or religious views or activities, trade union membership, sexual orientation or intimate sphere, social security measures, in some countries genetic data and biometric information, the commission or alleged commission of crime or related proceedings and sanctions, administrative proceedings and sanctions, personal data of children, and, in some countries, financial information. Sensitive personal data is usually subject to even stricter controls and protections.
Quickly go to
Compliance with Local Laws. 2
Who Is Controller of the Data Processing?. 2
What Personal Data Do We Collect and How Do We Collect It?. 3
What Do We Use the Personal Data For?. 4
Legal Basis for Processing Personal Data (EEA Employees Only). 5
Monitoring. 6
With Whom Do We Share Your Data?. 7
International Operations and Transfers Out of Your Home Jurisdiction. 7
How Do You Update Your Personal Data?. 8
How Can You Request Access to Your Personal Data?. 8
What Other Rights Do You have Over Your Personal Data?. 8
What data protection rights can you assert as a data subject?. 8
Where can you report a complaint?. 8
How Long Do We Retain Your Personal Data?. 9
Revisions to This Privacy Notice. 9
Compliance with Local Laws
This Privacy Notice is a general guide to how People2.0 treats employee and employee applicant personal data. You should be aware that data privacy laws can vary in different jurisdictions where People2.0 operates and has employees. People2.0’s policy is to comply with local laws, including requirements in certain countries that People2.0 notify its employees in that country of its personal data practices, and in some cases, obtain consent to those practices.
Where local laws are stricter than the policies described in this notice, People2.0 has adopted specific privacy practices in those locations to satisfy those stricter requirements. Where local laws are less strict than this policy, the protections described in this notice will apply.
Who Is Controller of the Data Processing?
Individual processing activities are performed internally by your employer. The controller for these internal data processing activities within the meaning of the GDPR* is solely your respective employer. Your employer could be:
- Belgium 0 Belgium BB, Antwerp Bus Hse, Bredestraat 4, Antwerp 2000
- Denmark 0 Denmark APS, c/o Automatikvej 1, 2860 Søborg
- Finland 0 Finland Oy, C/O Azets Elielinaukio 5 B, 00100 Helsinki
- Germany 0 Germany GmbH, Zimmerstr. 19, 10969 Berlin
- Ireland Capital GES Limited, Ten Earlsfort Terrace Dublin 2 IE D02 T380
- Norway TCP Norway AS, c/o Azets Insights AS, Drammensveien 151, 0277 Oslo
- Netherlands People 0 Netherlands B.V, Donauweg 10, 1043 AJ Amsterdam, or its Dutch affiliate
- Sweden 0 Sweden, Revisorerna SYD, Storgatan 22 A, SE-211 42 Malmo
- Switzerland Capital GES SA, Av des Champs-Montants 12b, 2074 Marin-Epagnier
- UK 0 UK Limited 60 Gainsford Street, London, SE1 2NY (hereinafter: “Employer”; together with P2.0 Global, “People2.0”, “we” or “us”).
Due to the structure of our group of companies, some corporate functions involving the processing of employee personal data are performed centrally by the head office for the employing company and the other affiliated companies. The controller for these centralized data processing activities in the sense of the GDPR* is solely:
People2.0 Global LLC, 222 Valley Creek Blvd #100, Exton, PA 19341 USA
(hereinafter “P2.0 Global”).
What Personal Data Do We Collect and How Do We Collect It?
People2.0 collects and stores different types of personal data about employees and employee applicants such as:
- Identification data – such as your name, gender, photograph, date of birth, employee identification number,
- Contact details – such as home address, telephone, email addresses, and emergency contact
- Employment details – such as job title/position, office location, hire dates, employment contracts, compensation, performance and disciplinary records, grievance procedures, sickness and holiday
- Educational and professional background – such as academic/professional qualifications, education, CV/résumé, reference letters and interview notes, criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
- National identifiers – such as national ID/passport, immigration status and documentation, visas, social security numbers (US only), national insurance
- Spouse, beneficiary & dependents information, marital
- Financial information – such as banking details, tax information, payroll information, withholdings, salary, benefits, expenses, company allowances, stock and equity
- IT information – information required to provide access to 0’s IT systems and networks such as IP addresses, log files, login information, software/hardware inventories. For further information about how we process IT information, see our “Monitoring” section below.
- Health information – such as information about short- or long-term disabilities or illnesses that you might share with your HRBP or manager, particularly in relation to any leave of absence you may need to
- Other information you choose to share with us – g. hobbies, social preferences, etc.
We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, religious affiliation, union membership, sexual orientation, and disability to help us understand the diversity of our workforce. This information, when collected, is generally done so on a voluntary consensual basis, and employee and employee applicants are not required to provide this information, unless it is necessary for us to collect such information to comply with our legal obligations.
