Privacy statement
Briddge Legal and Finance
Latest update: November 1, 2024
1. Introduction
This privacy statement describes how Briddge B.V. (Kabelweg 37, 1014 BA Amsterdam, the Netherlands) (also referred to as "Briddge", "we" or "us") will collect, use, and share your personal data as controller when you (or your company) become(s) our client, apply for a job vacancy, provide information through our website, and/or subscribe to our newsletter (“Privacy Statement”).
The processing activities carried out by Briddge in its capacity as a processor (Dutch payroll, international payroll and sick leave management services) do not fall within the scope of this Privacy Statement. Furthermore, this Privacy Statement does not cover the processing of your personal data when you are an employee or contractor of Briddge. Please contact us via the details set out in Section 8 if you would like to receive any further information about how we process Briddge employee data.
This policy also describes your data protection rights, including the right to object to some of the processing which Briddge carries out. More information about your rights, and how to exercise them, is set out in Section 5.
2. Personal data we collect about you
Personal data collected directly from you
We collect and process personal data about you when you request to receive advice or services from us or apply for a job vacancy, correspond with us by phone, email or via our website, or when you provide other information directly to us by any other (electronic) means.
|
Category |
Details |
|
Contact Information |
Your name, address, telephone number, date and place of birth, gender, nationality, marital status, employment history, tax status, job title and function, copies of identity documents, tax numbers, and other personal data concerning your preferences relevant to our services. |
|
Applicant Information
|
Name, address, email address, telephone number, date and place of birth, nationality, gender, employment details, marital status, CV and copies of identity documents (if an offer is made). |
|
Financial and Payment Data |
Your bank account and other data necessary for processing payments and fraud prevention, including your social security number, credit/debit card numbers, security code numbers, and other related billing information. |
|
Business Information |
Your information provided in the course of the contractual or client relationship between you or your organisation and Briddge, or otherwise voluntarily provided by you or your organisation. |
|
Information relevant to advice or other services |
Your information relevant to any advice or other services we have been asked to provide to our clients. |
|
Profile and Usage Data |
Your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites, including the services you viewed or searched for, page response times, download errors, length of visits and page interaction (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology, please check our cookies policy on our website. |
|
Technical Data |
Your information collected during your visits to our website, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology, please check our cookies policy on our website. |
Sensitive personal data
For certain services or activities, we process special categories of personal data (for instance when we carry out Know-Your-Client checks and provide Immigration (including information about minors) and Tax services, where we need to process government identification documents which may contain biometric data or data that may reveal racial or ethnic origin, or in the context of an audit of an organisation in the healthcare sector).
Personal data collected indirectly
Sometimes we also receive information about you indirectly through third-parties, such as your (former) employer(s), educational institutions, referees, and other relevant third-parties, or from publicly accessible sources, such as websites, social networks or commercial registers, such as the Dutch Chamber of Commerce (“Kamer van Koophandel”) in accordance with applicable legislations.
3. How do we use this information and what is the legal basis for this use?
We will only use this information and share your personal data with the third parties (data recipients) for the purposes and legal bases as set out below:
|
Purpose |
Categories of Personal Data |
Legal Basis |
Data Recipients (and location of servers) |
|
To respond to your inquiries via email, telephone, website, or any other electronic means. |
Contact Information |
We have a legitimate interest in responding to inquiries. |
Webbers Agency - website host - EU |
|
To register you as a client and to provide you with the advice or other services requested. |
Contact Information Financial and Payment Data Business Information Information relevant to advice or other services |
It is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We have a legitimate interest in processing your personal data to provide advice and other services to our clients (e.g. your employer). |
Microsoft – IT provider - EU CTAC – IT provider - EU Dutch tax authority (“Belastingdienst”) – EU Nextens – IT provider (for personal tax returns only) - EU Employee Insurance Agency (“UWV”) - EU Our business partners / local counsels - EU and Non-EU |
|
To manage our relationship with you. |
Contact Information Business Information |
We have a legitimate interest in managing our business and providing services to our clients. |
Microsoft– IT provider -EU CTAC – IT provider -EU |
|
To process payments, billing and collection. |
Contact Information Financial and Payment Data Business Information
|
It is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. We have a legitimate interest in processing your personal data to process payments, billing and collection. |
Microsoft– IT provider -EU CTAC – IT provider -EU |
|
To process applications for employment, including verifying information provided by you in accordance with applicable Dutch laws. |
Applicant Information |
It is necessary for us to process your personal data in order to take steps at your request prior to entering into a labour agreement with you. |
Microsoft– IT provider -EU CTAC – IT provider -EU
|
|
To improve our recruitment process
|
Applicant Information |
We have a legitimate interest in improving our recruitment processes by analysing your data and compare it to past recruitment processes. |
Microsoft– IT provider -EU CTAC – IT provider -EU
|
|
To keep in touch with you about further job vacancies if your application is unsuccessful. |
Applicant Information |
Your consent.
