General

This privacy policy is an integral part of the Terms and Conditions and thus of the agreement between Joboxx Recruitment Technologies NV ("Joboxx" or "the processor") and the User. Words with a capital letter are defined in the Terms and Conditions and have the same meaning in this appendix as in the General Terms and Conditions.

The processing refers to all operations relating to personal data on the basis of which a natural person can be identified directly or indirectly; such as collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, making available, aligning or combining, blocking, erasing or destroying data.

The purpose of this Privacy Policy is to provide the persons involved in such processing with all information required by the regulations in force, including the information required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or "GDPR").

Joboxx undertakes to process the personal data of the Users in a legal, correct and transparent manner. In this privacy statement, Joboxx explains which personal data are processed and what the purposes are, what rights the User has to safeguard his privacy and possibly improve it.

Concepts

This policy uses the following concepts:

  • the Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also referred to as the "General Data Protection Regulation") or "GDPR")
  • Personal data: all information about an identified or identifiable natural person. For example: name, national register number, address, family composition, evaluations, medical certificates, membership of a trade union, etc.
  • Processing: (the totality of) processing (s) of personal data. For example: storing, collecting, modifying, retrieving, consulting, using, sending, distributing, passing on, erasing, destroying, etc.
  • Processing managerthe natural person, legal entity, public authority, a service or other body that alone or with others determines the purpose and means of the processing of personal data.
  • Processorthe natural person, legal person, government agency, a service or another body that processes personal data on behalf of the controller.
  • The person concerned: the identified or identifiable natural person to whom the processed data relate.

Who is this privacy policy applicable to?

This policy applies to the processing of the personal data of the Users of the Platform, in particular:

  • persons who have applied for an open vacancy or have submitted a spontaneous application;
  • persons who have posted a vacancy or advertisement on the Platform;
  • persons who register as a User of the Platform;
  • - persons who visit or use the Website.

These people will join together the "Those involved"And each one individually"The person concerned"Be called.

This Privacy Policy also applies to the Processing Officer and the Processor (s).

The controller, the data protection officer and the processor 

  • The Processing manager:
    The public limited liability company Joboxx Recruitment Technologies, whose registered office is in 9000 GHENT, Dok Noord 4D, registered with the Kruispuntbank voor Ondernemingen under the number BE0689.939.323 (hereinafter: "Joboxx"), represented by its managing director, Mr. Didier Decaestecker, is responsible for certain processing of personal data that it carries out in the context of its activities;
  • The Data Protection Officer:
    The job and data protection officer at Joboxx can be contacted on the basis of the following contact details:

    • name: Jean Faniel
    • address: Dok Noord 4D, 9000 Ghent
    • tel: + 32 (0) 476 51 19 61
    • e-mail: Jean.f@joboxx.com
  • The Processor is Joboxx

Data processing

Website cookies

Joboxx uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your computer, tablet or smartphone when you first visit this website. Joboxx uses cookies with a purely technical functionality. These ensure that the website works properly and that, for example, your preferred settings are remembered. These cookies are also used to make the website work well and to optimize it.

In addition, we place cookies that keep track of your browsing habits so that we can offer customized content and advertisements. On your first visit to our website we have already informed you about these cookies and we have asked you for permission to place them. You can opt out of cookies by setting your internet browser so that it does not store cookies anymore. You can also change the cookies of this website via this link

. In addition, you can also delete all information previously saved via the settings of your browser.

