Before you continue

To give you the best possible experience please select your preference.

Continue
Enreach
Enreach

Recruitment privacy statement

1 INTRODUCTION

We value your privacy and are committed to protecting your personal data (‘Personal Data’). This privacy statement (‘Privacy Statement’) explains how we process your Personal Data in accordance with the applicable data protection legislation (‘Data Protection Legislation’) during the job application process, how you can exercise your privacy rights, and any other information that may be relevant to you. If you have any questions about our use of your Personal Data, this Privacy Statement, or any other comments, you can reach out to us via the Contact Information mentioned below. 

This Privacy Statement is only applicable when you apply to an Enreach entity located in the EU/EEA. For job applications to Enreach entities located outside of the EU/EEA, different privacy statements apply.  

In this Privacy Statement, Enreach (‘Enreach’, ‘we’, ‘our’ or ‘us’) refers to the operational entity underneath Enreach Holding BV, responsible for the role you are applying for, whereas ‘you’, ‘your’, or ‘yours’ refers to all data subjects (‘Data Subject’) interacting with Enreach as job applicants (including potential employees, workers, contractors, and freelancers). In addition, you will see several references to the ‘Enreach Group’, which includes all other Enreach entities globally. Further information on the Enreach Group can be obtained by contacting us using the details provided below.  

When you apply for a position at Enreach, we receive and process Personal Data about you in relation to your application, as a data controller (‘Data Controller’). If we process your Personal Data to offer you a position in one of the Enreach Group entities, we will always inform you which group entity is the Data Controller for the processing of your Personal Data.   

The capitalised words in this Privacy Statement have the meanings ascribed to them in this Privacy Statement and in the Definitions provided below.  

2 CONTACT INFORMATION

You can contact us here:

Enreach Holding B.V.

Address: Verlengde Duinvalleiweg 102, 1361 BR Almere

Email: dataprotectionteam@enreach.com 

Phone: +31 088 889 0889

2.1 Data Protection Officer

We have a dedicated Data Protection Team and a Data Protection Officer (‘DPO’). If you have any questions relating to the processing of your Personal Data or want to contact our DPO, feel free to use the contact details provided below: 

Enreach Data Protection Team

Email: dataprotectionteam@enreach.com 

Phone: +31 088 889 0889

3 DEFINITIONS

Below are some key terms relevant to this Privacy Statement: 

  • Personal Data: Any information directly or indirectly relating to an identified or identifiable natural person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

  • Data Subject (you): Natural person(s) whose Personal Data is processed, specifically in this case, the job applicant(s).  

  • Data Controller (we): Natural or legal entity that determines the purpose and means for the processing of Personal Data. In the context of this Privacy Statement, this is the Enreach entity offering the job position that you have applied for. 

  • Data Processor: Natural or legal entity processing data on behalf of the Data Controller. 

  • Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a Data Subject’s sex life or sexual orientation.  

  • Data Protection Legislation: Data Protection Legislation refers to the applicable laws that govern the protection of Personal Data and privacy. This includes the legislation applicable to the processing of Personal Data in the EU, such as the General Data Protection Regulation (‘GDPR’) and the ePrivacy Directive (‘ePD’), as well any national laws implemented in connection with the aforementioned legislation. 

4 What Personal Data do we collect and why?

When you apply for a position with us, we process your Personal Data for the purpose of assessing whether your profile is relevant for a position at Enreach. Additionally, we process your Personal Data to comply with our accountability requirements under the Data Protection Legislation, which mandate us as a Data Controller to document the recruitment processes in case of complaints or disputes.

In connection with our recruitment process, we will process ordinary Personal Data about you, but it may also happen that we process information about criminal records or sensitive information related to your health if you willingly provide this information in your application.  

4.1 What categories of Personal Data do we process? 

We process the following categories of Personal Data related to your job application: 

  • Mandatory contact information: We process Personal Data such as your name, address, email, and telephone number in order to communicate with you during the recruitment process. 