|
Microsoft– IT provider -EU CTAC – IT provider -EU
|
|
To send you direct marketing by email in relation to services provided by us. |
Contact Information Profile and Usage Data
|
Your consent. We have a legitimate interest in sending direct marketing by emails to our existing customers about similar services we provided to our clients. |
Microsoft– IT provider -EU CTAC – IT provider -EU
|
|
To manage and operate our website, including to keep it updated and relevant, to develop our business and to inform our marketing strategy. |
Profile and Usage Data Technical Data |
Your consent (non-essential cookies). We have a legitimate interest in managing an operating our website (essential cookies). |
Webbers Agency - website host - EU |
|
To carry out assessments for “Know-Your-Client” purposes in order to comply with applicable Dutch laws. |
Contact Information Financial and Payment Data Business Information |
We have a legal obligation under applicable Dutch laws. |
Microsoft– IT provider -EU CTAC – IT provider -EU |
|
To complete our financial reporting and disclosure obligations. |
Financial and Payment Data Business Information |
We have a legal obligation under applicable Dutch tax laws. |
Dutch tax authority (“Belastingdienst”) – EU |
|
To prevent, investigate and/or report security threats, fraud, terrorism, misrepresentation, or crime. |
Contact Information Financial and Payment Data Business Information |
We have a legal obligation under applicable Dutch laws. We have a legitimate interest in preventing and detecting, security threats, fraud or other criminal or malicious activities. |
Credit reference agencies, law enforcement and fraud prevention agencies (depending on the specific case). |
|
To sell or buy any business or assets. |
Contact Information Applicant Information Financial and Payment Data Business Information Profile and Usage Data Technical Data |
We have a legitimate interest in sharing your personal data with prospective sellers/buyers and legal advisors if we sell or buy any business or assets. |
Prospective seller or buyer and legal advisors (depending on the specific case). |
|
To establish, exercise or defend legal claims or to comply with orders or requests of relevant courts or regulators. |
Contact Information Applicant Information Financial and Payment Data Business Information Profile and Usage Data Technical Data |
We have a legitimate interest in processing your personal data to establish, exercise or defend a legal or equitable claim. We might also have a legal obligation under applicable Dutch laws. |
Courts, law enforcement authorities, regulators, government officials and legal advisors (depending on the specific case). |
When we process your Sensitive Personal Data while providing our services, our aim is to assist you and/or your organisation in establishing, exercising or defending your legal claims in accordance with Articles 9(2)(f) GDPR/22(2)(e) Dutch GDPR Implementation Act (“Uitvoeringswet Algemene verordening gegevensbescherming” - “UAVG”).
There are instances where we have a legitimate interest to process your personal data. Our legitimate interest will vary depending on what we are processing your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out.
Where we process personal data on the basis of a legitimate interest, we will carry out a balancing test to document our interests, to consider what the impact of the processing will be on you and to determine whether your interests or fundamental rights and freedoms outweigh our interests in the processing taking place. You can obtain information about this balancing test by contacting us via the contact details set out in Section 8.
