The protection of your privacy is important to NN. We therefore take our responsibility for protecting your personal data seriously. This is why NN has prepared this Privacy Statement for Applicants. The aim of this Privacy Statement is to be transparent about how NN collects, uses and protects your personal data. We also explain how we comply with privacy legislation, such as the General Data Protection Regulation (GDPR). Please read this statement carefully to understand how we handle your personal data.
2. Who is responsible for your personal data at NN?
NN (Schenkkade 65, 2595 AS The Hague) and/or the legal entity to which you apply/with which you take up employment is/are responsible for processing your personal data. In some cases, we share your personal data with third parties [see section 4.2]. It may be the case that these third parties are responsible/partly responsible for your personal data. We always require these companies to comply with applicable privacy legislation.
For general questions or comments about this Privacy Statement, you can contact HR Services via NNServicedesk.firstname.lastname@example.org. Where necessary, they will refer your question to the Data Protection Officer of NN and ensure that your question is answered.
3. For which purposes do we process your personal data?
1. For a responsible, effective and efficient recruitment and selection process.
For this purpose, we process your contact details (such as name, email address and telephone number) and the personal data from your CV and your covering letter. We send your CV and covering letter to the vacancy holder and the HR staff of the relevant department. If rejected we keep your personal data for a time period of twelve months after the closing date of the vacancy, unless you have specifically indicated to remove your personal data after one month. NN can also use your data for other purposes than you’ve originally indicated. It is stated that this new purpose needs to match the original purpose of your data release to us. An example is talent pooling for interesting job opportunities in the (near) future. In addition, we use some or all of your personal data from your CV to prepare analyses to improve the efficiency and effectiveness of our recruitment and selection process. If your application is successful, your personal data will be kept in accordance with our retention policy. The legal basis is NN’s legitimate interest in an efficient implementation of its recruitment and selection procedure (Article 6, paragraph 1 (f) of GDPR.).
2. To register for a job alert.
You can register for a job alert by visiting our careersite. To send a job alert, we process your email address and your preferences for the type of vacancy you would like to receive by email. You can unsubscribe from job alerts via the link at the bottom of the emails you receive from us. Staff in the Human Resources (HR) department who maintain the Career site, have access to your name and email address to manage this list. If you withdraw your consent, we will no longer use your email address to send job alerts and will remove your email address from our mailing list. The legal basis for sending a job alert is consent (Article 6, paragraph 1 (a) of GDPR).
3. For pre-employment screening (PES).
Part of the selection process is the pre-employment screening (PES). A successfully completed Pre Employment Screening is compulsory under the Financial Supervision Act (Wet op het financieel toezicht (Wft)).
For the PES of integrity-sensitive positions, the staff of our Corporate Security & Investigations (CSI) department (depending on your job) process data about your creditworthiness, reliability and information that you enter in the PES questionnaire, as well as information from public sources (including social media profiles), references and other positions.
In case of a non-integrity sensitive position the PES is executed by a specialized screenings agency: Validata (for more information please look at: www.validatagroup.com). We do not provide any data of you to the agency. It is your responsibility to provide the required data on to the platform of this agency.
If you are recruited, CSI keeps your personal data for up to eight years after the check. The legal basis is NN’s legitimate interest in an efficient implementation of its recruitment and selection procedure (Article 6, paragraph 1(f) of GDPR), as well as compliance with a statutory duty (Article 6, paragraph 1(c) of GDPR).
4. Who has access to your data?
4.1 Access to your data at NN
Your personal data is accessible only to people at NN insofar as it is necessary for the performance of their work and it is within the scope of our purposes referred to in section . Who precisely has access to your personal data at NN differs for each category of personal data and you can read about this in section .
4.2 Access to your data by third parties
NN does not sell your personal data to or trade your personal data with a third party. NN can share certain personal data with a supplier or a service organisation that needs to use or record your personal data for the purposes described in this Privacy Statement and in accordance with relevant legislation. Transferring a specific and limited element of the personal data you provide can be necessary to organise internal or external recruitment events during which NN can approach candidates. Or, for example, to perform the PES or to send CVs to a manager who is looking for candidates for an outstanding vacancy for which you have not applied.
In these limited cases, a specific supplier or a service provider can gain access to your personal data. Before NN shares your data with such a third party, NN will ensure that this party is held to strict security standards.
NN can be required to provide certain personal data to third parties, such as government bodies, in accordance with relevant legislation. It can also be necessary for NN to transfer your personal data to protect the statutory rights of NN, once again in accordance with the relevant legislation.
5. How do we secure your personal data?
Because your privacy is important to us, your personal data is handled strictly confidentially. NN also has suitable technical and organisational security measures in place to prevent unauthorised access and/or disclosure, destruction, loss and alteration of personal data. To this end, NN uses several types of security technology, including secure servers, firewalls and encryption as well as physically securing the spaces where data is stored.
6. Is your personal data transferred outside the European Economic Area?
Because NN is an international company, in exceptional cases personal data can be transferred to other NN entities, for example, if you work at one of our offices abroad, outside the EU (short-term or long-term assignments).
In addition, NN uses IT service providers that sometimes have offices or servers abroad. These companies can have access to specific personal data outside the EEA, such as in the United States. NN has taken additional measures to ensure that your personal data is also properly protected at these foreign companies. For example, NN has made it compulsory for these companies in special agreements to secure your personal data at the level required by GDPR.
7. Does NN use automated decision-making?
No, NN does not use automated decision-making based on your data.
8. Where can you go with questions and requests relating to access, removal or objection?
You can request access to the personal data that NN processes about you at any time and free of charge. You can ask us to correct or remove this personal data. In addition, you can request NN to limit the processing of your personal data or to transfer your data to another controller. You can also object to the processing of personal data at NN.
8.1 Where can you send your request?
You can send a written request to the HR Services department via NNServicedesk.email@example.com.
8.2 Where can you object?
If you do not agree with the response from HR Services, you can lodge an objection with the Complaints and Disputes Committee or with our Values & Code Desk [via: firstname.lastname@example.org] or the Data Protection Officer of NN Group N.V. [via: email@example.com]. You also have the right to lodge an objection with the Dutch Data Protection Authority.
8.3 What information should you include with your request?
Please state as clearly as possible to which personal data your request relates. We will try and process your request as quickly as possible and in any event within the statutory time limit. NN is required to establish your identity when you submit a request.
We cannot meet all requests. NN requires some information so that it can comply with our purposes set out in section . We will therefore consider with you whether your personal data is correct, complete and necessary for the purpose for which we use the information.