Privacy policy
May 2018
European Union’s General Data Protection Regulation 2016/679 and Data Protection Directive 95/46/EC
Ross Republic is committed to protecting the privacy of all the personal data we hold. Our privacy policy explains how we use personal data and cookies and the rights you have over your personal data. This policy statement is designed to give a clear explanation of Ross Republic’s data processing practices.
By using our website, you’re agreeing to be bound by this Policy.
We are Ross Republic Amsterdam BV (Ross Republic)
Our registered address is Nieuwezijds Voorburgwal 162, 1012 SJ Amsterdam, The Netherlands. Our company number is 75184095. Our website URL is rossrepublic.com. The website is hosted in Germany.
We act as the ‘Data Controller’ for personal data. We only collect the information required to fulfill stated purposes and where there is a lawful basis for doing it, and will not retain it for longer than is necessary. Any questions regarding this Policy or our privacy practices should be sent by email to Jussi Hyttinen privacy@rossrepublic.com or by writing to us at our registered address.
This Policy applies to
- visitors to this website;
- our clients and those that may want to or use our services;
- our suppliers;
- job applicants and our current and former employees
The purpose for the use of a register and content of the register
Personal data is used for the following purposes:
- recruitment processes
- improving services
- client matters
- analytics and profiling
- marketing
- newsletters and other communication
- surveys and opinion polls
Data subject shall not obliged to disclose the information mentioned in the prospectus, but a failure to provide certain personal information may cause the service provided by the controller to be partly unavailable.
The register holder can handle the following categories of information:
- basic personal information (name, birth date, contact details)
- IP address
- profiles on social media
- client relations and information related to ordered services
- information relating to education, work experience and skills;
- if supplied: job application, resume, attachment files;
- job seeker´s information relating to job seeking process, LinkedIN-address ja profile information.
In addition, the register contains details of changes to the above mentioned data.
Basis of keeping the register
Personal information is processed based on:
- consent of the data subject
- contract
- law
- legitimate interest
Regular sources of information right to resist processing, automatic decision making and profiling
Personal data is collected from the data subject when the data subject uses the service and via email, telephone, social media, cookies, contracts, client meetings and in other situations where the client discloses personal data. Personal data can also be updated by obtaining appropriate data services from the companies and authorities providing them.
The user has the right, at any time, to oppose the automatic decision-making and profiling of personal data processing, unless the Controller can demonstrate that there is a substantial and well-founded reason for processing that overrides the rights, privileges and immunities of the data subject, or if it is for the purpose of building, presenting or defending a lawsuit. If the user objects to the processing of personal data for direct marketing, they may no longer be processed for this purpose. User profiling shall be based on their explicit consent.
Regular destinations of disclosed data and whether the data is transferred to countries outside the European Union or the European Economic Area
Personal data may only be transferred outside the territory of the Member States of the European Union or to the European Economic Area if the country concerned provides sufficient level of data protection. Information shall not be disclosed to third parties for any other purposes than service related processing.
Data protection principles and disclosure of information
Manual materials are kept in a locked space and are available only to those entitled to the materials. The personal data contained in the register will be kept confidential. The use of the register is controlled by the controller in the organization and access to the personal register is restricted so that the information contained in the register stored in the computerized system is accessible and entitled to use only by the registrar’s employees who have the right to do so.
The computer system is protected by security software. Access to the system requires each user from the register to enter a username and password. The computer network and hardware in which the register is located are protected by a firewall and other appropriate technical measures such as encryption. Information on the website is protected by SSL or TLS 1.2 secure connection.
The processing of personal data can be outsourced to a third party, Ross Republic guarantees by contractual arrangements that personal data is processed in accordance with the General Data Protection Regulation (2016/679) and other applicable laws in the Netherlands. More information on adequate data protection states can be found on the European Commission’s website: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
Right of access and realization of the right of access
Data subject has the right to check what information about them has been stored in the personal register.
Data subject must send an inspection as a separate signed document to:
Ross Republic Amsterdam BV
Nieuwezijds Voorburgwal 162, 1012 SJ Amsterdam, The Netherlands
OR by email to: privacy@rossrepublic.com
Rectification and the realization of the rectification
The data subject has the right to influence their personal data processing.
The controller must rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. The controller may also repair such information on their own initiative.
A claim shall be sent as a separate signed document to:
Ross Republic Amsterdam BV
Nieuwezijds Voorburgwal 162, 1012 SJ Amsterdam, The Netherlands
OR by email to: privacy@rossrepublic.com
Duties of the controller, transferring rights of the data subject, right to be forgotten
The controller shall, without undue delay, either on its own initiative or at the request of the data subject, rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete relating to the purpose of the processing. The registrar shall also prevent the spread of such information if the information may compromise the privacy of the data subject or his rights. Furthermore, the data subject has the right to data portability.
The controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. The controller shall inform repair of data to the party whom the controller has disclosed or from which controller has received incorrect personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.
Personal data shall only be retained as long as there is a valid purpose for the processing. When there is no valid purpose for processing, the data will be erased appropriately. The data subject has the right to withdraw consent for the processing of data. If the data subject withdraws consent, data subject may file a written request to the controller for the deletion of data, for which there is no other legitimate purpose for processing. The request must be presented in written form as a separate signed document and shall be sent to:
Ross Republic Amsterdam BV
Nieuwezijds Voorburgwal 162, 1012 SJ Amsterdam, The Netherlands
OR by email to: privacy@rossrepublic.com
Supervisory authority
The data subject may bring the matter to the attention of the supervisory authority.