4. Where we transfer your personal data
Due to the global nature of our business, your personal data will be disclosed to group companies, suppliers, vendors and other third-parties located outside of the European Union (“EU”) and the European Economic Area (“EEA”) which do not always provide the same level of data protection. These countries include where we have affiliates, sub-processors, or where your employer’s (head office) is located, including but not limited to the United States, Canada, United Kingdom, Switzerland, Japan, Republic of Korea, Australia, New Zealand and South Africa.
Where appropriate, we rely on various additional data protection measures in order to secure the transfer of your personal data such as adequacy decisions of the European Commission (read more here), such as those related to the United States of America (commercial organisations participating in the EU-US Data Privacy Framework), Canada (commercial organisations) the United Kingdom, Switzerland, Japan or the Republic of Korea and New Zealand, the Standard Contractual Clauses as issued by the European Commission (read more here) (in most cases we use module 2 – controller to processor) or the Binding Corporate Rules that some of our suppliers have adopted (read more here).
A copy of the relevant mechanism can be obtained for your review on request by contacting us via the contact details set out in Section 8.
5. Your choices and rights
You have the following rights:
|
Right |
Summary |
|
Access |
Enables you to receive a copy of your personal data. |
|
Rectification |
Enables you to correct any inaccurate or incomplete personal data we hold about you. |
|
Erasure |
Enables you to ask us to delete your personal data in certain circumstances. |
|
Restriction of processing |
Enables you to ask us to halt the processing of your personal data in certain circumstances. |
|
Object
|
Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), including processing for direct marketing purposes or profiling for purposes of direct marketing, your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us. |
|
Data portability |
Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible. |
Please note that the above rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you wish to exercise any of these rights, please contact us at the contact details set out in Section 8.
In cases where your employer is our client, we ask you to direct your initial request to exercise one or more of your rights as described below to your employer. If you do not receive a satisfactory response from your employer, feel free to contact us at the contact details set out in Section 8.
Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. We may however have other legal grounds for processing your data for other purposes, such as those set out above. When you are an existing customer, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the contact details set out in Section 8.
If you have unresolved concerns, you have the right to complain to the data protection authority in the country that you reside in or the country of your place of work or the country where the alleged infringement took place. Please find an overview of the data protection authorities within the EU here.
Where we collect personal data to enter into a contract with you or to comply with our legal obligations, this is mandatory and we will not be able to manage the relationship with you without this information. In all other cases, provision of the requested personal data is optional, but this may affect your ability to receive requested services, where the information is needed for those purposes.
6. How long we retain your personal data
We store information related to our clients up to two (2) years after the termination of our business relationship, unless we are legally required to keep the data longer. To comply with our obligations under Dutch tax law we are for instance required to retain relevant data for seven (7) years for Dutch tax purposes).
Information that we hold that is relevant for the establishment, exercise or defence of legal claims by or against us or our clients will be retained for five (5) years after the end of the original retention term. After this five-year period, we will evaluate whether this information is still necessary. We have implemented safeguards to ensure that the data is only accessible to a limited number of authorised persons on a need-to-know basis
Where we process personal data for application purposes, we process such data for up to four (4) weeks after the application process has ended. If we would like to store your personal data for a longer period, we will request you to consent to keeping your data for a maximum of one (1) year.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period of 30 days after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data that we can respect your request in the future.
If you would like to receive any further information about our data retention periods, please contact us via the details set out in Section 8.
7. Updates to this privacy statement
We reserve the right to update this privacy statement at any time and, in addition to posting the new privacy statement to our website, we will inform you when we make any substantial updates to our privacy statement. We may also notify you in other ways from time to time about the processing of your personal data.
8. Contact us
The data controller for your personal data is Briddge B.V.. If you have any questions about this privacy statement or wish to contact us for any reason in relation to our personal data processing, please contact us at gdpr@briddge.com.
Briddge B.V.
Kabelweg 37
1014 BA Amsterdam
The Netherlands
+31 (0)85 0187471
info@briddge.com
