PRIVACY STATEMENT
1. Introduction
Top of Minds B.V. (including each of the Top of Minds entities and branches listed at the bottom of this section) (Top of Minds or we) values and respects the privacy of our customers, candidates and business partners and strives to protect the privacy and confidentiality of personal data that is processed by Top of Minds in connection with the services we provide to our clients and candidates. Top of Minds will process your personal data carefully and always in accordance with applicable laws and regulations.
This privacy statement describes how we use your personal data in our operations (as a controller). We collect, use, share and process personal data that are necessary for the purposes mentioned in this privacy statement or that are legally permitted.
In this privacy statement we use a number of terms that have a specific meaning under the applicable privacy rules (such as ‘personal data’ or ‘controller’). Chapter 4 of this privacy statement contains an overview of these defined terms.
Top of Minds has appointed a data protection officer (data protection officer, DPO). Do not hesitate to contact our DPO if you have questions about the processing of personal data by Top of Minds. If you contact us, you will receive a response within one month at the latest.
Name: Martijn van Wingen
E-mail: privacy@topofminds.com
Regular mail:
Top of Minds B.V.
Attn. Martijn van Wingen
Prins Hendriklaan 56
1075 BE Amsterdam
2. What do we do with your personal data?
What are personal data?
Personal data are all data relating to an identified or identifiable natural person, such as a name, address, e-mail addresses and e-mails, or a copy of a passport, but also financial data or copies of e-mails and contracts, under the condition that such data relates to a natural person.
What personal data do we collect and process about you?
-
-
-
- Your contact details and CV ► including your name, address (and proof of address), gender, date of birth, education, work experience, e-mail address, telephone details, nationality, resume and any other information you have provided (such as when you add your own photo to your resume). Under certain circumstances we also ask you to provide salary details.
- Potentially interesting vacancies ► vacancies that you have responded to or for which we have taken you into consideration and have approached them.
-
-
- Conversation notes and correspondence ► personal reports about contact moments (via telephone or face to face interviews) and email correspondence with you.
What is our legal basis for the processing of your personal data?
Top of Minds only processes your personal data for legitimate purposes. Moreover, the use of your personal data will always be justified on the basis of one or more of the legal “processing grounds” included in the GDPR.
The summary below contains a brief explanation of the different legal processing grounds under the GDPR on the basis of which Top of Minds uses your personal data.
Execution of an agreement: Top of Minds needs your personal data to enter into an agreement with you and / or deliver our services to you.
Legitimate interests: Top of Minds uses your personal data to represent a legitimate interest and our reasons for using your personal data outweigh the disadvantage of your right to protection of personal data.
Legal claims: your personal data are required for Top of Minds to defend you, us or a third party, or to initiate a claim against.
Our legal obligations: we are required to process your personal data according to a legal obligation, mainly as a result of our status as a regulated financial institution.
Consent: you have consented to the use of your personal data (in which case you have received a (digital) consent form relating to such use. You can withdraw your consent at any time by sending a notification to our DPO).
For what purposes does Top of Minds collect your personal data and on which processing grounds do we trust for their use?
In this section we describe the purposes for which Top of Minds processes the different categories of personal data that we collect. For each processing purpose we have included the applicable processing grounds on the basis of which we justify the use of your personal data:
-
-
- To assess your application for a specific job ► At the moment we receive your application for a specific vacancy or your interest in an open discussion about possible career options, we will use your personal data to assess your suitability for this position and other functions.
-
- Processing ground(s): our service to candidates (execution agreement), explicit consent (you can choose to have your data removed from our database at any time)
-
-
- In order to be able to offer you suitable functions in the future ► Your profile (including your personal data) will also be processed and we will keep you constantly informed about possible suitable functions via email, telephone, newsletters, and social media.
-
- Processing ground(s): our service to candidates (execution agreement), explicit consent (you can choose to have your data removed from our database at any time)
-
-
-
- For the benefit of our services to our clients ► Top of Minds needs personal information from clients for the execution of our agreement(s) with them. This includes the use of your personal data to ensure that Top of Minds can deliver its services to its clients.
-
-
- Processing ground(s): (preparation of) the execution of an agreement, legal obligations, legitimate interests (to allow us to provide our services and to share personal data between different Top of Minds entities, if applicable).
-
-
-
- For marketing purposes ► we may use your personal data to contact you by e-mail (for marketing purposes). You can unsubscribe from this marketing communication at any time. We will only bring our own products and services to your attention and will not provide your contact information for this purpose to third parties (with the exception of third parties who process personal data on our behalf, such as social media platforms).
- Processing ground(s): legitimate interests (to enable us to promote our financial services and products), and explicit consent (see our cookie statement in this context, you can withdraw this permission at any time).
- To defend our legitimate interests and change our corporate structure ► Top of Minds may share your personal data in connection with legal proceedings or investigations with third parties, such as government agencies and litigating third parties (these third parties are in that case not controllers on behalf of Top of Minds and process personal data for their own purposes). We may also provide your personal data to potential buyers of, or investors in, any part of Top of Minds’ activities in the context of a purchase or investment.