  • Mandatory application data: We also process the Personal Data that you submit to us in the application material. This will typically be your: application, CV, grade sheets, certificates, references, and other supporting documents that you choose to attach to your application. 

  • Information processed in connection with the job interview: We process Personal Data collected during the job interview, it will typically be notes from your interview, as well as test results if applicable.  

  • Information necessary to comply with applicable law: We process Personal Data such as residence and work permits to ensure that you are entitled to work in the specific country that the position is located in. 

  • Information collected through tests: We process information from tests we may ask you to complete prior to contacting you for a job interview. 

  • Driver’s license: For some roles, we need to process your driver’s license to verify its validity. 

  • Criminal records: For certain positions we may require you to disclose any criminal records. For more information about how we process this data, please see the section below. 

  • Cookies and IP addresses: We may process this information if you have applied via our website. For more information, please see our General Privacy Statement and Cookie Banner on our website. 

4.2 How do we collect your Personal Data and why? 

In most instances we collect Personal Data directly from you, for example through our online application form. In other instances, we may collect Personal Data from recruitment agencies or publicly available sources (as outlined in this section below).

If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to process your application successfully.  

Below are the purposes for which we process Personal Data in relation to your application and interest in working with us. The lawful basis relied on for each purpose is also described herein. We will use the Personal Data we collect about you as follows: 

  • To communicate with you regarding your application: When you show interest in a role at Enreach, we process your Personal Data to communicate with you regarding the specific position that you have applied for and to respond to your queries. To this end, we process your contact information and application material, and any information disclosed as part of the correspondence between us regarding your job application. For this purpose, we rely on legitimate interest as the legal basis to inform and communicate with you regarding our recruitment and selection procedure. 

  • To notify you of suitable openings in the future: We may process your Personal Data to inform you at a later stage about new vacancies or invite you to consider new recruitment opportunities. To this end, we process your contact information and application material, and any information disclosed as part of the correspondence between us regarding your job application. We will only process this data if you gave us your consent to store your data for an additional period after the recruitment process when you applied. The exact retention period for which we may store your data longer than the applicable legal retention period and after you have provided us with your consent to retain that data, may vary depending on the country where the Enreach entity you are applying to is located. Please refer to the table under point 5.2. for more information. 

  • To evaluate your suitability for the role that you have applied for: We specifically assess each candidate´s qualifications in relation to the vacancy that they have applied for. Based on the applications we receive we select candidates for the recruitment interview(s). Candidates who have not been invited for an interview will be informed at the end of the recruitment process. We rely on legitimate interest as the legal basis for this processing as this is Personal Data that you have provided to us for the purpose of seeking employment with us. 

Prior to, during, or after selecting you for an interview we process your Personal Data as follows:  

  • Performance information and tests: In connection with recruitment for some positions, we may ask you to complete a test, such as the development of a piece of source code, the processing of a case, or a personality test. We always assess whether the specific test is relevant to the position in question. The purpose of the test is to assess your skills and qualifications as a potential employee and to assess whether your profile fits in with the company and the specific position. We rely on legitimate interest as the legal basis for this processing.   

  • During the interview process: In connection with the interview(s), we may receive additional information about you that we store with your application for further use in the recruitment process.  We rely on legitimate interest as the legal basis for processing this additional Personal Data, as this is data that you have provided for the purpose of seeking employment with us. 

  • Information obtained from social media platforms: When recruiting for positions with a focus on partners, customers, and collaborative relationships, it may be relevant to perform a search on your social media platforms. This will typically be limited to a search on LinkedIn or other business and employment-focused social media platforms. The choice of platform may vary depending on the country where the Enreach entity you are applying to is located. We rely on legitimate interest as the legal basis for the processing of information about candidates obtained from social media platforms. We do this to assess whether you have a public profile that fits in with the company and the specific position you have applied for. 

