Privacy statement Timing B.V.
Good to read
Timing aims to help flex workers find a job and connect employers to a suitable worker as quickly as possible. To do this, we need to process your information and/or personal data. In addition, we continuously optimize the application and matching process of our users. It is important to us to handle your information carefully, not only because it concerns your personal data and privacy, but because we believe there should be no ambiguity about this.
- Who are we
- What is personal data and other useful terms
- Why do we process your personal data
- What type of personal data do we process
- With whom do we share your data
- Legal basis for processing your data
- Your Timing account
- How long do we store your data
- Where do we store your data
- How do we keep your personal data safe
- Your Rights
- Contact and claims
- Cookie statement (see separate document)
1.Who are we
7311 BH Apeldoorn
2. What is personal data? And other useful terms
Personal data is any data that can directly or indirectly identify a user. This includes data such as name, address & postal code, BSN number, email addresses, but also technical carriers such as identification number (UserIds), IP addresses and online identifiers (cookie IDs).
Do you want to know more about what exactly personal data is? Please check out the Dutch Data Protection Authority definition of personal data and how that relates to you: https://autoriteitpersoonsgegevens.nl/nl/over-privacy/persoonsgegevens/wat-zijn-persoonsgegevens.
Other useful terms
Other useful terms that are mentioned within the privacy and cookie statements are further explained below.
Timing online platform
The timing online platform is the collective name for the entire website, app, and all owned channels that Timing operates in.
Jobseekers refers to any individual who is actively looking for an employment opportunity and who has applied to an employer via the Timing online platform.
A client of Timing is defined as any employer who wishes to publish their job vacancies via the Timing online platform.
Data Subject (any online visitors)
The natural person to whom the personal data relate. The data subject is the person whose data is being processed. In this document the data subject is referred to as any online visitor who visits the Timing online platform.
A person or organization that, alone or jointly with others, determines the purposes and means of the processing of personal data. In this document, Timing is referred to as the Data Controller.
The person or organization that processes personal data on behalf of and exclusively for the benefit of another person or organisation. In this document, this is referred to any partner or vendor that Timing has a direct contract with.
All information about an identified or (a directly or indirectly) identifiable natural person.
Sensitive personal data
Data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a person, data about health, sexual behaviour, or sexual orientation.
Processing of personal data
Processing includes everything that is 'done' with personal data, whether automated or not. You can think of recording, storing, consulting, retrieving, collecting, combining, providing to another, transfer, and destruction.
Dutch Data Protection Authority
The Dutch authority that is in charge with supervising the processing of personal data and compliance with laws and regulations regarding personal data.
Under GDPR consent is referred to as any free, specific, informed, and unambiguous expression of will with which you accept the processing of your personal data by means of a statement or an unambiguous active act. For users of the Timing online platform, consent is explicitly required to continue to our services. This consent is being gathered through the consent banner pop-up and can always be withdrawn.
3. Why do we process your personal data?
We only store and use your personal data for carefully determined purposes. In most cases we receive personal data from you because you use or want to use Timing’s services. To offer our services, data processing is necessary for the preparation or execution of our (online) services and help you as a customer. Your personal data is also processed to maintain a central customer administration, carry out marketing activities, to prevent and combat fraud, or use the data for risk management. In addition, we process your data in order to comply with our legal obligations. For non-necessary data processing activities where we place technical carriers to collect your personal data, such as cookies, scripts, and tags, we require your consent. These cookies allow Timing to track user activity on their online platform such as what pages were visited, how long a user stayed on a page, and what links were clicked. This data can be used to better understand customer behaviour and preferences, which can then be used to tailor content and offers to better meet customer needs. This permission is always requested from you via the consent banner. Please see our cookie statement on our website to read more about what type of data processing activities and cookies Timing use. Below you will find more information about the basis on which we process your personal data.
To combat fraud and manage risks
To protect your own safety, we process personal data for risk management and to prevent and combat fraud. We may exchange data within Timing and with other authorities in the case of investigation in connection with compliance claims.