Cookies are also placed on this website by third parties. These are for example advertisers and / or social media companies. Below an overview:

Cookie names Type or cookie First or Third party Can be blocked Session or Persistent Expiry Time Purpose
APISID, CONSENT, GPS, HSID, LOGIN_INFO, PREF, SAPISID, SID, SSID, VISITOR_INFO1_LIVE, YSC functionality Third party Persistent
long advertisement Third party Session
UserMatchHistory advertisement Third party Persistent 1536742026.4152
long advertisement Third party Session
lidc advertisement Third party Persistent 1534236426.1858
BizoID advertisement Third party Persistent 1536742026.1857
bcookie advertisement Third party Persistent 1597263878.5189
bscookie advertisement Third party Persistent 1597263878.5189
test_cookie advertisement Third party Persistent 1533124953.2194
IDE advertisement Third party Persistent 1596196040.3134
_gat_UA-119883108-1 analytics Third party Persistent 1532434757 Google Analytics
__utma, __utmb, __utmc, __utmt, __utmz, _ga, _gat, _gid analytics Third party Persistent Google Analytics
__hstc analytics Third party Persistent 1595069162 HubSpot CRM
__hssc essentials Third party Persistent 1531998962 HubSpot CRM
trp_language functionality Third party Persistent 1534589159.2165 Language website
act, wd, xs, datr, sb, presence, c_user, fr, pl, reg_ext_ref, reg_fb_gate, reg_fb_ref advertisement Third party Persistent Facebook Advertising
uncodeAI.images essentials Third party Session WordPress theme
hubspotutk analytics Third party Persistent 1847357162 HubSpot CRM
__cfduid essentials Third party Persistent 1563533162.416 Indicates SSL (encrypted) website traffic
uncodeAI.screen essentials Third party Session WordPress theme
__cfduid essentials Third party Persistent 1563533161.5502 Indicates SSL (encrypted) website traffic
uncodeAI.css essentials Third party Session WordPress theme
__cfduid essentials Third party Persistent 1563533161.1133 Indicates SSL (encrypted) website traffic
_hjIncludedInSample analytics Third party Session HotJar
uncode_privacy [consent_types] essentials Third party Persistent 1563533157.7657
__hssrc analytics Third party Session HubSpot CRM

Purpose of the processing

Joboxx processes personal data in connection with the use of its Platform by Users in the context of a recruitment process and any other services and activities as contractually agreed with the User.

Personal data will be used for the following purposes:

  • Contacts with Users who are companies or act in a professional capacity (customers or prospects): the personal data are necessary to correctly set up and execute the agreement concluded with Joboxx. Joboxx must have the necessary personal data for the contract conclusion in order to be able to offer the agreed service;
  • Recruiting, contacting and applying for applicants; matching job seekers and vacancies, organizing a contact between job seekers and job providers and the full progress of the recruitment process
  • Suppliers with whom Joboxx comes into contact: the personal data are necessary to correctly set up and execute the agreement concluded with Joboxx
  • Every legitimate interest of the company (Joboxx).

All personal data that is collected is processed administratively and accounting.

Which personal data is collected?

Information collected directly

  • Information concerning the Data Subject: Name - First name - company number
  • Information to contact the Data Subject: telephone number - fax number - e-mail address - address
  • Information for invoicing or making payments: bank account - bank details

If the Data Subject registers on the Platform and / or completes an identification form, his / her data will be stored in the database. Joboxx assumes that the Data Subject will also give explicit permission to be included in the database through registration and / or identification.

If the Data Subject hands a business card to Joboxx, the data is stored in the database. Joboxx assumes that the Data Subject will also give explicit permission to be included in the database by handing over his / her business card.

Publicly available and indirectly collected information

Joboxx also stores publicly accessible data such as data subject to a publication obligation, for example the publication of documents in the Bulletin of Acts or in the Crossroads Bank for Enterprises concerning the appointment of a director, or data that the Data Subject himself has made public, such as information on his website or social media. Joboxx assumes that this personal data may be kept in view of the fact that this information has been made publicly available.

Information collected indirectly may also contain data that is public, for example because they are generally known in a region or because they have appeared in the press.

What the Involved Person communicates

If the Involved Joboxx contacts by telephone, Joboxx can record his / her identity (name and first name) and telephone number to build up a contact overview and to view who is using the service.

When the Data Subject provides his / her CV to Joboxx, the Data Subject will undertake to provide correct, complete and honest information. By uploading his / her CV, the Data Subject indicates that he / she understands and accepts that this CV will be visible and can be passed on to one or more (well-defined) potentially interested employers.

