ChipSoft Privacy Statement - Protection of Personal Data
Of course, you don't want just anyone to be able to see what your search history is on the internet. This applies to searching for job openings, registering for one of our events, chat conversations, taking an e-learning course et cetera. ChipSoft is doing all it can to keep your private data private. In this privacy statement, we will tell you about the data that ChipSoft stores about you as a (potential) candidate, website visitor, applicant or client.
ChipSoft stores your personal data in a secured database. We follow the legal regulations; data is not forwarded to third parties for commercial purposes. Your data will only be shared with third parties who help us in finding new colleagues and with the organisation of events. These third parties will, of course, follow the legal regulations. These parties have entered data processing agreements. You can read about the data we request and what we use it for below. This section will also discuss your rights, who has access to your data and for how long ChipSoft will store your data.
What personal data is processed by ChipSoft, why and on what legal grounds?
Below is an overview of the purposes for which ChipSoft may process your personal data. We always indicate what data ChipSoft uses for that specific purpose, the legal grounds for processing the data and for how long the data is stored by ChipSoft.
1 Candidates
Personal data provided to ChipSoft by a candidate is used exclusively to enable a responsible, effective and efficient recruitment and selection process. ChipSoft collects and processes information from candidates directly via forms or the internal job openings site, or by personal contact, telephone conversations and/or e-mail. The data and documents provided by you, including contact information, CV and motivation letter are processed by ChipSoft for one of the following reasons:
• to determine whether you should be considered for the job opening for which you have applied, or, in the case of an open application, whether you will be considered for a position within ChipSoft;• to have an assessment performed;• for the implementation or application of a law.
What do we want to know about you if you apply?
• First and last name (obligatory field in our application form)• date of birth (obligatory field in our application form)• telephone number (obligatory field in our application form)• e-mail address (obligatory field in our application form)• CV and motivation letter (optional, not obligatory fields)• IP address
When confirming an appointment for a job interview we ask for the following (non-obligatory) information:
• Diplomas• Certificates• Recent salary statements
For what purposes will ChipSoft process your personal data?
ChipSoft will compare your personal information with the vacant position(s) and the associated qualifications. In addition, ChipSoft will keep you updated about the process using your contact information. The data is also used to provide information about other openings or positions for which you may be considered.
What is the "legal ground" for the use of your information?
The processing of this personal information is done on the basis of consent.
For how long will ChipSoft keep your data?
ChipSoft stores the data of the candidates during the recruitment and selection procedure. The personal data from the application procedure (in the case of a rejection) will be deleted by ChipSoft no later than four (4) weeks after the end or conclusion of the application procedure. Only with your consent will ChipSoft save your application data for a period of one (1) year to be able to inform you should a suitable position become available at a later time. If the data is used anonymously, we will only use it for internal analyses and reports, such as when we want to know how long a position has been open.
For questions/complaints you can always contact werken@chipsoft.com.
2 Commencement of employment
What personal data is processed?
If we send you a written offer and it is accepted, we will need the following information from you:
• Complete first name, last name and gender• Date and place of birth• Address, postal code and city• Telephone number• Civil status• Nationality• Diplomas• Identification/passport
If you are hired and the trial period has passed, we will ask for a Declaration of Good Conduct (VOG in the Netherlands) or for Belgium, proof of good conduct and morals. We will request a Certificate of Conduct from the municipality by submitting a filled-in application form to the department of population/public affairs. This is because we develop software for hospitals and health care institutions and our employees must be able to handle privacy-related data with care.
For what purposes will ChipSoft process your personal data?
To enter into a commission/temporary/secondment/employment agreement or any other type of agreement and to enter an employer/employee relationship and to maintain it, and to keep a file for personnel, financial, hours, absence and/or salary reasons.
What is the "legal ground" for the use of your information?
The processing is necessary to implement an agreement that is or will be entered into and in which you are a party, such as a service agreement, internship agreement, employment agreement or commission contract.
3 Campus Recruitment
ChipSoft differentiates between candidates and potential candidates. Potential candidates are students and recent graduates for ChipSoft. The organisation wants to build a long-term relationship with these people and draw more attention to its employer brand. The two target groups are subdivided into various categories (such as training). Campus recruitment activities are organised for potential candidates for direct recruitment (such as for filling internship positions), and also to build a long-term relationship (such as during a training period). This is not recruitment but Employer Branding.