When applying for a job
Our recruitment process is designed to help find the right job seekers to match with the right employers. We need to process your personal data to enable you to submit applications via the website/app and asses your skills and qualifications against the position applied for and/or other career opportunities. We also use your personal data to communicate with you about the recruitment process as well as preparing an offer.
We process your personal data:
- Applying for a job in our career on the Timing online platform and enabling you to submit applications via the career website and app;
- Assessing your skills, qualifications, and suitability to work against the position you applied for and/or other career opportunities;
- Asking you if you would like your details retained in our talent pool. If you agree, we will proactively contact you should any further suitable vacancies arise;
- Preparing an offer, if your application is successful;
- Complying with applicable laws and regulations we are subject to and cooperate with regulators and law enforcement bodies;
- Signing up for our career newsletters to receive the latest jobs and news right to your inbox;
- Interacting with us (for example, with our recruiters) for job opportunities.
For communication and email marketing
We process your personal data:
- To be able to communicate with you about the recruitment process;
- To help you get in contact with us or a potential employer as a customer.
- To keep you informed via our website, the Timing App, a letter or e-mail about new job vacancies and company changes.
- To learn if a user has opened an email, in what location and on what type of device. The data is collected via our email automation platform once you sign-up to our newsletter subscription.
To improve website and app performance and personalize online experience
We process your personal data:
- To improve website and app performance to fix bugs, improve user experience, and optimize your online experience for future visits.
- To analyse user online behaviour, in order to offer more personalized content, and saving personal settings.
- When someone registers on our website or app we collect that user information.
When someone has filled out a form or survey.
- For data analysis and for innovations that make use of data analysis, such as developing, this including A/B testing, applications to our processes and a range of services to better align with the wishes of our customers. We can use analyses to, among other things, create groups (profiles) of customers with the same characteristics or behaviour.
For marketing and social media purposes
We process your personal data:
- To offer you more personalized advertisements on other websites and platforms that match your interests.
- To communicate with you via social media platforms.
4. What type of personal data do we process?
Timing collects and processes data in a variety of ways in other to provide our users the best online experience. We process the following personal data for all website and app visitors, flex workers, job seekers, clients, and employers:
Applying and/or starting a new job
When you are applying for a job within Timing online platform we process the following personal data:
- Generic contact information such as full name, email address, phone number, country of residence, home address, other contact information;
- Data about your skills and qualifications, contained in CVs, cover letter or other documentation provided to us in your application (such as education history, work experience, transcripts);
- Data required to conduct background or employment checks, when allowed by applicable laws (such as documents to proof your identity or qualifications);
- Information on the type of employment you are or may be looking for, current and/or desired salary and other terms relating to compensation and benefits packages, willingness to relocate, or other job preferences;
- Data required to make a conditional offer of employment (such as bank details to process salary payments, emergency contact details to know who to contact in case you have an emergency at work).
Becoming a client
If you want to create a Timing account in your capacity as employer, we may also process the following data:
- Company name;
- Company address;
- Company e-mail address;
- Company phone number;
- Organization type;
- Job title/specialty;
- Customer account number
Visiting our website & App
When you visit the Timing online platform, we place cookies and other similar technologies (scripts, tags and SDKs) on your browser or device that help us to enable the technical and functional management of our websites (including ensuring information security). We do this to improve the design and performance of our websites and to better understand the visitor’s behaviour on our pages. These cookies and other similar technologies may collect data such as:
- IP address;
- Your operating system;
- Your browser type;
- Your device type (e.g. PC, smartphone).
Strictly necessary/functional cookies
Some cookies are always on when you visit our websites. We call these “strictly necessary cookies” as they are essential for our website and app to function correctly and provide the basic service requested by our online users. For example, we use these cookies to support login functions or ensure the right level of security on our online platform. These cookies are exempt from user consent as they collect no personal data and are strictly necessary for the business functionality of Timing online products and services.
We also use “functional cookies” to personalize your browsing experience to your specific preferences. For example, we use these cookies to remember user location, chosen language, or other settings to provide a personalized user experience. These cookies only collect anonymous aggregated data and don’t track browsing activity across other websites. Similar to strictly necessary cookies, these are always on as they don’t collect any personal data.