  • Driver’s license: For some roles, a candidate may be required to have a valid driver’s license. We always assess whether it is necessary for the specific position for us to be presented with such a license. The purpose is to ensure, if your work function requires the use of a car, that you can perform this work function. In such cases, we will not store a copy of your driving license, but note whether during the recruitment process, you have presented a valid driving license. We rely on legitimate interest as the legal basis for the processing of information relating to driving licenses, to ensure you can perform your role in a legally compliant manner. 

  • Criminal records: For some positions it is necessary for us to be aware of any criminal records, such as certificates of good conduct. To the extent allowed under the applicable laws, we always assess whether reviewing criminal records is relevant for the position in question. The purpose for the processing of your criminal records is to ensure that you can, for example, obtain the security clearances necessary to perform work related activities in data centres. We will only ask to see criminal records after you have been offered a position with us.  
     
    The legal basis for the verification of criminal records to determine your eligibility for certain roles may vary depending on the country where the Enreach entity you are applying to is located: 

Verification of criminal records
Country Status and legal basis
Netherlands Prohibited, unless it concerns a position where it is necessary in which case a Certificate of Good Conduct (VOG) should be sufficient. The legal basis for asking a VOG is legitimate interest.
If additional Personal Data of criminal nature is required to be assessed, such data may only be processed if any legal exception of the Dutch GDPR Implementation Act (UAVG) applies.

Spain  

Prohibited, unless there is a legitimate interest regarding to the characteristics of the job, for example, a policeman or an auditor. According to the last legal precedents and due to our company activity, criminal records from applicants or Employees may not be asked. 

Germany  

Prohibited, unless required for certain positions and only with Employee’s consent. Employers are only allowed to ask applicants for information on criminal offences related to the job. Otherwise, the full name of the applicant is cross-checked with the existing sanctions list. 

 

Latvia  

 Prohibited, unless there is a legitimate interest, such as when required for certain positions, e.g., member of the board to fulfil the procurement requirements or credit institutions (banks or auditors, sworn lawyers) or to fulfil the Anti-Money Laundering and Terrorism and Proliferation Financing Act. In such cases a Certificate of Good Conduct should be requested. 

 

France  

Prohibited, unless justified for specific positions determined by law, such as roles in security, defence, airports, or care for vulnerable individuals, or if the employer considers when hiring that it is relevant to the nature of the tasks to be accomplished and proportionate to the desired goal of the position. The individual has a right to refuse to comply with such a request. 

 

Employees who access sensitive customer information may be requested to provide a criminal record, but Enreach may not keep a copy or share such data with customers. Only the local HR department may confirm that Employees operating in roles with access to sensitive data have undergone a criminal record check. 

 

Denmark  

Allowed with consent. The need to obtain a criminal record is assessed based on the specific requirements of each position, especially those involving security clearance for tasks such as accessing data centres. Enreach will request the Employee’s explicit consent for obtaining a criminal record only after extending a job offer, in accordance with the Danish Data Protection Act. The consent can be withdrawn at any time, but it will not affect the legality of the prior processing up to that point. 

 

Finland  

Prohibited, unless there is a legitimate interest due to characteristics of the job i.e. working with children. 

 

Poland 

Prohibited, unless justified for specific positions determined by law, such as roles in teaching, customs or the financial sector. Such Employees are required to provide their employers with a certificate of clear criminal record from the Polish National Criminal Register, or employers may obtain them directly from the register, provided they refer to a specific provision of national law from which the requirement of having a clear criminal record for the Employee arises. 

 

Sweden 

Prohibited, unless there is a legitimate interest due to characteristics of the job i.e. working with children, psychiatric care, insurance brokers, and board members and CEOs of financial institutions. When Enreach requests the Employee to request an extract of their criminal record from the police, Enreach may not save the extract and should, at the most, only make a note that the extract has been presented. 