The following activities are organised within the framework of Employer Branding, to make ChipSoft more recognisable as an employer among these target groups:
• In person: ChipSoft provides students and recent graduates with training, job fairs, in-house days and other types of events. This happens internally and at external locations.• Online: ChipSoft holds various online activities to get/stay in contact with students and recent graduates. This includes sending newsletters, blogs, invitations and mailings. In addition, various social media activities are conducted. For this we use the following platforms: Facebook, Instagram, WhatsApp, Telegram and YouTube. In addition, ChipSoft uses job boards (including Monsterboard, LinkedIn, De Persgroep and Indeed). We also use online marketing techniques (including programmatic advertising and bannering on various websites that link to the various target groups).
For what purposes will ChipSoft process your personal data?
This is in order to come into contact with various target groups and to build a (long-term) relationship. The goal is to share information, make ChipSoft more recognisable as an employer and possibly to enter into an employment relationship.
What personal data is processed?
To do this, we process the following data of the relevant party: first name, last name, e-mail address, education and any CV.
What is the "legal ground" for the use of your information?
The processing of this personal information is done on the basis of consent.
For how long will ChipSoft keep your data?
ChipSoft does not store your data longer than one year after receiving your personal data.
4 Chats
For what purposes will ChipSoft process your personal data?
If visitors to our website wish to chat with us, we will ask with whom we are chatting. Naturally we will try to help you as much as possible. Sometimes a question posed via chat must be transferred to a colleague. So, it is useful to know who you are and how we can reach you so that we can provide you with complete information at a later time.
What personal data is processed?
If you use the online chat function, the data that ChipSoft processes for that purpose is the browser data and the data you provide in a chat with ChipSoft.
What is the "legal ground" for the use of your information?
The processing of this personal data is necessary for the promotion of the legitimate interests of ChipSoft, namely to be able to provide you with efficient service and to optimise ChipSoft's customer service.
For how long will ChipSoft keep your data?
ChipSoft will not store your information longer than one month after answering your question or complaint.
5 Newsletter
For what purposes will ChipSoft process your personal data?
ChipSoft will send newsletters to its (paying) clients, candidates, representatives of business relations and users of the ChipSoft website to create enthusiasm about us as an (employer) brand. We send newsletters to provide information about our product and interesting subjects to relevant parties.
What personal data is processed?
To be able to send you the newsletter, ChipSoft needs your e-mail address. In addition, we will collect your name and address details, gender and position.
What is the "legal ground" for the use of your information?
The processing of this personal data usually occurs based on consent. In addition,
it is necessary for the promotion of the legitimate interests of ChipSoft, namely direct marketing.
For how long will ChipSoft keep your data?
ChipSoft stores your e-mail address for this purpose as long as you are subscribed to the newsletter and at the most one month after unsubscribing.
6 E-mail tracking
For what purposes will ChipSoft process your personal data?
ChipSoft has added e-mail tracking and link tracking to its e-mails by integrating a small, transparent image pixel in the outgoing e-mail. As soon as the e-mail is opened, ChipSoft can access certain information with which it can measure the efficacy and the range of its mailings.
What personal data is processed?
• the name and last name of the recipient• the e-mail address of the recipient• subject of the e-mail• date and time at which the e-mail was sent• confirmation that the recipient has received the e-mail• confirmation that the recipient opened the e-mail after it was received• time stamp of each time the e-mail is opened• the history of the number of times (number, date and time) that the recipient opened the e-mail received• IP address of where the e-mail is opened• browser and operating system used by the recipient who opened the e-mail• number of links the e-mail contains• text and URL of the links• number of times the recipient has clicked on each of these links• time stamp of each click on the link• IP from which the link has been clicked• browser and control system used by the person who clicked on the link
What is the "legal ground" for the use of your information?
Processing this personal data is necessary to represent the legitimate interests of ChipSoft - namely to analyse the scope and effectiveness of the e-mails sent by ChipSoft.
7 Events
What do we need to know about you when you register for an event?