We use analytical cookies to gather aggregated statistical information on how our websites are performing and to improve their performance accordingly. You can switch these on or off at any time. We’ll only use them if you’ve agreed to consent. For example, we use these cookies to obtain a general view of how visitors use our websites (i.e. which web pages you visit most often, the number of visitors to the various part of a website) or to conduct user surveys on our website in general or on specific elements of our website.
Timing also uses profile cookies to make the Timing online platform match your personal preferences. We use your accumulated interest and profile (based on your surfing behaviour) to show you relevant vacancies and/or profiles and tips on the Timing online platform. These cookies are also used to perform tests to optimize and improve your online experience with us. To do this effectively we require your personal data, such as userID, IP addresses, cookieID etc. to remember your preferences and interests for future visits. This way we tailor content specifically to your interests and needs. Based on your surfing behaviour, we can, for example, personalise your experience and show you job vacancies that we think might suit you better based on your preference.
Marketing/social media cookies
Lastly, we use advertising and social media cookies to track your surfing behaviour on our website and show you personalized advertisements relevant to you and to your interests. Furthermore, if you gave us your consent to receive promotional communications, we will use the information gathered from these cookies to send you communications tailored to your preferences. These cookies may be placed by third parties and will be linked to site functionality provided by such third parties. Therefore, this will impact the content and messages you see on other websites you visit. You can switch these on or off at any time. We’ll only use them if you’ve agreed. For example, if you are reading an article about a job vacancy then we might show you ads on this vacancy on our or third-party’s website. The lawful basis we rely on to process your personal data in this context is your consent.
For more information on the specific cookies we use, please read our cookie statement. You can adjust your cookie settings at any time from our cookie consent tool.
5. With whom do we share your personal data with?
The data that Timing collects and uses is accessible to employees of Timing and its sister or subsidiary companies if they need that data in order to perform their duties.
Timing shares part of your personal data with clients where you work or may work.
Personal data is also shared with the tax authorities, UWV and others to which Timing is legally obliged. This also applies to bodies involved in monitoring compliance with the applicable collective labour agreement (SNA/SNCU/SFU).
In principle, there are no other parties that receive data, but it may happen that data has to be made available to external parties incidentally based on a legal obligation or a judicial dispute. In the context of a merger or acquisition or bankruptcy or suspension of payments, it may be necessary for third parties to gain access to the data or to make the data available.
Technology and business partners
We work with external service providers. For example, we develop Timing.nl and the Timing app with external service providers. We have concluded a processing agreement with these third parties, who carry out (part of) the processing on behalf of Timing, so-called processors. For example, we only work with parties that offer sufficient guarantees and take measures to ensure that the protection of your personal data is properly arranged. And that the processing of personal data is also in accordance with the applicable laws and regulations (GDPR). We keep an overview of these processing operations and processors.
6. Legal basis to process your personal data
Timing processes personal data given one or more of the following conditions are met:
When consent has been given from the user for data processing purposes via Timing online platform. Timing will document and store the user's consent choice. This is done in order to demonstrate that informed consent has been granted. You have the right to withdraw consent at any time, which does not affect the lawfulness of the processing before the withdrawal. Timing ensures that consent can be withdrawn just as easily as it is given.
When data processing is necessary for the performance of an agreement to which you are a party or for actions performed at your request and which are necessary for the conclusion and performance of an agreement.
In order to comply with the law, we must process personal data.
7. Your Timing Account
Your Timing profile:
When you use and register with the Timing online platform you build up a profile and we have your data available in our systems.
If you are registered with Timing as a job seeker, you have a My Timing profile that we use to find the job that suits you. With your My Timing profile you can access, edit, download, or delete key personal data associated with your profile at any time by visiting your Profile by logging in.
If you are registered with Timing as a client to post job vacancies, you have a My Timing profile to see which job seekers have viewed and applied to your job post.
