Privacy Policy

General

This privacy policy is an integral part of the Terms and Conditions and therefore of the agreement concluded between Joboxx Recruitment Technologies NV ("Joboxx" or "the processor") and the User. Capitalized words are defined in the Terms and Conditions and have the same meaning in this Appendix as in the Terms and Conditions.

The processing refers to all operations related to personal data that allow a natural person to be directly or indirectly identified; such as collecting, recording, organizing, structuring, storing, updating or changing, retrieving, consulting, using, making available, aligning or combining, protecting, deleting or destroying data.

The purpose of this Privacy Policy is to provide the persons involved in those processing operations with all information required by the regulations in force, including the information required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or “GDPR”).

Joboxx undertakes to process the personal data of the Users in a legal, correct and transparent manner. In this privacy statement, Joboxx explains which personal data are processed and what the purposes are, what rights the User has to safeguard and possibly improve his / her privacy.

Concepts

The following terms are used in this policy:

  • the Regulation: the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as the "General Data Protection Regulation") or “GDPR”)
  • Personal data: all information about an identified or identifiable natural person. For example: name, national register number, address, family composition, evaluations, medical certificates, union membership, etc.
  • Processing: (the entirety of) processing (s) of personal data. For example: storage, collection, modification, retrieval, consultation, use, transmission, distribution, transmission, deletion, destruction, etc.
  • Controller: the natural person, legal person, public authority, agency or other body that alone or with others determines the purpose and means of the processing of personal data.
  • Processor: the natural person, legal person, government agency, agency or other body that processes personal data for the controller.
  • Data subject: the identified or identifiable natural person to whom the processed data relate.

Who does this privacy policy apply to?

This policy applies to the processing of the personal data of the Users of the Platform, in particular:

  • persons who have applied for an open vacancy or have submitted a spontaneous application;
  • persons who have placed a vacancy or advertisement on the Platform;
  • persons who register as a User of the Platform;
  • - persons who visit or use the Website.

These persons will jointly “Data subjects"And each one individually"Data subjectBe called.

This Privacy Policy also applies to the Controller and the Processor (s).

The controller, the data protection officer and the processor 

  • The Controller:
    The public limited company Joboxx Recruitment Technologies, whose registered office is located at 9000 GHENT, Dok Noord 4D, registered with the Crossroads Bank for Enterprises under number BE0689.939.323 (hereinafter: “Joboxx”), represented by its managing director, Mr Didier Decaestecker, is responsible for certain processing of personal data that it carries out in the context of its activities;
  • The data protection officer:
    The data and privacy officer at Joboxx can be reached using the following contact details:

    • name: Jean Faniel
    • address: Dok Noord 4D, 9000 Ghent
    • tel: + 32 (0) 476 51 19 61
    • email: Jean.f@joboxx.com
  • The Processor is Joboxx

Data processing

Website cookies

Joboxx uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your computer, tablet or smartphone when you first visit this website. Joboxx uses cookies with a purely technical functionality. These ensure that the website works properly and that, for example, your preferred settings are remembered. These cookies are also used to make the website work properly and to optimize it.

In addition, we place cookies that keep track of your surfing behavior so that we can offer customized content and advertisements. On your first visit to our website, we have already informed you about these cookies and asked for your permission to place them. You can opt out of cookies by setting your internet browser so that it no longer stores cookies. You can also adjust the cookies of this website via this link

. In addition, you can also delete all information previously saved via the settings of your browser.

Cookies are also placed on this website by third parties. These are, for example, advertisers and / or social media companies. Below an overview:

Cookie names Type of cookie First or Third party Can be blocked Session or Persistent Expiry Time Purpose
__hssrc analytics Third party Session HubSpot CRM
_hjIncludedInSample analytics Third party Session HotJar
__cfduid essentials Third party Persistent 1563533161.1133 Indicates SSL (encrypted) website traffic
uncodeAI.css essentials Third party Session WordPress theme
__cfduid essentials Third party Persistent 1563533161.5502 Indicates SSL (encrypted) website traffic
uncodeAI.screen essentials Third party Session WordPress theme
__cfduid essentials Third party Persistent 1563533162.416 Indicates SSL (encrypted) website traffic
hubspotutk analytics Third party Persistent 1847357162 HubSpot CRM
uncodeAI.images essentials Third party Session WordPress theme
act, wd, xs, datr, sb, presence, c_user, fr, pl, reg_ext_ref, reg_fb_gate, reg_fb_ref advertisement Third party Persistent Facebook Advertising
trp_language functionality Third party Persistent 1534589159.2165 Language website
__hssc essentials Third party Persistent 1531998962 HubSpot CRM
__hstc analytics Third party Persistent 1595069162 HubSpot CRM
__utma, __utmb, __utmc, __utmt, __utmz, _ga, _gat, _gid analytics Third party Persistent Google Analytics
_gat_UA-119883108-1 analytics Third party Persistent 1532434757 Google Analytics

Purpose of the processing

Joboxx processes personal data in the context of the use of its Platform by Users in the context of a recruitment process and any other services and activities as contractually agreed with the User.