• first and last name• position (depending on the event, not mandatory)• the (healthcare) organisation you work for• Telephone number• e-mail address• IP address• in some cases, dietary requirements• in some cases, clothing size (clothing is ordered for some client events, so that the participants are recognisable to ChipSoft and to each other).
For what purposes will ChipSoft process your personal data?
ChipSoft processes your personal data in order to register you for events. We also process your personal data during events: e-mail address, name, name of the healthcare institution and the questions you ask, so that we can also answer these individually later. In some cases, we use external tooling to collect these questions during plenary sessions. The purpose of this is to able to give at a later time (anonymised) questions that are asked during large plenary sessions to all those present or others who ask for them.
What is the "legal ground" for the use of your information?
The processing of this personal data usually occurs based on consent. In addition, these processing operations may be necessary to represent the legitimate interest of ChipSoft. In this case, that interest consists of organising events.
For how long will ChipSoft keep your data?
ChipSoft will store your data as long as deemed necessary, unless you ask for it to be deleted.
Photography during ChipSoft events
You may be photographed as a participant in a ChipSoft event. We use the photos we made during post-production to report on the event, and they may possibly be published. If you do not wish to be photographed, you can indicate this beforehand to {1][2}[3}communicatie@chipsoft.nl or to the organisation during the event.
8 Courses
What information do we ask for when registering for a course?
• telephone number of the contact person• first and last name of the participant and the contact person• position of the participant• e-mail address of the participant and the contact person
For what purposes will ChipSoft process your personal data?
ChipSoft processes your personal data in order to register you for a course at their office:
• General: in order to make the necessary preparations for the course (manuals, lunch, planning the right capacity)• Position of the participant: testing whether the participant belongs to the course's target group• E-mail address of the participant: testing whether the participant has completed the e-learning beforehand• The contact’s e-mail address and telephone number: to be in contact with regard to planning the course• The participant’s name: there is a record of who has completed which course with ChipSoft and has received a certificate. Only certified employees of the healthcare institution can access the support site.
What is the "legal ground" for the use of your information?
In this case, processing your personal data is necessary to implement the agreement regarding the course. The data is necessary in order to assess requests for access to the support site.
For how long will ChipSoft keep your data?
A participant's data has an indefinite retention period, unless the person request its removal.
9 E-learning
What personal data is processed?
We register the e-mail addresses of the e-learning site users.
For what purposes will ChipSoft process your personal data?
ChipSoft's e-learning is intended as preparation for safely working with HiX. Participants' e-mail addresses are registered in order to provide access to ChipSoft’s e-learning portal and to keep track of the progress and scores of modules followed.
What is the "legal ground" for the use of your information?
These processing operations are necessary to represent the legitimate interest of ChipSoft, namely offering optimal services to customers. Additionally, HiX is a medical device for which users must have proven authorisation and competence.
For how long will ChipSoft keep your data?
This data is stored for as long as the contract between ChipSoft and the healthcare institution remains in force, unless there is a request for removal. Healthcare institutions have the possibility of removing participant's data from ChipSoft's e-learning portal themselves.
10 Support
For what purposes will ChipSoft process your personal data?
In order to offer adequate support for our products, the people who have taken a course for this with ChipSoft are registered with the support system.
What personal data is processed?
In this system, you are registered with your name, e-mail address and the institution you work for. We store the original support question for each support request, including all resulting communication.
What is the "legal ground" for the use of your information?
This processing is necessary to carry out an agreement.
For how long will ChipSoft keep your data?
ChipSoft will delete your data no later than six months after the completion of the support work.
11 Project sites
For what purposes does ChipSoft process your personal data and what data is processed?
Implementing a ChipSoft product often involves working with a project site. As a participant in the project, your name and e-mail address are recorded, as well as the role you fulfil as a participant in the project and as a user within the healthcare institution. The planning of the project, the set-out action points, software adaptation requests and test results are recorded on the site.
What is the "legal ground" for the use of your information?
This processing is necessary to represent the legitimate interest of ChipSoft, namely to support the customer in implementation.
For how long will ChipSoft keep your data?
ChipSoft will delete your data no later than six months after completing the implementation.
12 Visiting ChipSoft
For what purposes will ChipSoft process your personal data?