To change your profile
• First name
• Last name
• Country of residence
• Zip code
• House number and suffix
• Date of birth
• Phone number
• Email address
• CV file
• Payroll tax
• Work experience
• Means of transportation
• Computer knowledge
• Driver's license(s)
Delete Timing profile
When you use the Timing website or app, or are registered through Timing, you create a profile, and we have your data available in our systems. Of course, you have the right to have your data removed.
Would you like to have your data removed? Please fill out the form below and we will process your request as soon as possible.
When processing this personal data, we must be 100% sure that you are the same person. That is why Timing can contact you to request additional information, such as a (valid) proof of identity. The period of one month within which Timing must respond to this request will be extended until you have provided us with the requested evidence.
Your request to view or adjust your personal data (or have it modified) is free of charge. If the request is unfounded or excessive, Timing may charge a reasonable fee for the administrative costs of providing information.
Response to your request
If you think that your data is incorrect or used for the wrong purpose(s), you can request us to correct, supplement, adjust or delete your data. We will also respond to this request as quickly as possible, but in any case, within one month. Depending on the complexity of the request and the number of requests, the period may be extended by two months. Timing will notify you of an extension within one month of receiving the request. Click here to view or delete your Timing profile.
Unable to comply with your request
8. How long do we store your data?
We only keep your data for as long as we need it or are required to do so for legal reasons. We will then delete or anonymize them so that you cannot be identified with them. We treat data in different ways depending on the purpose for which it is used, but you can ask us to delete your personal data at any time.
We only keep your personal data for as long as necessary. This depends on why they have been collected, and whether we have an ongoing legal basis for doing so (for example, to perform a contract between us, to provide a service you have requested or for our legitimate interests). If we no longer have a reason or legal obligation to process your personal data, we will delete it or store it in a way that no longer identifies you.
We apply different retention rules for different types of personal data, considering:
- The purpose of collecting the personal data*;
- How long it will take to reach that goal; and
- A specific reason or urgent legal obligation to keep the personal data for a certain period of time.
* How long Timing stores your personal data depends on whether you have worked or not. We use a retention period for personnel data of former employees of 2, 5 and 7 years, depending on the personal data.
- 2 years for data in and belonging to the personnel file (including name, address, education received, etc.);
- 5 years for the copy ID and payroll tax credit;
- 7 years for tax data (payslips).
Online data and account details
If you have an account with us, we also maintain personal information such as your email address, name and other details so that you can log in to and use our services as long as you have an account. We may retain and use other information, such user accounts, up to two years after contract termination to help us understand our users, improve our products and services, and protect our business interests.
Other online data
Online data collected via cookies and other similar technologies are stored up to 24 months before deletion.
Technical and organizational (security) measures
Timing takes appropriate technical and organizational measures to prevent personal data from being processed unlawfully or, for example, from being lost or stolen. In addition, Timing has a protocol for the use of ICT, e-mail, internet, and social media. This protocol contains (behavioural) rules on how to deal with information and communication technology within Timing. With rules about, for example, the use of ICT and for what purposes it is used. It is also described how/who monitors this use.
The technical and organizational measures taken by Timing guarantee, considering the state of the art, the implementation costs and the nature, size, context, processing purposes and the varying likelihood and seriousness of the risks to your rights and freedoms, an appropriate level of security tailored to the risk. The measures are also aimed at preventing unnecessary collection and further processing of personal data.
9. Where do we store your data?
We store the information we collect from you on secure servers in different locations, depending on where you are in the world when you visit our site. Your data will only be processed by suppliers who provide appropriate contractual guarantees for the information they process. Timing IT environment and data storage is hosted on Equinix servers located in the Netherlands, within EU. These server host Equinix meet strict security requirements in accordance with NEN 7510, ISO 27001 and ISO 9001 to keep up with data privacy industry standards.
10. How do we keep your personal data safe?
Timing naturally observes the legal principles (article 5 GDPR) when processing personal data. Timing ensures that it can demonstrate that these principles are observed and that it thus meets its accountability obligation.