Categories of personal data processed:

  • Identity information (name, national register number, place of birth, marital status, ...)
  • A personal image or photo
  • Contact information (address, telephone number, e-mail address)
  • Social media
  • Family information (family composition)
  • Personal characteristics (language, gender, age, presentation, profession, ...)
  • Residence permit or work permit
  • Criminal conviction
  • Financial information (bank account number, professional income, ...)
  • Education and training and experience (diplomas, certificates, references, recommendations, skills, knowledge, ...)
  • Occupation and employment (employer, title and description of job, degree, date of recruitment, workshop, working conditions, wages, business assets provided / benefits of any kind (mobile phone, car, fuel card, ...), etc.)
  • Leisure activities, hobbies, interest
  • All the data, documents and media that the person concerned has made available to Joboxx
  • Other data necessary to allow the processor to perform contractual obligations towards the Users.

Who receives the personal data?

The Processing Officer can pass on the personal data of the Data Subject to the following recipients:

  • One or more (well-defined) potentially interested employers resp. job seekers: with the explicit consent of the person concerned. The Data Subject acknowledges that the recipient will also process his / her personal data, that he / she is entitled to an equivalent protection of that personal data, but that this is a matter for the Data Subject and the recipient. to use and receive personal data from other Users - Data Subject, the recipient guarantees to comply with the applicable legislation regarding the protection of personal data.
  • Service providers in assessment and business psychologists who work with Joboxx or to whom Joboxx outsources or entrusts certain (sub-) assignments;
  • Service providers specialized in legal affairs, employment law, social security, taxation and migration;
  • Government agencies such as the National Social Security, Inspection;
  • Court bailiffs;
  • Judicial bodies;
  • Accountants or bookkeepers;
  • ICT service providers.

The Personal Data of the Data Subject will in principle not be transferred to a country that is not part of the European Economic Area *.

Joboxx processes this personal data in accordance with the purposes mentioned in Article 'Data processing'. Only the employees within the Joboxx organization, who need these personal details in execution of their job, will be able to consult them.

When organizing events, Joboxx can pass on the personal data (such as name and first name) to external parties that organize the events, for purely organizational reasons and in the context of security.

How long are the personal data stored?

The data controller will keep the Personal Data of the Data Subject:

  • As long as necessary to achieve the goals as described in article Data processing;
  • As long as necessary for the realization of the application and recruitment process;
  • As long as necessary to remove the personal data after the retention periods provided for by the regulations have expired;
  • As long as necessary to comply with obligations arising from a legal text, other regulations or contracts concluded by Joboxx, or imposed by a government.

What rights can the person concerned exercise?

Right of objection

If personal data are processed on the basis of the data subject's consent (see point 'to whom does this policy apply?'), The Data Subject can withdraw this consent at any time.

If the Data Subject wishes to exercise one or more of the rights listed below, he / she must contact the Joboxx data protection officer via the contact details stated in Article 'The controller, the data protection officer and the processor'. The Data Subject must be aware that the withdrawal of consent will usually result in the Data Subject being unable to remain registered as User and his account will be withdrawn and deleted.

In addition, the Data Subject may submit a complaint to the supervisory authority at any time if Joboxx does not comply with its rights as set out below. In Belgium this has been the Data Protection Authority (formerly the Commission for the protection of privacy, better known as the Privacy Commission) since 25 May 2018: see https://www.gegevensbeschermingsautoriteit.be/

Right of inspection

The Data Subject has the right to obtain from Joboxx information about whether or not to process personal data concerning him / her and to obtain access to the personal data and the following information if necessary:

  • the processing purposes;
  • the relevant categories of personal data;
  • the recipients or categories of recipients to whom personal data are provided;
  • if possible, the period during which the personal data are expected to be stored, or if not possible, the criteria for determining this period;
  • that the Data Subject has the right to request Joboxx that personal data be deleted or corrected, or that the processing is limited;
  • that the Data Subject has the right to submit a complaint to the Data Protection Authority;
  • all available data on the source of the data, in the event that the personal data are not collected from the Data Subject himself;
  • the existence, where appropriate, of a purely automated decision-making, including profiling and in the applicable cases, useful information on the underlying logic, the importance and the expected consequences of automated decision-making.