- For marketing purposes ► we may use your personal data to contact you by e-mail (for marketing purposes). You can unsubscribe from this marketing communication at any time. We will only bring our own products and services to your attention and will not provide your contact information for this purpose to third parties (with the exception of third parties who process personal data on our behalf, such as social media platforms).
-
-
- Processing ground(s): legal obligations, legal claims, our legitimate interests (allowing us to cooperate with law enforcement agencies and regulators and to allow Top of Minds to change its activities).
How long are personal data stored?
Our retention periods for personal data are based on our business needs and legal requirements. We retain personal data as long as necessary for the processing purposes for which the personal data have been collected and all other permitted related purposes. For example, we store certain transaction data and correspondence until the limitation period for claims arising from the transaction has expired or to comply with statutory retention obligations that apply to such data. When we no longer need personal data, we will irreversibly anonymize the data or destroy the data in a safe manner.
Where do we get your personal data from?
We collect personal data directly from you or via publicly accessible sources (such as LinkedIn).
Where do we store your personal data?
We store your personal data on IT systems located in the Netherlands and the United Kingdom. All IT service providers act as processors on behalf of Top of Minds.
How does Top of Minds protect my personal data?
Top of Minds and its IT service providers have implemented appropriate technical and organizational measures to secure the processing of personal data. These precautions depend on the sensitivity, format, location, quantity, distribution and storage of personal data, and include measures to protect personal data against unauthorized access. Where applicable, these measures include the encryption of communications over SSL, encryption of information during storage, firewalls, access controls, separation of tasks, and similar security protocols. We restrict access to personal information to staff and third parties who need access to such information for legitimate and relevant business purposes.
All our employees, contractors and third parties who have access to your personal data and act on the instructions of Top of Minds are obliged to maintain confidentiality and we use access controls to restrict access to your personal data to persons who need such access for the execution of their responsibilities and tasks.
Top of Minds has implemented an information security policy and its security policies and systems are regularly monitored. Top of Minds takes the security of its IT infrastructure very seriously.
Do we share your personal data?
Top of Minds has engaged several processors to process your personal data on our behalf, including social media platforms for marketing purposes, IT service providers, and other service providers.
Changes to this privacy statement
Top of Minds is authorized to amend this privacy statement in the interim. The most recent version of the privacy statement will be available at all times on the Top of Minds website.
- What are your rights?
Under the GDPR you have certain rights with regard to your personal data. These rights are listed below. Questions about the privacy statement of Top of Minds must first be addressed to our DPO.
Please note that certain exceptions apply to the exercise of these rights and so you may not be able to exercise certain rights in all situations:
-
-
- Right of access: You have the right to access your personal data and can generally access all personal data that we have from you within one month of your request to Top of Minds.
- Correction: You can request us to correct inaccuracies in your personal data.
- Deletion: You may request us to delete personal data under certain circumstances. In that case, we will take reasonable steps to inform other processors who process the personal data on our behalf that you have requested the removal of links to, and copies or replicas of your personal data.
- Limiting processing: You may, under certain circumstances, request us to limit the processing of personal data, for example if the accuracy of your personal data is disputed by you.
- Transferability: You may request us to obtain the personal data that you have provided to us that we keep in a structured, current and machine-readable form, for example to send it to a third party.
- Submitting a complaint: You can submit a complaint about the processing of your personal data by Top of Minds to the supervisory authority in your country (in the Netherlands, for example, this is the Dutch Data Protection Authority).
-
These rights are subject to certain exceptions to protect the public interest (for example the prevention or detection of crime) and our interests. We will respond to most requests within a 30-day period.
- Some legal conditions
According to applicable privacy legislation (including, but not limited to, the GDPR), the terms below have a defined meaning as set out in the summary below.:
GDPR
The European General Data Protection Regulation (EU) No. 2016/679. The GDPR applies from 25 May 2018 in all EU Member States.
Personal data
Any information about an identified or identifiable natural person (“the data subject”); an identifiable natural person who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Processing of personal data
An operation or a set of operations relating to personal data or a set of personal data, whether or not carried out via automated processes, such as collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, providing by means of transmission, distribution or otherwise made available, align or combine, protect, delete or destroy data.
Controller
A natural or legal person, a government agency, a service or any other body that, alone or jointly with others, determines the purpose and means of the processing of personal data; where the purposes and means of this processing are laid down in Union or Member State law, it may specify who is the controller or according to which criteria it is designated.
Processor
A natural or legal person, a government agency, a service or another body that processes personal data on behalf of the controller.
Special categories of personal data
Personal data showing race or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, as well as genetic data, bio-metric data for the unique identification of a person, or data on health, data related to a person’s sexual behavior or sexual orientation are prohibited, or personal data concerning criminal convictions and offenses.