The personal data is used, among other things, for the following purposes:

  • Contact persons with Users who are companies or who act in a professional capacity (customers or prospects): the personal data is necessary to correctly draft and execute the agreement concluded with Joboxx. Before the contract is concluded, Joboxx must have the necessary personal data to be able to offer the agreed services;
  • Recruiting, contacting and applying applicants; matching job seekers and job vacancies, organizing contact between job seekers and job providers and the full course of the recruitment process
  • Suppliers with whom Joboxx comes into contact: the personal data are necessary in order to correctly draft and execute the agreement concluded with Joboxx
  • Any legitimate interest of the company (Joboxx).

All personal data that is collected is processed administratively and accounting.

Which personal data are collected?

Information Collected Directly

  • Information regarding the Data Subject: Name - First name - company number
  • Information to contact the Data Subject: telephone number - fax number - e-mail address - address
  • Information to invoice or make payments: bank account number - bank details

If the Data Subject registers on the Platform and / or fills in an identification form, his / her data will be stored in the database. Joboxx assumes that the Data Subject also gives explicit permission to be included in the database through registration and / or identification.

If the Data Subject hands over a business card to Joboxx, the data is stored in the database. Joboxx assumes that the Data Subject also gives explicit permission to be included in the database by handing over his / her business card.

Publicly available and indirectly collected information

Joboxx also stores publicly accessible data such as data that is subject to a publication obligation, for example the publication of documents in the Official Gazette or the Crossroads Bank for Enterprises regarding the appointment of a director, or data that the Data Subject has made public, such as information on its website or social media. Joboxx assumes that this personal data may be kept since this information has been made publicly available.

Information collected indirectly may also include information that is public, for example, because it is commonly known in a region or because it has appeared in the press.

What the Data Subject reports

If the Data Subject contacts Joboxx by telephone, Joboxx can record his / her identity (name and first name) and telephone number in order to build up a contact overview and to see who uses the service.

When the Data Subject submits his / her CV to Joboxx, the Data Subject undertakes to provide correct, complete and honest information. By uploading his / her CV, the Data Subject indicates that he / she understands and accepts that this CV will be visible to and can be passed on to one or more (specific) potentially interested employers.

Categories of processed personal data:

  • Identity information (name, national register number, place of birth, marital status, ...)
  • A personal image or photo
  • Contact information (address, telephone number, email address)
  • Social media
  • Family information (family composition)
  • Personal characteristics (language, gender, age, position, profession,…)
  • Residence permit or work permit
  • Criminal conviction
  • Financial information (bank account number, professional income,…)
  • Training and education and experience (diplomas, certificates, references, recommendations, skills, knowledge, ...)
  • Profession and position (employer, title and description of the position, degree, date of recruitment, workplace, working conditions, wages, provided company goods / benefits of any kind (mobile phone, car, fuel card, etc.), etc.)
  • Leisure activities, hobbies, interest
  • All data, documents and media that the data subject has made available to Joboxx
  • Other data necessary to allow the processor to perform its contractual obligations towards the Users.

Who receives the personal data?

The Controller can pass on the data subject of the Data Subject to the following recipients:

  • One or more (specific) potentially interested employers resp. job seekers: with the explicit consent of the Data Subject. The Data Subject is aware that the recipient will also process his / her personal data, that he / she is entitled to an equivalent protection of those personal data, but that this is a matter for the Data Subject and the recipient. By the Platform use and receive personal data from other Users - Data Subjects, the recipient guarantees to comply with applicable legislation regarding the protection of personal data.
  • Service providers in assessment and industrial psychologists who work with Joboxx or to whom Joboxx outsources or entrusts certain (sub) assignments;
  • Service providers specialized in legal affairs, labor law, social security, taxation and migration;
  • Government agencies such as the National Social Security Office, Inspection;
  • Bailiffs;
  • Judicial authorities;
  • Accountants or accountants;
  • ICT service providers.

In principle, the Data Subject of the Data Subject will not be transferred to a country that is not part of the European Economic Area *.

Joboxx processes this personal data in accordance with the purposes stated in article 'Data processing'. Only employees within the Joboxx organization, who need these personal data in the performance of their position, will be able to consult them.

When organizing events, Joboxx can pass on the personal data (such as name and first name) to external parties that organize the events, and this for purely organizational reasons and in the context of security.

How long are the personal data kept?

