Privacy statement of Staffing MS – Version 08-08-2023
About us
Staffing Management Services B.V. and its affiliated entity Staffing MS Broker B.V. (together referred to as Staffing) are subsidiaries of HFBG Holding B.V. (together with Staffing referred to as HeadFirst Group, we, our, us). HeadFirst Group provides, among other services, a hiring desk for its clients as well as other services related to matching the demand and supply of temporary hires.
Our relationship with you
Your privacy is important to us. This statement explains what personal data HeadFirst Group processes, how HeadFirst Group processes it, and for what purposes. Please read this privacy statement carefully.
We process your personal data when you use our services (hiring desk, intermediary services, and/or additional services), when you visit any of our websites, and when you contact us. For example, through our websites, you can contact us via email, request information, or chat with us. In preparation for using the intermediary services, we may process personal data when you enter it yourself or when your employer or client enters it into our systems. This data can be used to make offers on assignments.
1. Who are the data controllers
The data controller determines the purpose and means of data processing. Under the General Data Protection Regulation (GDPR), most obligations lie with the data controller, who is also the first point of contact for you as the data subject. Below is a division of responsibilities. In almost every case, HeadFirst Group qualifies as an independent data controller, except in situations where your employer has entered your data into our system and you have never been placed on an assignment via HeadFirst Group, or when the contract between the supplier or freelancer is directly entered into with the Client, and HeadFirst Group has only played a mediating role. In the latter case, HeadFirst Group acts as a processor that operates based on the instructions of the Client, who is then designated as the data controller.
Three scenarios can be imagined:
- Are you self-employed? Then you are dealing with two data controllers for your data (the Client and HeadFirst Group).
- Are you employed by a supplier of a Client? Then you are dealing with three data controllers (your employer, HeadFirst Group, and the Client).
- Do you use premium and/or excellent services? Then the insurer from whom you receive the certificate is an independent data controller regarding its services.
The Client as data controller
Do you have a privacy-related question and/or request for the Client? Then you can contact the Client directly. You can do this by reaching out using the contact details found in the Client’s privacy statement.
The employer as data controller
Do you have a request to your employer? Then you can contact your employer directly. You can do this by reaching out using the contact details found in your employer’s privacy statement. If you have not yet fulfilled an assignment via HeadFirst Group, no offer has been made, and no start has been made with it, then your employer can delete your data in the Platform via their account.
The supplier of freelancers as data controller
When you are a freelancer whose personal data is provided to us by a supplier, this supplier is to be regarded as an independent data controller for this purpose. The supplier determines the purpose and means and serves as the first point of contact for you to exercise your rights under the GDPR. The supplier may have its own privacy statement and terms. We recommend that you consult these. We are not responsible or liable for the personal data that the supplier processes. This Privacy Statement only relates to the further processing of personal data by us.
If you have not yet fulfilled an assignment via HeadFirst Group, no offer has been made, and no start has been made with it, then your supplier can delete your data.
The Insurer as data controller
Do you have a question and/or request for the insurer? At the time of contracting, you or your employer was informed about where to find the privacy statement of the insurer. Do you have a question and/or request for the insurer? Then you can contact the insurer directly. You can do this by reaching out using the contact details provided in your insurer’s privacy statement.
HeadFirst Group as (Joint) data controller
In the context of the services of HeadFirst Group
We process personal data when the services (both intermediary and any additional services) are used. HeadFirst Group provides services through multiple entities, each 100% part of the same group (HFBG Holding B.V.). For the services that Staffing provides, Staffing Management Services B.V., located at Oostmaaslaan 71, 3063 AN in Rotterdam, is the primary data controller for the processing in this Privacy Statement. You can reach us by phone at 010 – 760 0900 or by email at privacy@headfirst.nl.
Other entities that are part of HeadFirst Group and that may process your personal data as data controllers include but are not limited to (subsidiaries and sister companies of): Associates B.V., Between Staffing B.V., Designated Professionals B.V., EXPR B.V., Fast Flex B.V., Fast Flex Sourcing B.V., HeadFirst Germany GmbH, HeadFirst IT B.V., HeadFirst Poland sp. z o.o., Jenrick Nederland B.V., Jenrick Payroll Services B.V., Myler B.V., Oyster Coast B.V., Proud ICT B.V., Proud Payroll B.V., Source Automation B.V., Source Automation BV (Belgium), Source Automation Luxembourg SA, Source Payroll Services B.V., Sterksen B.V., StarApple B.V., and Yellow Friday B.V. Each of these entities is not only part of this group but is also contractually bound to responsibly handle the data, in full compliance with this Privacy Statement.
In the context of other activities, including customer contact, direct marketing, and website visits
In addition to the personal data processed for the intermediary services, we also collect personal data for our own purposes (e.g., customer contact, direct marketing, website visits, which are elaborated on under purposes). Because we determine the purpose and means, we qualify as an independent data controller.
Employees of the Client
We also process data from the contacts of the Client. Regarding this data, HeadFirst Group qualifies as the data controller.
2. Contact Center
If you have questions or requests regarding what happens to your personal data, you can contact HeadFirst Group. If you are unsure about which party qualifies as the data controller or where to direct your question about data processing by or through HeadFirst Group, you can reach us by phone at 010 – 760 0900 or by email at privacy@headfirst.nl. We are happy to assist you and help you find a solution. If that does not work, you can contact the Dutch Data Protection Authority (https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap).
3. What types of personal data are processed? For what purpose and on what basis?
We process different types of personal data about you, for example, because you have created a profile and uploaded a CV. When you use the hiring desk, various categories of personal data are collected. Which data is collected is primarily determined by law and additionally depends on the chosen additional services and the requirements of the Client for flexible personnel.
We only process personal data when one (or more) basis(es) is (are) present:
(1) Execution of the agreement.
As an intermediary, we form the contractual intermediary in the hiring of flexible personnel. We enter into and manage agreements with professionals, suppliers, and clients based on which we process personal data. In addition to the personal data from the agreements themselves, this also concerns the personal data required by the contracts. It is therefore also conceivable that we may ask for your personal data prior to entering into an agreement so that we can establish this. It is also possible that surveys are sent out to improve our service and/or gain insights into (the circumstances of carrying out) assignments with Clients.
(2) Consent.
We may ask you to give consent prior to data processing in certain cases. For example, we ask for your consent before sending you certain news items. Once you have given your consent, you can withdraw it at any time, after which we will not further process your personal data for the purposes to which the consent pertains. Consent can be withdrawn by clicking the ‘unsubscribe’ button at the bottom of the relevant news item.
(3) Legal obligation.
As an intermediary, we are obliged to process certain personal data. Think of obligations under the Allocation of Labor by Intermediaries Act (Waadi), the Employment of Foreigners Act (Wav), or tax obligations. A legal obligation may also mean that we are required to share certain personal data with Clients, supervisory authorities, or other third parties for processing. When we are obligated to