If you come to visit ChipSoft, we will register your data upon arrival. The aim of this is that, in case of a calamity, we can know exactly who is on our premises (Crystal Tower, Orlyplein 10, Amsterdam). License plates are noted in relation to the number of parking spaces.
What personal data is processed?
For the above-mentioned activities, we process the following data:
• full name• license plate• who the appointment is with• time of entry and exit• date• e-mail address (for the benefit of content user groups)• Mobile telephone number (for the benefit of content user groups)
What is the "legal ground" for the use of your information?
Processing your data is necessary for representing the legitimate interest of ChipSoft, namely, your and our safety in the event of emergencies and in the context of planning and efficiency with regard to the distribution of the available parking spaces.
For how long will ChipSoft keep your data?
ChipSoft will delete your data no later than one week after your visit.
The data we request for the content user groups is not stored longer than necessary, unless you request its deletion.
13 Cookie statement
ChipSoft uses different types of cookies on its websites. We would like to inform you about the way we handle the information we collect users of our websites. This cookie statement explains what cookies are, which cookies are used by ChipSoft, what they do, how you can refuse or accept cookies and how you can contact us. By using these websites, you agree to the terms below.
What are cookies?
A cookie is a small (text) file that is placed on your computer, tablet, smartphone or other electronic device (hereinafter "computer") when you visit a website. When a cookie is on your computer, your computer can be recognized and information collected. For example, data related to your browsing habits, like how a website is navigated.
What are the types of cookies?
• Functional (essential) cookiesThese cookies are essential for the proper functioning of our website. For example, they remember your password and your preferences, such as the language in which you want to read the website.• Analytics cookiesThese cookies record how visitors use our website. This allows the use of our website to be analysed and visitor statistics to be tracked, so that the quality of the website can be improved.• Social media cookiesOur website also contains hyperlinks to websites of other parties and social media buttons, including the YouTube social media button that makes it possible to view videos placed on our website. For this, YouTube will place cookies but only if you have given permission.
Accepting, refusing and deleting cookies
Cookies that require your permission will only be placed on your computer if you have allowed this by clicking on the accept button in the cookie banner that will be shown to you on your first visit to our website.
If you do not wish to receive certain cookies that are on our website or wish to withdraw your consent at a later time, you can change the cookie settings yourself. It is also possible to delete stored cookies yourself. To do this, go to the settings of your internet browser, for example Google Chrome, Internet Explorer or Safari. You can also set your internet browser to notify you when a website uses cookies. You then decide each time whether you want to give permission for this. If you want to know more about this, you can consult the help section in your browser.
Cookies on chipsoft.nl
The following cookies are placed through our website:
• functional (essential) cookies• analytics cookies• social media cookies
Why does chipsoft.nl place cookies?
Chipsoft.nl places cookies to increase usability for visitors. These cookies help with functionality and are intended to gain insight into the functioning and effectiveness of chipsoft.nl. With these cookies we try to make our website as user-friendly and interesting as possible, so that the quality of the website can be improved. We will never sell your data to third parties. Our website also contains hyperlinks to third-party websites and social media buttons. ChipSoft is not responsible for the content of those websites or for the services of social media platforms. Nor is ChipSoft responsible for the privacy policy and use of cookies on those websites and platforms.
Cookies on elearning.chipsoft.nl
Elearning.chipsoft.nl uses functional and analytics cookies for website optimisation. Because these types of cookies have a very low impact on your privacy, they fall under the exception in cookie law. This means that ChipSoft does not have to ask permission to place these cookies.
Why are cookies on elearning.chipsoft.nl?
Elearning.chipsoft.nl places cookies to increase the ease of use for visitors. These cookies help functionality and are intended to provide insight into the function and efficacy of elearning.chipsoft.nl. With these cookies, we try to make elearning.chipsoft.nl as user-friendly and interesting as possible. In addition, we use cookies to offer you the option to save your login information so that you don't have to enter it every time. We also use cookies to trace misuse of our website. The cookies we use are automatically removed as soon as you close your browser. We will never sell your data to third parties.
Who has access to your data?