The data controller stores the personal data of the Data Subject:

  • As long as necessary to achieve the goals as described in article Data Processing;
  • As long as necessary for the realization of the application and recruitment process;
  • As long as necessary to delete the personal data after the retention periods provided for by the regulations have expired;
  • As long as necessary to comply with obligations arising from a legal text, other regulations or agreements concluded by Joboxx, or imposed by a government.

What rights can the data subject exercise?

Right to object

When personal data are processed on the basis of the consent of the Data Subject (see point 'to whom does this policy apply?'), The Data Subject can withdraw this consent at any time.

If the Data Subject wishes to exercise one or more of the rights listed below, he / she should contact the data protection officer of Joboxx using the contact details provided in Article 'The controller, the data protection officer and the processor'. The Data Subject should be aware that withdrawing consent will usually result in the Data Subject not being able to remain registered as a User and his account will be withdrawn and deleted.

In addition, the Data Subject can lodge a complaint with the supervisory authority at any time if Joboxx fails to observe his rights as set out below. In Belgium, this has been the Data Protection Authority (formerly the Commission for the Protection of Privacy, better known as the Privacy Commission) since 25 May 2018: see https://www.gegevensbeschermingsautoriteit.be/

Right of inspection

The Data Subject has the right to obtain information from Joboxx about whether or not he or she processes personal data and, if necessary, to inspect the relevant personal data and the following information:

  • the processing purposes;
  • the relevant categories of personal data;
  • the recipients or categories of recipients to whom personal data are disclosed;
  • if possible, the period during which the personal data is expected to be stored, or if not the criteria for determining that period;
  • that the Data Subject has the right to request Joboxx that personal data be deleted or corrected, or that the processing is limited;
  • that the Data Subject has the right to lodge a complaint with the Data Protection Authority;
  • all available data on the source of the data, in case the personal data is not collected from the Data Subject himself;
  • the existence, where appropriate, of solely automated decision-making, including profiling and, where appropriate, useful information about the underlying logic, importance and expected consequences of the automated decision-making.

At the explicit request of the Data Subject, Joboxx will provide the most complete overview of the requested personal data and / or information above within a reasonable period of time. The Data Subject has the right to obtain a copy of the requested information free of charge.

When the Data Subject submits his request electronically, Joboxx can provide the information electronically, for example by email.

Joboxx guarantees that the Data Subject, through his / her account as a registered User, has full access to his / her data and can change, adjust, correct or delete this data at any time.

Right of improvement

The Data Subject has the right to have erroneous, inappropriate or outdated personal data removed or corrected. If the Data Subject considers that information stored by Joboxx is incomplete, incorrect, inappropriate or out of date, he / she should contact Joboxx's data protection officer using the contact details stated in Article 4.

Joboxx guarantees that the Data Subject, through his / her account as a registered User, has full access to his / her data and can change, adjust, correct or delete this data at any time.

Right to erase data

The Data Subject has the right to have certain personal data deleted if one of the following applies:

  • the personal data is no longer necessary for the purposes under which it was collected or processed;
  • the Data Subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing;
  • the Data Subject objects to the processing in accordance with this policy;
  • the personal data has been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation on Joboxx.

Joboxx is obliged to erase personal data without unreasonable delay when one of the above cases applies.

Joboxx guarantees that the Data Subject, through his / her account as a registered User, has full access to his / her data and can change, adjust, correct or delete this data at any time.

Right to restriction of processing

The Data Subject has the right in certain cases to obtain the restriction of the processing of his personal data. The following conditions should apply:

  • If the stored personal data are incorrect, during the period that Joboxx needs to check the correctness of the personal data and, if necessary, to correct it;
  • the processing of personal data is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of its use;
  • Joboxx no longer needs the data for the processing purposes for which the data was stored but in the context of legal proceedings, for the protection of natural or legal persons or for important reasons of public interest.

If the processing of the personal data has been restricted, Joboxx may continue to store the personal data, but no personal data may be processed without the prior consent of the Data Subject.

Joboxx guarantees that the Data Subject, through his / her account as a registered User, has full access to his / her data and can change, adjust, correct or delete this data at any time.

Right to portability of personal data

Subject to the rights and freedoms of third parties and the restrictions provided for in the Regulation, the Data Subject has the right to obtain the personal data relating to him that he himself has provided to Joboxx in a structured, common and machine-readable form. The Data Subject has the right to transfer this data himself to another controller or to request that the personal data be transferred directly by Joboxx to another controller.

Refusal of automated processing and decision making

Some data processing and processes are fully automated without human intervention. Joboxx does not exclude that it can use these automated individual decision-making processes in the processing of personal data, including profiling.

The Data Subject can object to the automated processing of his personal data if this processing significantly affects him / her.

