Global Privacy Statement

Digital Agency Holding B.V. and its subsidiaries “DEPT®”



01
Purpose

This global privacy statement (“Privacy Statement”) explains how we process your personal data when you use our website, www.deptagency.com, and on any other websites, mobile applications or other online services that display this Privacy Statement (the “website”). For Australian users, or users from any territory governed by the Australian Privacy Act 1988 (Cth)(APA), any reference to “personal data” within this Privacy Statement, also means “personal information” and “sensitive information” for the purposes of the APA. For users from India governed by the Digital Personal Data Protection Act 2023 (DPDPA), within this Privacy Statement, any reference to “personal data” also means “sensitive personal data”, any reference to “data controller” means “data fiduciary”, and any reference to “data subject” means “data principal” for the purposes of the DPDPA. The website is operated by Dept Holding B.V., a private company with limited liability organised under the laws of the Netherlands, having its registered seat in Amsterdam, and its office address at Generaal Vetterstraat 66 in Amsterdam and registered in the Dutch trade register under number 63464101, and all of its affiliated companies in the world (“we/our/us”).

When you access and use our website either as a visitor, business prospect, client or job candidate, we are the data controller for the purpose of applicable data protection law.

A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.

02
Importance of personal data protection

We recognise that the processing of personal data has important implications for us as well as for the individuals whose personal data we process. Most of our offices operate in countries which regulate the use of personal data and impose requirements (and in some cases restrictions) on the processing of personal data. In order to make sure you are aware and informed of how we handle personal data properly at DEPT®, we have adopted this Privacy Statement to ensure privacy compliance.

This Privacy Statement is intended to describe our overall privacy and data protection practices insofar as processing your data via our website(s) are concerned. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain personal information.

It is important that you read this Privacy Statement together with any other notices, policies and/or statements we may provide on specific occasions when we are collecting or processing your personal data (i.e. if you as a job candidate become an employee or if you as a prospect become a client where data processing is involved), so that you are fully aware of how and why we are using your personal data. This Privacy Statement supplements the other notices, policies and/or statements and is not intended to override them.

03
Which personal data do we collect?

Personal data includes any information relating to an identified or identifiable natural person. It does not include data that cannot be linked to an individual (anonymous data).

Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Special categories of personal data cannot be processed, unless a legal exception is applicable to such processing. DEPT® does not ordinarily process special categories of data via its website and shall only do so if required by applicable law.

Please see below which categories of personal data we collect:

  • Contact and enquiry submission data, such as your first name, last name, company, email address, country, newsletter opt-in status, and personal message you submit, for new business, press or vacancy enquiries
  • Candidate Identification data, such as your full name, date of birth, address, phone number, CV details and any supporting documentation or information you submit during your application.
  • Marketing and communications data, such as information on when you receive and read marketing communications from us, which of our events you attend and marketing and communication preferences. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you.
  • Usage data, which means the information about your use of our website, our electronic portals and platforms, as well as our local area networking facilities (including WiFi) and similar electronic services, such as interactions with our mobile applications, information collected progressively when you visit our Website, electronic portals and platforms, including your referral website, pages you visit, actions you take, information on last viewed/visited site and details of the content viewed including when and how many times the content was viewed, patterns of page visits, time details per visits (e.g. visit duration, number of visits, time spent on each page, frequency of visits), details about the path followed with special reference to the sequence of pages visited, interactions, functionalities and modules used, and chat messages
  • Technical data, meaning technical information collected when you access our website, our electronic portals and platforms which we offer or which we have agreed with you to use, including your internet protocol (IP) address or domain names of the devices utilized, your login data, browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using. Such data points are directly stored by the website as first-party cookies, which enable us to collect analytics data, remember language settings, measure traffic and engagement, and perform other useful functions to improve your experience of our website(s)
  • CCTV and physical security data, including CCTV footage and other information relating to access of our facilities obtained through electronic means, such as swipe card records, or visitor logbook (applicable for when you visit some of our offices)

Please note that we also create and use aggregate, anonymous and de-identified data in order to assess, improve and develop our website, business, products and services or for similar research and analytics purposes. These aggregate, anonymous and de-identified data are not generally subject to the restrictions in this Privacy Statement, provided that it does not identify and could not be used to identify a particular individual.

04
How do we collect your personal data?

We use different methods to collect personal data from and about you, including through the channels set out below.

A. Your Enquiries

By filling in forms on our website, or contacting us through our electronic portals and platforms, by email or post, by speaking to us in person or over the telephone or whilst visiting our offices, you may give us information including personal data, such as your name, address, company, email address and your enquiry.