Most often, the personal data we collect from employees and employee applicants is collected from them directly. In some cases, we may collect personal data about employees and employee applicants from third parties, for example, identification and contact details when that data was passed to us by a third party such as a recruitment or staffing agency or the client for whom the employee will be providing services in order to contact you, or carry out checks that are necessary for the role to be performed by the employee. In most circumstances, your permission will be given before we collect personal data about you from a third party.
If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it.
What Do We Use the Personal Data For?
People2.0 uses and discloses the personal data that we collect primarily for the purposes of managing our employment relationship with you, complying with regulatory requirements, along with other business purposes.
Sole responsibility of the Employer:
The Employer processes your personal data for the following purposes:
- Entering into a contract of employment or contract of services with you, personnel planning and personnel management (including transfer and promotion, accounting and payment of your remuneration and compensation, organization of your (official) travel and reimbursement of your (travel) expenses and other company-related expenses, management of your sick leave and vacation, management of employee contributions and social security contributions, implementation of employment contracts (time recording, measurement, evaluation and remuneration of work performance, company care and prevention management, organization and implementation of (employee) events.
- health and safety at work (including contacting your relatives in case of emergency, checking workplaces or work sites regarding health and safety at work to meet health requirements).
P2.0 Global processes your personal data for the following purposes:
- determining eligibility for hiring, including the verification of references and qualifications and, where permitted by law, administering background checks;
- administering payroll and benefits as well as processing employee work-related claims (e.g., worker compensation, insurance claims, etc.) and leave of absence requests;
- establishing training and/or development requirements;
- reviewing work performance and determining performance requirements;
- disciplinary actions or termination;
- establishing emergency contacts and responding to emergencies;
- complying with laws and regulations (e.g. labor and employment laws, health and safety, tax, anti-discrimination laws), under judicial authorization, or to exercise or defend legal rights;
- compiling internal directories, such as employee directories;
- to detect fraud or other types of wrongdoing;
- IT security and administration; and
- for other legitimate purposes reasonably required for day-to-day operations, such as accounting, financial reporting and business planning.
We may also use your personal data for other lawful purposes which we will tell you about, and provided that we get your consent to that use, if required by law to do so.
Legal Basis for Processing Personal Data (EEA Employees Only)
If you are an employee in the European Economic Area (EEA), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. We process your personal data based on the provisions of the GDPR and all other relevant national laws.
Primarily, the data processing serves the purpose of establishing, performing and terminating the employment relationship. The legal basis for this is Art. 6 (1) b GDPR in conjunction with the relevant national laws.
We also process your data in order to be able to fulfill our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Art. 6 (1) c GDPR in conjunction with the relevant national laws.
Furthermore, we process your data in order to protect legitimate interests of us or of third parties (e.g. authorities). Such a legitimate interest exists, in particular if the processing of your data is necessary for the investigation of criminal or administrative offences, for an intra-group data exchange for administrative purposes or, in the case of centralized corporate functions, or for the maintenance of operational safety and order, the prevention of legal violations or law enforcement (legal basis Art. 6 (1) f GDPR).
As far as special categories of personal data are processed according to Art. 9 (1) GDPR, this serves the exercise of rights or the fulfillment of legal obligations arising from labor law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance company). This is done on the basis of Art. 9 (2) b GDPR in conjunction with the relevant national laws. In addition, the processing of health data may be necessary for the assessment of your ability to work pursuant to Art. 9 (2) h GDPR. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 (2) a GDPR. If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). In the context of your employment, you must provide the personal data that is required for the establishment, performance and termination of the employment relationship and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will not be able to perform the employment contract with you.
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in the “Questions?” section below.
Monitoring
Subject to local laws, People2.0 physically and electronically monitors its offices, and use of our IT and communications systems, for specific purposes. For example, we may monitor employees’ activity and presence in our offices with badge readers, sign-in sheets, and surveillance cameras. We generally do these things to prevent unauthorized access to our offices, to data, and to protect employees, authorized visitors, and our property.
People2.0 may also monitor or record activity on our IT and communications systems and network, such as internet traffic, website filtering, email communications or systems accessed.
Where permitted by law, we may also carry out monitoring for other purposes such as:
- Proof of business transactions and archiving;
- Training and evaluation of employees;
- Protection of confidential information, intellectual property and other business interests;
- To investigate breaches of 0 policies and procedures, or other unlawful or improper acts;
- For compliance with a legal obligations;
- Other legitimate purposes as permitted by applicable
In the process of monitoring People2.0’s offices, systems, network and work-related activities, we may come across employees’ or employee applicants’ personal data. Monitoring will be done in a manner that is proportionate and only as required or permitted by applicable law. People2.0 will always strive to respect employees’ reasonable privacy expectations. All People2.0 employee work products as well as tools used to generate that work product, wherever stored, belongs to People2.0 and we may review and monitor them for the purposes described above.