The following exception applies here, which must be assessed on a case-by-case basis:

  • the automated processing is permitted by a legal provision that applies to Joboxx and which also provides for the necessary measures to protect the rights, freedoms and interests of the Data Subject.

The Data Subject also has the right to object to the processing of personal data applicable to him in the cases provided for by law or other regulatory texts.

The Data Subject can exercise these rights by submitting a request to or contacting the data protection officer at Joboxx, as mentioned previously.

The data protection officer may take the necessary measures to verify the identity of the Data Subject making a request.

The Data Subject also has the right to lodge a complaint with the supervisory authority. In Belgium, this has been the Data Protection Authority (formerly the Commission for the Protection of Privacy, better known as the Privacy Commission) since 25 May 2018: see https://www.gegevensbeschermingsautoriteit.be/ 

Processor's obligations

Compliance with legislation

With regard to the processing operations referred to in article 'Data processing operations', the Processor will ensure compliance with the applicable laws and regulations, including in any case the European General Data Protection Regulation (GDPR).

The Processor's obligations under this agreement also apply to persons who process personal data under the authority or on the instructions of the Processor: employees, consultants and subcontractors, in the broad sense of the word.

Security

  1. The Processor undertakes and guarantees that he takes the appropriate technical and organizational measures to protect the personal data and the processing thereof against loss or against any form of unlawful processing (such as: access by unauthorized persons, changing or falsifying the personal data dissemination of data) (see Article 10).
  2. If the Controller or a third party determines that no or insufficient technical and organizational measures have been taken, the Processor will make the necessary efforts to bring the measures to a level that is appropriate, taking into account the state of the art, the sensitivity of the personal data and the costs associated with taking the measures.
  3. When and if required by law, the Processor will appoint a Data Protection Officer (DPO) in accordance with European privacy regulations (GDPR).

Reporting obligation

  1. The Processor will actively monitor infringements and as soon as it is established that a personal data breach has occurred, the Processor will immediately and in any case within the legally determined period inform the Controller.
  2. A “personal data breach” includes the following:
  • Any unauthorized access, processing, deletion, falsification, loss or any other form of unlawful processing of the personal data;
  • Any breach of the security, integrity and / or confidentiality of the data and any other breach that results (or may lead to) inadvertent or unlawful destruction, loss, alteration, unauthorized disclosure of - or access to - the personal data, or any indication that such an infringement has occurred.
  1. In the event of a breach, the Processor will provide the Controller with at least the following information:
  • What the (alleged) cause of the infringement is;
  • The nature of the personal data breach;
  • What the (as yet known and / or expected) consequence of the infringement is;
  • Indication of the categories of data subjects concerned and the number of data subjects affected by the infringement;
  • The (proposed) measures that the Processor has taken and will take to address the infringement and / or to limit its adverse consequences;
  1. The Processor will cooperate with the Controller at all times, with the aim of enabling the Controller to properly investigate the infringement, to take corrective measures and to take appropriate next steps with regard to the infringement.
  2. The Processor also keeps the Controller informed of any new developments regarding the infringement and of the measures that the Processor is taking to limit the consequences of the incident on its side and to prevent repetition.
  3. The Processor documents all breaches in connection with the personal data provided by the Controller and the Processor makes this available at the request of the Controller.

Which security measures are taken?

Since highly personal and business confidential information is used and processed, Joboxx guarantees the confidentiality, integrity and availability of this information at all times. Joboxx maintains a high level of security for the processing and the data that are processed and stored.

The main principles that Joboxx applies are:

  1. Definition of information security roles and responsibilities to ensure that all security activities are performed.
  2. All required documentation, such as policies, standards, procedures, and guidelines, is in place to support security. That documentation is regularly reviewed.
  3. Joboxx takes a risk-based approach to identify the necessary technical and other security controls. This ensures that the correct priorities are set and that only efficient and effective security controls are selected and implemented.
  4. Joboxx is committed to ensuring that employees throughout the organization are aware of the importance of information security and data protection and integrates this through regular training and exercises.
  5. Joboxx has identity and access controls to protect information against unauthorized access, changes or deletion, whether or not caused intentionally.
  6. Joboxx has introduced physical controls to ensure fire and theft prevention and access control for its buildings.
  7. Cyber protection controls were installed. The applications and technology platforms have been designed, configured, maintained and evaluated based on recognized security criteria, such as Vulnerabilities and threats are continuously monitored.
  8. One became business continuityprogram installed to ensure continuity in the event of disruptions or disasters and restore business processes. The information security principles will remain in effect during the activation of this program.
  9. The information security policy and its implementation are regularly reviewed

* If personal data can be transferred to countries outside the EEA, an Appendix regarding additional obligations in case of transfer to a third country or an international organization is required.