We use this information to carry out the following:

  • In line with the legitimate interest we have in promoting our business, we will process your enquiries to provide you with information about the services we offer.
  • This might include replying to your enquiry, or sending you invites to our events.
  • We use Pardot by SalesForce CRM to process your email address and information supplied by you in the course of an enquiry through the website, and to send you invitations and marketing materials. You can find out more about how they process personal data here.
  • We may also process enquiries to take steps you ask of us with a view to entering into an agreement to provide you with our services.
  • You are under no obligation to provide us with any details, but if you don’t provide all relevant information, we may not be able to help you.

B. Marketing

We might use your information to send you marketing emails where you have opted in, and where applicable in accordance with our legitimate interests, about our services or events which are similar or related to those which you have previously received (or attended, in the case of events). We may also send personalised content via online advertising where you have given consent.

We may also disclose your name and contact information to our relevant subsidiaries who provide the same services, to enable them to market their services and/or events to you.

If you would like to be removed from this mailing list, please contact us at [email protected] or click unsubscribe at the bottom of each marketing email.

C. Recruitment

When you apply for a job on this site, the personal data contained in your application will be collected by us. Your personal data was either provided by yourself or obtained from publicly available sources (e.g. LinkedIn) or provided to us by someone who referred you for potential employment.

Your personal data will be processed for the purposes of managing our recruitment related activities in line with our legitimate interests, which include evaluating your candidacy/application for employment with us, setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as in otherwise needed in the recruitment and hiring processes.

Your personal data is going to be shared with Greenhouse Software Inc., and/or Talenthub.io A/S  two cloud service suppliers that help us manage our recruitment and selection process.

Your personal data will be retained by us for twelve (12) months from the date of the application. The data is used in order to improve our recruitment efforts and selection procedure but also as a talent pool. Whenever we have a new opening we can easily access the data of candidates who have shown interest in our company in the past and contact them to see if they are available for a new opportunity. If you have any objections to us retaining your information for the abovementioned retention period and these purposes, please contact [email protected].

D. All content you submit to us

If you send us objectionable content or otherwise behave in a disruptive manner when using our website, we may process personal data included in your messages to respond to and stop such behaviour.

E. How you use our website (analytics)

Our website uses cookies and other mechanisms to collect log and analytical information, such as your internet protocol (IP) address, to help analyse how visitors use the site and to compile statistical reports on website activity.

  • We process this information to understand how visitors use our website and to compile statistical reports regarding that activity (for example your IP address is used to approximate the country from which you access our website, and we aggregate this information together, so we know that, for example, most of the visitors to our website come from a certain country/area). Through the use of GA4, IP anonymisation is enabled by default and cannot be switched off. This means that GA4 will not store the IP addresses of users and cannot track users. We also use Google Consent Mode, which is a privacy feature that allows modifying the behaviour of Google tags on our website based on user’s consent preferences. With the GA4 consent implementation, GA4 is instructed to track users’ behaviour according to your consent preferences. 
  • This processing is necessary for us to pursue our legitimate interests in improving our website, by enhancing the user experience and making the website as personal and relevant as possible. Cookie preferences can be changed via our website, however, disabling certain cookies may prevent you from taking full advantage of our services, and the functionality of the website may be limited. Please review our cookie policy for more information
  • This information is not used to develop a personal profile of you. All such information is aggregated and stored anonymously

F. Publicly available sources

We may, from time to time, where necessary and if applicable, collect personal data from publicly available sources, including from:

  • Public registers of individuals, companies, charities, law firms, chartered accountants, stock or commodities exchange participants or other entities for regulatory compliance purposes; 
  • other public sources including any services accessible on the Internet which you, as a candidate and (prospective) employee, are using for professional networking purposes for example LinkedIn. 

05
Subprocessors

For an overview of our material subprocessors that may handle your personal data when you use our website as a visitor, prospect, client or candidate, please see below:

  • Pardot by Salesforce.com (Salesforce.com EMEA Limited)
    B2B marketing automation activities

    Location of processing: Europe (Germany, France)
    Privacy statement
  • Greenhouse Software, Inc.
    Recruitment software service

    Location of processing: USA
    Privacy statement
  • Talenthub.io A/S
    Candidate recruitment survey tool

    Location of processing: Denmark
    Privacy statement
  • Google Analytics via Google LLC
    Website analytics

    Location of processing: USA (to extent personal data is shared)
    Privacy statement

For information about the types of cookies and third party subprocessors that place cookies and/or technologies via our website, please read our Cookie Statement.

