Last amendment: 8 August 2023
1. Privacy Mission and Vision
Our Mission: Enable 5CA to navigate a dynamic future in privacy through transparent, ethical, and innovative
uses of personal data. 5CA Privacy Team is a division of the 5CA Legal and Compliance department. We strive to be a
valued partner and advisor to 5CA community by providing guidance and training on privacy laws, policies, and best
Long Term Goals:
- Promulgate privacy by design,
- Build trust as a data steward,
- Manage privacy risk proactively and pragmatically,
- Advocate for the innovative and ethical use of data,
- Be a recognized leader in data privacy.
2. Who are we? Introduction
5CA, whether permanent or temporary and includes freelancers, interns, contractors (“Candidate”) and anyone who visits
this Website (“Website Visitor”) jointly referred to as “you”, “your”, “yours”.
EK Utrecht and its affiliates and entities that in the later stage of the recruitment, enter into a contractual
relationship with you (“5CA”, “5CA Group” “we”, “us”, “our”). In this regard, further internal policies and notices will
be shared with Candidates and will apply as per the stage of recruitment and the role at 5CA.
“Personal data” means any information relating to an identified or identifiable natural person. For example, we may
collect your first, last name and email address which is your personal data as a Candidate.
This also means that from the moment of the collection of your personal data, you are a “Data subject” in the meaning of
Privacy Law that applies to you.
5CA places foremost importance on any operation or set of operations performed on personal data or on sets of personal
data, whether by automated means. This is, for example, the collection, use, recording, disclosure, maintenance,
organisation, storage, and deletion of your personal data (“Processing”).
data protection and privacy legislation that applies depending on which country or region you apply, contact us, or
visit our website (“Privacy Law”).
5CA processes your personal data per general privacy principles of lawfulness, fairness, transparency, purpose
limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability that
arise from the GDPR and similar privacy principles that come from the applicable Privacy law.
3. Which personal data do we collect and why?
We will process personal data for the purposes as stated below:
|Data Subject||Personal data||Purpose||Legal ground|
||Depending on used Cookies:
You can freely customize your data per use/purpose via our Cookie settings by clicking the cookie icon
||Performance of a contract and consent if you voluntarily provide sensitive personal data.|
||Legitimate Interest or if necessary for a legal obligation.|
||Legitimate interest and consent (if sensitive personal data collected).|
||Performance of a contract and if necessary for a legal obligation.|
4. Legal basis
We may process your personal data as stated above to perform necessary precontractual activities to sign the contract
between Candidate and 5CA. In such a case, we must process Candidate’s personal data to fulfill the contract (Art.
6(1)(b) GDPR). If the opposite is the case, it will not be possible for you and us to perform the necessary
precontractual activities to hire the Candidate.
Based on Article 6(1)(f) of the GDPR, we may process your personal data for the legitimate interests of 5CA which are
the background checks (excluding the background checks needed by local laws applicable to Candidate) and the necessary
assessments of your eligibility per Candidate’s position. Failure to process this data constitutes the impossibility to
proceed with your application. You have the right to object under Article 21 of the GDPR.
Based on Article 6(1)(a) of the GDPR, we may process your personal data based on prior, freely given, informed,
unambiguous and specific consent. You are free to provide your consent and have the right to withdraw it at any time.
Right to withdraw consent
You can withdraw your consent at any time by sending a request to email@example.com. If you change your decision, it will
not affect the lawfulness of processing your personal data based on consent before its withdrawal. This means we will
not further process your personal data from the moment of withdrawal, but the processing activities performed beforehand
will still be legitimate.
Necessary for a legal obligation
To comply with our legal obligations, 5CA may process your personal data for such purposes in particular, in case your
personal data are subject to a conflict to which we are a party, we might need to process and disclose your personal
data to authorities and persons we require to use our right to defence such as attorneys, experts and courts. We may
process your personal data to fulfil these legal liabilities and to use our right to defence. We also use this legal
ground to process your personal data at the end of the application process where additional details and documents are
needed to start and proceed with the onboarding process.