 

Romania 

Allowed with consent – Verification of a criminal record is allowed, provided Enreach has obtained explicit consent for obtaining a criminal record. The gathered information must be relevant to the job position. Enreach must provide information about the purpose of the verification, the categories of Personal Data that will be processed, and the potential consequences of providing false or misleading information. 

  • Information from former employers: For some positions it is necessary to obtain references from previous employers. Such screening will be undertaken only after informing you of it. We will record the information we receive from your references.  We rely on legitimate interest as the legal basis to process this information as certain roles require enhanced reliability and trust in our employees, and may involve higher risks, and thus such screening is in our legitimate interest.   

  • Residence and work permit: It is a condition of employment that you have a valid work and residence permit. To ensure this, we may ask for a copy of your passport in connection with your employment.  If, because of your citizenship, you need a work and residence permit to work legally for the Enreach entity you are applying for, we will also obtain a copy of your work and residence permit. We rely on the necessity to comply with a legal obligation as the legal basis when obtaining a copy of your passport and, where appropriate, work and residence permits, as we are legally obliged to ensure this in accordance with national law. 

  • Sensitive Personal Data: We may use information about any medical history or disability status that you yourself have provided us to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview. If you suffer or have suffered from an illness that will have a significant impact on your ability to work in the position for which you have applied, you must inform us of the same at the latest during the job interview process and in accordance with applicable law. If we determine that the health information is relevant to the position in question, we will register the information as part of the recruitment process. We use legitimate interest and compliance with labour law obligations as our legal bases for the processing of health data and medical conditions.  

At no time do we process Sensitive Personal Data about you during the recruitment process, except for in the abovementioned scenarios. We therefore request that you exclude such sensitive information from your application material.  

5 HOW DO WE STORE AND RETAIN YOUR PERSONAL DATA? 

5.1 If you are hired

We will store the information that has been part of the recruitment process in our Applicant Tracking System. If you are hired by Enreach, your Personal Data will be kept as long as we are legally obligated to do so under the applicable national laws. 

5.2 If you are rejected

We will delete the information we have registered about you in accordance with the time period prescribed under applicable national laws. If you have previously given us consent to store your data in order to inform you regarding new vacancies or new recruitment opportunities, we will store your Personal Data in our Applicant Tracking System. We will store this data for as long as the applicable retention period allows us to, or until you decide to revoke your given consent. The exact retention period may vary depending on the country where the Enreach entity you are applying to is located. For the exact retention period please refer to the table below: 

   Storing applicant’s data for potential future opportunities (after consent).

Country

Retention period

Netherlands

1 (one) year 

Spain 

2 (two) years

Germany

6 (six) months

Latvia

1 (one) month

France

2 (two) years

Denmark

6 (six) months

Finland

6 (six) months, to the extent permitted and required by law.

Poland

1 (one) year

Sweden

For as long as the applicant can appeal the decision of non-employment.

With reference to the Anti-Discrimination Act, the hiring documents can be

stored for this purpose for 2 (two) years from the decision of non-employment.

Romania

2 (two) years

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5.3 Criminal records

We only ask for your criminal records if you have been offered a position with us. If you have been asked to provide such information, and you have started your employment with us, a copy of your records will be stored in your personal file, only if the national applicable laws permit such storage. 

6 WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH? 

If we deem it necessary for the abovementioned processing purposes, your Personal Data may be shared with one or more third parties, regardless of whether the third party is affiliated with the Enreach Group, for the purpose of processing Personal Data in accordance with our instructions. 

When third parties are given access to your Personal Data in line with the above, we undertake required contractual and organisational measures to ensure that your Personal Data are processed only to the extent that such processing is legitimate and necessary.  

We may share your Personal Data with third parties as follows: 

6.1 Within the Enreach Group

As the Enreach entity that you are applying to is part of a wider group of undertakings with headquarters in the Netherlands, and entities located in the EU, the UK and Serbia, Enreach may transfer your Personal Data to, or otherwise allow access to such data by other entities within the Enreach Group, which may use, transfer, and process your Personal Data for the purposes described within this Privacy Statement. 