Processing of personal data takes place in accordance with the relevant applicable laws and regulations, including the AVG and the AVG implementation law (UAVG). Timing will:
1. Protect your privacy as much as possible against unlawful processing and/or misuse of personal data, against the loss of that data and against the processing of incorrect data;
2. Prevent as much as possible personal data from being further processed or processed for a purpose other than that for which they were collected;
3. Inform you about the processing that takes place by or on behalf of Timing and about your rights.
Security incidents and data leaks
Despite our security measures, it is possible that security incidents may occur that constitute a breach of personal data.
Data breach by the data controller (Timing)
In the event of a data breach of any technical and organizational security measures taken by the data controller, Timing will report the incident to the Dutch Data Protection Authority immediately after discovery, but no more than 36 hours. The report of the data leak will explain the nature of that breach and the expected consequences thereof. It will also indicate how it will limit the adverse consequences of the infringement and within what period.
Timing has a data breach procedure and documents all personal data breaches. We note exactly what happened, the consequences and the measures taken.
Data breach by the data processor
In the event of a breach of any technical and organizational security measures taken by the Processor, whether or not being a data leak, the data processor will inform the data controller immediately after discovery, but no more than 36 hours. The report of the data leak will explain the nature of that breach and the expected consequences thereof. It will also indicate how it will limit the adverse consequences of the infringement and within what period.
Timing keeps a written register of the processing activities that take place under its responsibility. That register contains at least the following information: the categories of personal data, the purpose, the basis, the data subjects, the recipients, the retention periods, the transfer, a general description of the technical and organizational security measures taken and the name and contact details of Timing and FG.
11. Your Rights
Depending on our reason for processing your personal data and applicable laws, you have certain rights on your personal data. We want to inform you of these privacy rights within the following in the coming section.
You have the following rights under the GDPR:
Right to information
You have the right to clear, understandable and easily accessible information about the processing of your personal data.
Right of access
You have the right to ask Timing whether and in what way personal data is processed. We must of course also answer your question.
Right to rectification
You have the right to ask Timing to correct your personal data if they are incorrect or to supplement them if they are incorrect or incomplete.
Right to be forgotten
You have the right to ask Timing to delete your personal data. Please note: Timing may sometimes not (completely) comply with a request for deletion, for example if the processing is required by law (for example in the case of tax legislation).
Right to restriction of processing
You have the right to ask Timing to limit the processing of personal data in certain cases.
Right to data portability
You have the right to obtain the personal data you have provided to Timing digitally from Timing or to ask Timing to transfer the personal data to another controller, provided that this is technically possible.
Right not to be subject to automated decisions (including profiling)
Automated decision-making through profiling is not done by Timing, you always have the right to obtain human intervention, express your point of view and the right to contest the decision.
Exercise your rights
In all other cases, to exercise your privacy rights, to submit a privacy complaint or to contact our Data Protection Officer, you can contact us following our privacy contact form.
We will do our best to address your request in time and free of charge. In certain cases, we may ask you to verify your identity before acting on your request. Of course, if you are not happy with how we have handled your request, you can make a complaint to the supervisory authority competent for your country or region.
12. Contact and claims
Timing has appointed a Data Protection Officer (DPO). The DPO is involved in all activities related to the protection of personal data within Timing. His duties include:
• to inform;
• to advise;
• to monitoring;
• create awareness and act as a contact person for the Dutch Data Protection Authority and data subjects;
The DPO is responsible for structurally testing the implementation and implementation of the legal requirements and regulations in the field of personal data. Timing remains independently responsible for compliance with applicable laws and regulations, despite the appointment of an DPO. Processing of personal data is first reported to the DPO before the processing begins. You can contact the DPO about all activities related to the processing of your personal data and the exercise of your rights via [email protected].
File a claim
Do you think that Timing - in connection with the processing of your personal data - infringes on the applicable laws and regulations or this privacy statement? Then please contact Timing's Data Protection Officer via [email protected].
If you would like to submit a direct complaint in connection with the processing of your personal data with authorities, you can do so with the Dutch Data Protection Authority at www.autoriteitpersoonsgegevens.nl.
You can also get in contact with us via our postal address:
7311 BH Apeldoorn