5. Retention Periods
5CA gives utmost importance on not keeping your personal data longer than necessary. To ensure that personal data is
kept for no longer than necessary, we apply retention periods concerning the category, sensitivity and the purpose of
personal data processed. This also depends on the stage of your recruitment, in particular, when you are rejected or
accepted, consent you have given to 5CA, as well as 5CA’s legitimate interests and legal obligations of local affiliates
and subsidiaries. When you accept the job offer, the retention periods will correspond to the contract you will sign,
Where technically possible we set automated retention periods so after a reasonable period your personal data will be
anonymized or deleted. The established retention periods are reviewed and updated regularly
6. Sharing personal data with third parties
Personal data of Candidates is provided to parties that assist 5CA in the recruitment process and to 5CA affiliates and
subsidiaries for which Candidate will perform future’s contractual activities. The parties that assist 5CA in the
recruitment process are the Recruitment Management Platform vendor used to centrally manage your application process and
the parties that assist in performing eligibility, language, skills assessments, and other types of necessary checks per
certain role. When Candidate contacts us via recruitment platforms such as LinkedIn or email, the providers of those
platforms will process personal data as per activities via the registered account on such platforms. Data of Website
Visitors (if it constitutes personal data) is hosted by our website hosting provider and processed as per Section 9. All
the above-mentioned parties use their own systems and vendors to support performing the service for the purposes listed
7. Data transfers, storage, and processing globally
Most of the parties provided in Section 6 are located in the European Economic Area (“EEA”), in particular – in the
Netherlands) and some may be located outside of the European Economic Area, for example, in United States, United
Kingdom, Argentina, Uruguay, Hong Kong, South Africa, Ukraine, Philippines, Turkey. This will also depend on which of
our affiliate or subsidiary you apply to. Where your personal data is stored outside the EEA, and when such a country
does not have any binding adequacy decisions from the European Commission (such decisions guarantee your data is safely
sent outside EEA), we will ensure an appropriate level of protection for the data transferred by providing adequate
contractual (such as Standard Contractual Clauses), organizational and technical safeguards (jointly referred to as
“adequate safeguards”). We also require vendors to act appropriately to protect the confidentiality and security
of personal data, especially for your personal data processed outside EEA. You can ask for a copy of such adequate
safeguards via firstname.lastname@example.org.
8. How do we protect your information?
We have implemented commercially reasonable technical, organizational and security measures designed to protect your
personal data. Ensuring the security of your personal data is particularly important to us, which is why we have taken
different technical and organizational measures to ensure this. In particular:
- We use regular prevention, detection, and response systems to scan and mitigate potential vulnerabilities and
reduce security risks,
- Your personal data is contained behind secured networks and is only accessible by a limited number of your
recruiters, hiring managers, maintenance, and security teams on a need-to-know basis and who are required to
keep the information confidential as per Zero Trust approach. In addition, the information is encrypted with
Secure Socket Layer (SSL) technology,
- We implement a variety of security measures when you enter, submit, or access your information to maintain the
safety of your personal data.
As the security of information depends in part on the security of the computer, device, or network you use to
communicate with us and the security you use to protect your user IDs and passwords, please make sure to respond
appropriately to protect the information you send us as well.
9. Which cookies do we use?
Cookies and similar tracking technologies, such as beacons, scripts, web beacons and tags (which together we refer to as
“cookies”), are small bits of text, usually stored on a user’s computer hard drive or within a browser. They
enable this Website and/or other websites which can recognise a cookie to remember information about the user’s visit to
Cookies are used to make the Website work, or work more efficiently, and to provide information to the Website’s
Such information may be used to provide a more personalized and responsive service. Cookies may be either first-party
cookies set directly by us to your device, or third-party cookies set by a third-party provider on our behalf. When you
use this Website, information may be collected through cookies and other technologies.
10. Your privacy rights
- If you believe that your data protection rights may have been breached, you have the right to lodge a complaint
with the applicable supervisory authority or to seek a remedy through the courts,
- You have the right to object to profiling (if such is part of our activities),
- You have the right to object, to or to request restriction, of the processing,
- You have the right to request that we rectify any personal data.
- You also have a right to request certain details of the basis on which your personal data is transferred outside
the European Economic Area and adequate safeguards we use for these data transfers,
- You have the right to data portability as to request that some of your personal data is provided to you, or
another data controller, in a commonly used, machine-readable format,
- You have the right to request the erasure of your personal data when such personal data is no longer necessary
for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully
processed. However, please keep in mind that we may not delete all your personal data as we may still need to
keep it for our legitimate purposes such as establishment, exercise and defence of legal claims,
- You have a right to access personal data held as to request a copy of the personal data that we hold about you.
There are exceptions to this right, so that access may be denied if, for example, it does infringe upon the
rights and freedom of others or if we are legally prevented from disclosing such information,
- You have the right to withdraw your consent: If you have provided your consent to the collection, processing,
and transfer of your personal data, you have the right to withdraw your consent fully or partly. Once we have
received notification that you have withdrawn your consent, we will no longer process your information for the
purpose(s) to which you originally consented. This means we will not further process your personal data from the
moment of withdrawal, but the processing activities performed beforehand will still be legitimate.
You can exercise your rights by submitting a request to email@example.com
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request
promptly in accordance with applicable law or inform you if we require further information to fulfil your request. When
processing your request, we may ask you for additional information to confirm or verify your identity and for security
purposes before processing and/or honouring your request. We reserve the right to charge a fee where permitted by law,
for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely
affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if
we are legally entitled to deal with your request in a different way than initially requested, we will address your
request to the maximum extent possible, all in accordance with applicable law.
privacy statement. You can track the changes by checking the data on the top of this page.
12. Contact information
You are welcome to contact the Privacy Team (firstname.lastname@example.org) for any questions, comments, and requests regarding this