Vrouw op kantoor

PRIVACY POLICY

In order to fulfill our duties as a grid operator and accelerator of the energy transition, we cannot avoid using personal data. At the same time, everyone has the right to privacy. That is why we handle personal data carefully and with integrity, and we are open and honest about what we do with your data. In this privacy policy, you can read exactly what personal data we collect from applicants and how we use them.

This privacy policy was last updated on May 16, 2018.

Legal obligation

We consider the confidential treatment of your data important not only from moral considerations, but also because the processing of personal data complies with privacy legislation. As a processor of personal data from applicants, we must comply with the rules of the General Data Protection Regulation (GDPR). This regulation is the Dutch version of the European regulation 'General Data Protection Regulation' (GDPR). The GDPR has been in effect for the entire European Union (EU) since May 25, 2018.

Who is this for?

This privacy policy applies to individuals who have provided personal information to Enexis Personeel B.V. as part of a recruitment and selection procedure. The Enexis website provides links to some other organizations. These organizations are not covered by this privacy policy. They regulate how they handle personal data themselves.

Personal data

According to the General Data Protection Regulation, personal data includes all data relating to an "identified or identifiable natural person." So in this case, it refers to you as an applicant. Examples of personal data include the combination of name and date of birth, contact information, a passport photo, email address, phone number, education, and license plate number. Additionally, the law recognizes special categories of personal data. This refers to extra sensitive information that requires additional protection, such as your social security number, payment details, health or medical information.

How do we collect information?

During a job application process, we collect data from applicants in the following ways:

  • Through interviews, phone calls, or emails;
  • By means of forms and/or attached CVs; and
  • Through our career website www.werkenbij.enexis.nl.

Additionally, we may review business social media platforms, such as your LinkedIn profile. If relevant to a specific position, we may also review candidates' publications on private social media platforms, such as Facebook, Instagram, and Twitter.

Why can't we do without it?

The personal data you provide us as an applicant is solely used to enable a responsible and efficient recruitment and selection process. For example, to:

  • Assess to what extent you meet the desired profile;
  • Inform you about our recruitment and selection procedures;
  • Contact you;
  • Schedule job interviews;
  • Conduct targeted testing; or
  • Inform you about other relevant job vacancies.

Above, you can see an overview of our processes for recording personal data from applicants along with their respective purposes.

Overzicht vastleggen persoonsgegevens

What data do we record?

When you apply to us (for a job opening or on your own initiative), we carefully record only those personal data that are relevant to your application. We update this data when necessary, in full compliance with legal requirements. This can be done on our own initiative or at your request.

Examples of data we record from candidates include:

  • Contact information;
  • Educational information; and
  • Employment history.

During the job application process, we may also ask if you would like to create a short video pitch, which we will add to your file. If it is relevant to your position, an assessment may also be part of the selection process.

Sensitive information

We will not ask for sensitive information about you, such as information about your ethnic background, political preference, religious or philosophical beliefs, union membership, health, or sexual orientation. If such information is required under exceptional circumstances, we will always ask for your written consent to register it.

If you voluntarily share sensitive information with us, it is at your own discretion. Unfortunately, it is not always possible to prevent this information from resurfacing later in the process.

Optimal protection

In line with the General Data Protection Regulation, we protect your personal data through the following step-by-step approach:

1. Purposeful use

Only when necessary
We process no more personal data than necessary for the execution of our recruitment and selection activities. The data processing register specifies the types of personal data registered in our systems. We also periodically assess whether a valid legal basis still exists for processing personal data based on this register. Additionally, we evaluate whether the data is genuinely necessary for the purpose of processing. If they are not, we cease processing them.

During a selection process, we may request references from a former employer or educational institution. However, we do this only with your consent. Your personal data will never be made public without your permission. Lastly, you can trust that we do not provide your data to third parties for commercial purposes.

Retention for no longer than necessary
We do not retain personal data for longer than necessary for the execution of the recruitment and selection process. If you are not hired but we anticipate the possibility of a suitable position for you in the future, we may retain your data for a longer period. We always request your consent for this purpose.

At Enexis, we respect the legal retention periods. Unless otherwise specified by legislation, candidate data is retained for a maximum of 1 year after the completion of the procedure. After the retention period, we will destroy your personal data.

2. Secure storage

We store personal data in a secure location and take all necessary organizational and technical security measures to prevent loss, misuse, and unauthorized access to personal data.