At the explicit request of the Data Subject, Joboxx will, within a reasonable period of time, provide as complete an overview as possible of the requested personal data and / or information above. The Data Subject has the right to obtain a copy of the requested information free of charge.

When the Data Subject submits his request electronically, Joboxx can provide the information electronically, for example by e-mail.

Joboxx guarantees that the Data Subject, through his / her account as registered User, has full access to his / her data and can change, modify, correct or delete this data at any time.

Right of improvement

The Data Subject has the right to remove or correct erroneous, inappropriate or outdated personal data. If the Data Subject is of the opinion that information that Joboxx has stored is incomplete, incorrect, inappropriate or out-of-date, he / she must contact Joboxx's data protection officer on the basis of the contact details stated in Article 4.

Joboxx guarantees that the Data Subject, through his / her account as registered User, has full access to his / her data and can change, modify, correct or delete this data at any time.

Right to erase data

The Data Subject has the right to obtain that certain personal details are deleted when one of the following applies:

  • the personal data are no longer necessary for the purposes under which they were collected or processed;
  • the data subject withdraws the permission on which the processing is based, and there is no other legal basis for the processing;
  • the Data Subject objects to the processing in accordance with this policy;
  • the personal data have been processed unlawfully;
  • the personal data must be deleted in order to comply with a legal obligation that rest on Joboxx.

Joboxx is obliged to delete personal data without unreasonable delay if one of the above cases applies.

Joboxx guarantees that the Data Subject, through his / her account as registered User, has full access to his / her data and can change, modify, correct or delete this data at any time.

Right to restriction of processing

The Data Subject has the right to obtain the limitation of the processing of his personal data in certain cases. The following conditions must apply:

  • If the stored personal data are not correct, during the period that Joboxx needs to check the correctness of the personal data and if necessary correct it;
  • the processing of personal data is unlawful and the data subject resists the erasure of the personal data and requests the restriction of their use;
  • Joboxx no longer needs the data for the processing purposes for which the data were stored, but in the context of legal proceedings, for the protection of natural or legal persons or for weighty reasons of general interest.

When the processing of the personal data is limited, Joboxx may continue to store personal data, but no personal data may be processed without prior consent of the Data Subject.

Joboxx guarantees that the Data Subject, through his / her account as registered User, has full access to his / her data and can change, modify, correct or delete this data at any time.

Right to transferability of personal data

Subject to the rights and freedoms of third parties and the restrictions provided for in the Regulation, the Data Subject has the right to obtain the personal data relating to him that he has provided to Joboxx in a structured, current and machine readable form. The Data Subject has the right to transfer this data to another controller or to request that the personal data be forwarded directly by Joboxx to another controller.

Refusing automated processing and decision making

Some data processing and processes are fully automated without human intervention. Joboxx does not exclude that it can use these automated individual decision-making processes in the processing of personal data, including profiling.

The Data Subject may object to the automated processing of his personal data if this processing affects him / her to a considerable extent.

Here the following exception applies, which must be assessed case by case:

  • the automated processing is permitted by a legal provision that applies to Joboxx and also provides for the necessary measures to protect the rights, freedoms and interests of the Data Subject.

The Data Subject also has the right to object to the processing of personal data that apply to him in the cases provided for by law or other regulatory texts.

The Data Subject can exercise these rights by submitting a request to or contacting the data protection officer at Joboxx, as mentioned earlier.

The data protection officer may take the necessary measures to verify the identity of the Data Subject who makes a request.

The Data Subject also has the right to submit a complaint to the supervisory authority. In Belgium this has been the Data Protection Authority (formerly the Commission for the protection of privacy, better known as the Privacy Commission) since 25 May 2018: see https://www.gegevensbeschermingsautoriteit.be/ 

Obligations of the processor

Compliance with legislation

With respect to the processing operations referred to in Article 'Data processing', the Processor shall ensure compliance with the applicable legislation and regulations, including in any case the European General Data Protection Regulation (GDPR).