6.2 With Data Processors 

We may engage certain Data Processors such as recruitment agencies, hosting, and IT service companies etc., who may process your Personal Data on our instructions. The Data Processors are contractually obliged to implement appropriate technical and organisational measures to ensure that your Personal Data is processed in accordance with our instructions.

6.3 With regulators, authorities, and other third parties 

Where necessary for the processing purposes described above or where required by law, your Personal Data may be transferred to regulators, courts and other authorities, independent external advisors, insurance providers, pensions, and benefits providers, and internal or external compliance and investigation teams. 

7 HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?

We attach great importance to your privacy. We therefore implement suitable physical, electronic, and managerial procedures to safeguard and secure your collected Personal Data. 

We take security measures to protect your information including:

  • We use appropriate procedures and technical security measures (including strict encryption and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, and offices.
  • Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies).
  • Implementing access controls to our information technology.

 

8 WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

Under the Data Protection Legislation, you have a number of rights regarding our processing of your Personal Data, as follows: 

8.1 Right to be informed about our collection and use of Personal Data 

You have the right to be informed about the collection and use of your Personal Data. We ensure we uphold this right with our internal data protection policies and through this and other privacy statements. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities. 

8.2 Right of access

You have the right to access the information we process about you.  

8.3 Right to rectification

You have the right to have incorrect or outdated information about yourself corrected.   

8.4 Right to be forgotten

In exceptional cases you have the right to have information about you deleted before the expiry of our retention period. 

8.5 Right to restrict processing  

In some cases, you have the right to have the processing of your Personal Data restricted. If you exercise this right, we may only process your Personal Data with your consent, or for the purpose of establishing, asserting, defending, protecting, a significant public or private interest, except when we process your data for storage.   

8.6 Right to object 

In certain cases, you have the right to object to our otherwise lawful processing of your Personal Data.

8.7 Right to transfer your information (data portability) 

In certain cases, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to have that Personal Data transferred from one Data Controller to another without hindrance. 

8.8 Right to withdraw your consent

You have the right to withdraw your consent at any time in the circumstances where you have given us consent to process your Personal Data.  

8.9 Rights in relation to automated processing 

An automated decision is one that is made by our systems rather than a person. You have the right to express your concerns and object to a decision taken by purely automated means under some laws such as the GDPR. You also have a right to request that a person review that decision. 

This right is unlikely to apply to Enreach’s use of your data, as any automated processing we carry out is unlikely to make decisions and would include human intervention. If you would like to discuss this in further detail, please contact us as set out above. 

You can invoke any of the above rights by reaching out to us on the Contact information provided above. When you submit a request, we will ask you some additional questions to verify your identity. We will respond to your request as soon as possible, but at the latest within one month. 

 

9 Questions or complaints

In case you have any questions with respect to the processing of your Personal Data as described within this Privacy Statement, you can contact the Enreach Data Protection Team and our DPO via the Contact information above.  

Please note that you also have the right to lodge a complaint with the competent supervisory authority for the Enreach entity that is acting as the Data Controller regarding how we process your Personal Data. However, we hope that you would consider raising any issue or complaint you have with us first (using the Contact Information above). Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you have any questions regarding which supervisory authority is applicable to your recruitment process at Enreach, please contact us via the Contact Information above.  

10 Other Links

Please be aware that the Enreach website you have accessed may link to other websites that you may access. We are not responsible for the data policies, content, or security of such sites. We do not have any control over any use of your data by third parties when you visit such sites or otherwise provide your data through these channels.

11 Changes

Enreach reserves the right to modify or amend this Privacy Statement at any time. The effective date will be displayed below. It is the user's responsibility to check this document regularly for changes. 

 

Thank you for taking the time to read our Privacy Statement. 

 

Version 2.0; May 2024