Digital
For each application, we establish an appropriate level of security in line with the Information Security Policy.

Physical
To prevent unauthorized access to our internal systems, we manage access to our offices. Additionally, where necessary, paper archives in our offices are secured.

3. Authorized access only

Only authorized individuals and approved parties have access to locations where personal data is stored.

Access control for employees
Only employees who require personal data to perform recruitment and selection activities have access to them. They may process this data only if necessary. Access permissions and user profiles define who can access which data and for what purpose. We periodically review the currency of these authorizations.

Sharing data with other organizations
We use your personal data solely for recruitment and selection activities. We may use them across the entire Enexis group. This may involve sharing your data with one of our subsidiaries if we believe you could be of value to them. Third parties do not have access to your data; we ensure this. If access is necessary, we establish clear agreements.

For example, our IT infrastructure is outsourced to third parties. As a result, candidate data resides on their servers. To ensure the confidential handling of personal data, we have entered into data processing agreements with these companies. These agreements stipulate how a third party should handle Enexis' personal data to which they have access.

We may also use recruitment agencies, brokers, or staffing agencies. Additionally, we may engage an external agency to conduct an assessment. They have access to your personal data from us. However, we clearly define with them how they should handle this data to ensure your privacy.

Furthermore, government agencies or entities with a legal task may request information from us that we are obligated to share.

Geographic protection
As Enexis collaborates with parties in the United States and India, data processing takes place in these countries. These processes comply with European privacy rules. The service provider must guarantee and demonstrate compliance with these rules. We establish contractual agreements regarding this.

4. Confidentiality

Everyone at Enexis who has access to applicants' personal data must handle it carefully and is bound by the confidentiality declaration, compliance protocol, and code of conduct of Enexis. The confidentiality declaration and compliance protocol containagreements we have made with our employees regarding the handling of confidential information. The code of conduct includes guidelines on data confidentiality, privacy, and compliance.

Finally, we always make written agreements with external parties regarding the handling of personal data.

5. Your rights

As an applicant at Enexis, you have the right to access, rectify, supplement, and delete the personal data processed by us. You can submit a request for this to recruitment@enexis.nl. We will always respond to your request within four weeks.

Right to access
If you request access, we will show you which data we have recorded about you, how we obtained it, who receives it, and for what purposes we use it.

Right to rectification and supplementation
If personal data is incorrect or incomplete, you have the right to have it corrected or supplemented.

Right to erasure
If your personal data is no longer needed for the purpose for which it was collected, you can request its deletion. However, if we are legally obligated to retain your data, this may not be possible.

Right to data portability
Upon your request, we must transfer all personal data we have about you to you or an organization of your choice. There are certain limitations set forth in the legislation. We will cooperate with this transfer to the extent possible.

Questions?

You can contact recruitment@enexis.nl with any questions about how we handle your personal data.

Data Protection Officer
If they cannot answer your question sufficiently or if you are looking for an expert who can mediate between you and Enexis, for example, if you believe that we have handled your personal data improperly or if you have requested access to or correction of your personal data but are not satisfied with our response, you can contact the Data Protection Officer (DPO). The DPO oversees the application and compliance of the General Data Protection Regulation by Enexis. The DPO can be reached via email at fg@enexis.nl.

Dutch Data Protection Authority
If you are unable to resolve the issue with the DPO, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This organization oversees compliance with the legal rules for the protection of personal data. Enexis, like all organizations processing personal data, falls under the supervision of the Dutch Data Protection Authority. You can find information on how to contact the Dutch Data Protection Authority at https://autoriteitpersoonsgegevens.nl. Fortunately, this is rarely necessary as we will always strive to find a satisfactory solution together.

Use of cookies

When providing our services, we use temporary cookies. These are simple, small files that are stored on your computer's hard drive. We do not collect personal data through these cookies. We only use them to make it easier for you to use our website. We also use a cookie that allows our website to recognize you. This cookie enables us to customize our site for you.

Prefer not to use cookies?

No problem. You can disable the use of cookies in your browser. You can still visit our website.

Want to know more?

Detailed information about our cookie policy can be found at: https://www.enexisgroep.nl/privacy/cookiebeleid/.

Changes

While the main principles will remain unchanged, we may make changes to this privacy statement in accordance with privacy legislation. Please check it occasionally to stay informed about our privacy policy