We only share your information with colleagues within ChipSoft, and only if necessary. All of our employees are subject to a non-disclosure agreement. Upon request, we will only provide your personal data to the police and justice department if there is a legal obligation to do so.
We contract suppliers who process the personal data for our organisation. We enter into processing agreements with all processors of personal data. In advance, we assess the security measures and adherence to privacy regulations and we review it periodically, as well as the adherence to closed processing agreements.
A few examples:
• external hosting providers, including cloud providers for storage and the management of your data;• external parties with applications/tools, including in the area of recruitment/assessments, employment services, personnel management and administration;• other specific tasks that are contracted including e-mail marketing, IT support and facility management;• engagement of external advisors and/or consultants.
ChipSoft is responsible for the processing of the personal data of its employees.
Where is the data stored?
Some of the service providers are located outside of the European Economic Area (EEA), namely the United States. To adhere to EU regulations regarding data protection for international transfer, ChipSoft will only contract service providers outside of the EEA to process your personal data if they are self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield (article 46 (2) (a) GDPR) or under a contract entered into between ChipSoft and the service provider in which the model contract provisions set by the European Commission are included, in which it is guaranteed that sufficient data protection regulations have been met (article 46 (1) (c) GDPR).
What are your rights?
Under the GDPR, you have a number of rights regarding your data and its processing:
• Viewing: you have the right to view your personal data and additional information about the processing of your personal data.• Rectification: you have the right to submit a request for rectification of incorrect or incomplete personal data. If possible, you can provide additional personal information to complete the collection of personal data.• Right to be forgotten: in some cases, you have the right to ask ChipSoft to delete your personal data.• Right of limitation: under certain conditions, you have the right to the limitation of the processing of your personal data, such as if you have contested the correctness of the personal data. If the request is honoured, ChipSoft will not process the personal data further during the period of the limitation, unless permitted by the GDPR.• Right of objection: you have the right to object to the processing of personal data based on the legitimate interests of ChipSoft.• Right of data portability: you have the right to, upon request, to receive the data that you have provided to ChipSoft in a structured, normal and machine-readable form and you have the right to have these data sent to another processing manager, where the processing is based on your consent or on an agreement.• Direct marketing: when personal data are processed for the purpose of direct marketing, you always have the right to object to the processing of your personal data for this type of marketing. In that case, ChipSoft will no longer process your personal data for those purposes.• Withdrawal of consent: where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of your consent has no influence on the legality of the processing of data that was performed before you withdrew your consent.
You can submit your request to ChipSoft via FG@chipsoft.nl. In the event of you contacting us, we want to be sure that it is you, so we may ask for more information to confirm your identity. We also do this if the request is unclear.
How do we protect personal data?
We take the appropriate technical and organisational measures to protect the privacy of the affected parties and to maintain the confidentiality of their personal data. The infrastructure of ChipSoft is continually monitored. In an early stage, threats or attacks can be signalled and action taken. We have created policy and procedures for timely reporting of data leaks. In addition, the infrastructure of ChipSoft is scanned for viruses, malware and theft attempts. We transfer personal data using a secure internet connection (TLS). In addition, in our systems we have ensured that not just anyone within our organisation has access to personal data. Access is limited to employees for whom the processing of personal data is necessary for the performance of their activities.
Questions or complaints?
The Data Protection Officer (DPO) at ChipSoft is registered with the Personal Data Authority. The DPO ensures that the processing of personal data by ChipSoft is in accordance with the requirements of the law. If you have questions regarding this privacy statement and the manner in which ChipSoft uses your data, you can contact our DPO. You can also do this if you have a complaint about the way in which ChipSoft processes your personal information. In addition, you can always contact the competent national regulatory authority for privacy protection. In the Netherlands, this is the Data Protection Authority (DPA).
For questions/complaints you can always contact Pinar Arslan, Data Protection Officer, Available via +31 (0)20-49 39 000 / E: FG@chipsoft.nl
In writing: ChipSoft BV, Postbus 37039, 1030 AA Amsterdam / attn. Pinar Arslan
This privacy statement was last revised on 02-03-2020. ChipSoft reserves the right to revise this privacy statement. Revisions will be published on this website. If after the revision you continue to use the website, the revised privacy statement will be applicable to that use.