With Whom Do We Share Your Data?
We take care to allow your personal data to be accessed only by those who really need to in order to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it.
We may share your personal data with other employees, other People2.0 group companies, contractors, consultants and service providers who require the data to assist People2.0 to establish, manage or terminate your employment with People2.0, including parties that provide products or services to us or on our behalf and parties that collaborate with us to provide services to you. For example, we engage third parties such as employee benefit plan providers, payroll support services and employee travel management services. In some cases, these parties may also provide certain IT and data processing services to us so that we can operate our business. When we share personal data with these parties, we typically require that they use or disclose that personal data only as instructed by People2.0 and in a manner consistent with this Privacy Notice. We also enter into contracts with these parties to make sure they respect the confidentiality of your personal data and have appropriate data security measures in place.
If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal data we gather from you may be transferred in connection with such an event. Any acquirer or successor of People2.0 may continue to use the data as described in this notice provided that the acquirer or successor is bound by appropriate agreements or obligations and may only use or disclose your personal data in a manner consistent with the use and disclosure provisions of this notice, or unless you consent otherwise.
We may also disclose your personal data to a third party under the following circumstances:
- if we in good faith believe we are compelled by any applicable law, regulation, legal process or government authority;
- where necessary to exercise, establish or defend legal rights, including to enforce our agreements and policies;
- to protect 0’s rights or property;
- in connection with regular reporting activities to other members of the 0 corporate family;
- to protect 0, our other customers, or the public from harm or illegal activities;
- to respond to an emergency which we believe in good faith requires us to disclose data to prevent harm; or
- with your
International Operations and Transfers Out of Your Home Jurisdiction
Your personal data may be collected, used, processed, stored or disclosed by us and our service providers outside your home jurisdiction, including in the U.S., Australia, UK, and in some cases, other countries. These countries may have data protection laws that are different than the laws of your country. People2.0 only transfers personal data to another country, including within the People2.0 corporate family, in accordance with applicable privacy laws, and provided there is adequate protection equivalent to the EU in place for the data.
People2.0 has established and implemented a Master Data Transfer Agreement (MDTA) for international transfers between People2.0 entities in the European Union and People2.0 entities elsewhere. The MDTA leverages the EU, Swiss, & UK Standard Contractual Clauses (SCCs) as a transfer mechanism. Our MDTA and the SCCs can be provided on request.
It is important that the information contained in our records is both accurate and current. To request an update to your personal data, please send a request to dataprotection@people20.com
For employees of People2.0 Germany GmbH, questions or inquiries about employee-related privacy issues can be directed to the appointed DPO: E: datenschutz@slk-compliance.de, T: +4935189676360.
For employees of Capital GES SA, questions or inquiries about employee-related privacy issues can be directed to the appointed DPO: E: dorthe@jmrlegal.ch, T: +41213481111.
You have the right to see and/or update personal data that we hold. You should direct your requests to dataprotection@people20.com.
In addition to being able to update, correct, and access your personal data, you may also have other data protection rights.
What data protection rights can you assert as a data subject?
You have the right to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision- making, including profiling and, if applicable, meaningful information about its details.
According to the applicable laws, you may immediately request the correction of incorrect or completion of your personal data stored by us. You may have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
Based on the applicable laws, you may have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you may have objected to the processing.
According to the applicable laws, you may have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Based on the applicable laws, you may have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future.
Based on the applicable laws, If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
Where can you report a complaint?
According to the applicable law, you may also have the right to lodge a complaint about the processing of your personal data by us with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the applicable law.
How Long Do We Retain Your Personal Data?
We will keep your personal data for as long as is needed to carry out the purposes we’ve described above, or as otherwise required by law. Generally, this means we will keep your personal data until the end of your employment with us, plus a reasonable period of time after that where necessary to respond to any employment inquiries, deal with legal, tax, accounting or administrative matters, or to provide you with ongoing pensions or other benefits.
Where we have no continuing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Revisions to This Privacy Notice
We may, from time to time, make updates or changes to this Privacy Notice because of changes in applicable laws or regulations or because of changes in our personal data practices. We will give you notice of any material changes that impact your personal data, and where consent is necessary to make a change apply to our practices with respect to your personal data, we will not apply the changes to your personal data until we have that consent.
PDF Download: People2.0 EMEA Privacy Notice