The obligations of the Processor arising from this agreement also apply to persons who process personal data under the authority or on behalf of the Processor: employees, consultants and subcontractors, in the broad sense of the word.

Security

  1. The Processor undertakes and guarantees that it will take appropriate technical and organizational measures to protect the personal data and its processing against loss or against any form of unlawful processing (such as: unauthorized access, modification or falsification of the personal data. , disseminating the data) (see Article 10).
  2. If the Processing Manager or a third party establishes that no or insufficient technical and organizational measures have been taken, the Processor will make the necessary efforts to bring the measures to a level that is appropriate, taking into account the state of the art, the sensitivity of the personal data and the costs involved in taking the measures.
  3. When and if required by law, the Processor will appoint a Data Protection Officer (DPO) within the framework of the European Privacy Regulations (GDPR).

Reporting duty

  1. The Processor will actively monitor infringements and as soon as it is established that a personal data breach has occurred, the Processor will inform the Processing Officer immediately, and in any case within the statutory period.
  2. A "personal data breach" means, inter alia, the following:
  • Any unauthorized access, processing, deletion, forgery, loss or any other form of unlawful processing of personal data;
  • Any breach of the security, integrity and / or confidentiality of the data and any other breach, leading (or possibly leading) to unintentional or unlawful destruction, loss, modification, unauthorized disclosure of or access to the personal data, or any indication that such an infringement has taken place.
  1. In the event of an infringement, the Processor will provide the Processing Officer with at least the following information:
  • What is the (alleged) cause of the infringement;
  • The nature of the infringement in relation to personal data;
  • What is the (as yet known and / or expected) consequence of the infringement;
  • The indication of the categories of data subjects concerned and the number of data subjects to which the infringement relates;
  • The (proposed) measures that the Processor has taken and will take to deal with the infringement and / or to limit the adverse consequences thereof;
  1. The Processer shall at all times cooperate with the Processing Officer, with the aim of enabling the Processing Officer to carry out a proper investigation into the breach, take corrective measures and take appropriate follow-up steps with respect to the infringement.
  2. The Processor will also keep the Processing Officer informed of any new developments concerning the infringement and of the measures that the Processor will take to limit the consequences of the incident and prevent repetition.
  3. The Processor documents all breaches in connection with the personal data supplied by the Processing Officer and the Processor will make this available at the request of the Processing Officer.

What security measures are taken?

Since very personal and business confidential information is used and processed, Joboxx guarantees the confidentiality, integrity and availability of this information at all times. Joboxx maintains a high level of security for processing and data that is processed and stored.

The most important principles that Joboxx applies are:

  1. Definition of roles and responsibilities for information security to ensure that all security activities are carried out.
  2. All required documentation, such as policies, standards, procedures and guidelines, is in place to support security. That documentation is regularly revised.
  3. Joboxx uses a risk-based approach to identify the necessary technical and other security controls. This ensures that the right priorities are determined and that only efficient and effective security controls are selected and implemented.
  4. Joboxx undertakes to ensure that employees throughout the organization are aware of the importance of information security and data protection and integrate this through regular training and exercises.
  5. Joboxx has identity and access controls to protect information against unauthorized access, changes or deletion, whether intentional or unintentional.
  6. Joboxx has introduced physical checks to ensure fire and theft prevention and access control for its buildings.
  7. Cyber ​​Protection Controls were installed. The applications and technology platforms are designed, configured, maintained and evaluated based on recognized security criteria, such as Vulnerabilities and threats are monitored permanently.
  8. There was one business continuityprogram installed to ensure continuity in case of malfunctions or disasters and to restore the business processes. During the activation of this program, the information security principles remain in effect.
  9. The information security policy and its implementation are regularly assessed

* If personal data can be transferred to a country outside the EEA, an Annex on additional obligations in case of transfer to a third country or an international organization is required.