06
How do we use your personal data?

We will only process (i.e. collect, use, store and transfer) your personal data when the law allows us to, meaning when we have a legal basis for processing. We use your personal data in the following circumstances:

  • The performance of a contract, i.e. when we need to perform a contract which we are about to enter into or already have entered into with you as a party or to take steps at your request before entering into such a contract;
  • Where we need to comply with a legal or regulatory obligation that we are subject to;
  • Where you have provided your consent to processing your personal data; or
  • Where necessary for our legitimate interests, provided that your fundamental rights do not override our legitimate interests, such as:

    – Performance of contracts with clients and other parties;

    – Implementation and operation of global support systems for our business operations (e.g. IT)

    – Improving our website, services, developing reports, customer relationship management, marketing and analytics;

    – Fraud detection and prevention;

    – Physical / IT / network perimeter security.

We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us at [email protected]  if you need details about the specific legal basis we are relying on to process your personal data.

If you visit one of our global DEPT® offices, we may use CCTV and physical security data for the detection and prevention of crime, safety incidents, unauthorised access to our premises and gross misconduct, but also to support and review safety and security.

07
Your rights in relation to personal data

You have the following rights over the way we process personal data relating to you:

  • Right to be informed – You have a right to be informed about how we will use and share your personal data, and to request a copy of the data we are processing about you
  • Right to access – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us
  • Rectification of inaccurate data – You have a right to have any inaccurate or incomplete personal data rectified
  • Right to erasure and right to be forgotten – You have a right to request that certain personal data held by us is erased. Right to be forgotten is the right to have public data deleted.  This may also include a request to restrict the use of or to stop processing your personal data
  • Right to restrict processing in certain circumstances – You have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data no longer is required by us but you require the personal data to be retained to establish, exercise or defend a legal claim
  • Data portability – You can request a machine-readable copy of your personal data, which you can use with another service provider, also known as the right to data portability. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer
  • Right not to be subject to automated decisions – You have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you
  • Right to object – You can make a complaint to us, or to your local data protection authority. You may raise your concerns with your local data protection authority directly, but we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to our processing of your personal data
  • Right to withdraw your consent  – if we have your consent, the GDPR, or if in an Australian State or Territory, the APA, (if applicable) and other applicable data protection laws give you the right to withdraw your consent. You can do this at any time by contacting us


We aim to comply without undue delay, and within one calendar month at the latest. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please send your requests to [email protected].

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


DPO Contact details
Leanne Voerman ([email protected]) based at Generaal Vetterstraat, 66, Amsterdam, Netherlands.

Do we share your information with anyone else?

Your personal data on our website may be used and shared by all our offices around the world. We keep your information confidential but may share it with our shareholders, subsidiaries and business partners where necessary. Whenever we transfer your personal data outside of the European Economic Area (EEA) or Australia, we ensure that a country’s data protection laws have been assessed as adequate by the European Commission and the Office of the Australian Information Commissioner (OAIC) , and if not, we ensure we have standard contractual clauses (and perform transfer impact assessments) in place as a safeguard for this transaction.

By engaging our services, you consent to us disclosing your personal data to our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this Privacy Statement, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in this privacy statement and relevant data and security compliance requirements set out in the contracts that we enter into with them.

In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you may be notified, as appropriate, via email and/or a notice on the website of any changes in ownership or use of your information, as any choices you may have regarding that information.
Except as provided above, we will not provide your information to third parties.

Except as provided above, we will not provide your information to third parties.

Children

We do not use the website to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at [email protected]. We will delete such information within a reasonable time.

Security

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal data. Our website is hosted on a platform with adequate security measures and stores your data encrypted.

Changes

This Privacy Statement may be updated from time to time. We will notify you of any changes by posting the new Privacy Statement here and, where feasible, letting you know by email.

International data transfers

As mentioned above, where we transfer your data outside of the EEA or Australia (if applicable), we ensure that data is transferred to countries which data protection laws have been assessed as adequate by the European Commission, and/or the OAIC (if applicable), and if not, we ensure we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission or the OAIC (if applicable), to ensure that appropriate safeguards are in place to protect your personal data. We also ensure that we perform transfer impact assessments where applicable. If you would like to find out more about these safeguards, please let us know by writing to [email protected].

Retention periods

We will hold your personal information on our systems for as long as is necessary for the relevant purpose for which the personal data was originally collected. The retention period depends on:

  • The purpose for which the personal data were collected,
  • The purpose for which the personal data were subsequently used, and
  • Whether there are any legal requirements requiring a specific retention period (for example, tax laws).

If you have any questions or comments about this Privacy Statement, please let us know by email to [email protected].