Privacy Policy

25 mei 2018

In this privacy policy we explain how we collect and use your personal data when you participate in one of our programs.

  1. Who we are
  2. The types of personal data we process
  3. For which purposes we use your data
  4. Disclosing or sharing data with third parties
  5. Security and retention
  6. International transfer of your data
  7. Your rights
  8. How we look after this policy

 

  1. Who we are

Lovinklaan Foundation (hereafter: ‘Lovinklaan’), is a foundation led by employees of Arcadis. Arcadis is the leading global Design & Consultancy firm for natural and built assets. It consists of a group of companies, headed by parent company Arcadis N.V. For more information about Arcadis, please see ‘Who we are’ on the global Arcadis website.

As the largest shareholder in Arcadis N.V., Lovinklaan provides opportunities and services to Arcadis employees that range from an employee shareholding program to participation in global innovation, community service and employee exchange programs. For more information about Lovinklaan and our mission and strategy, please visit our website under ‘About us’.

Lovinklaan offers its programs together with Arcadis N.V. Lovinklaan and Arcadis N.V., are jointly responsible for the processing of your personal data in relation to these programs. We have determined our respective responsibilities for compliance with the obligations under applicable privacy legislation for processing your personal data in relation to our programs by means of an arrangement between us. In summary, we have arranged that if you want to exercise your rights, such as your right to access, correct, erase, restrict, object or port personal data or to withdraw your consent, or if you have any questions or complaints about the processing of your personal data, you can contact Lovinklaan in accordance with ‘Your rights’ (please see par. 7). Arcadis N.V. will assist Lovinklaan where necessary to ensure that you can exercise your rights and that your questions and complaints will be handled. Wherever we use the words ‘we’ or ‘us’, this refers to both Lovinklaan and Arcadis N.V.

Lovinklaan is located at Beaulieustraat 22 6814 DV Arnhem, The Netherlands. You can contact Lovinklaan by phone at +31 88 4261 261 or send us an email at info@lovinklaan.nl. Arcadis N.V. is located at “Symphony” Gustav Mahlerplein 97-103, 1082 MS Amsterdam, The Netherlands. You can contact Arcadis N.V. by phone at +31 20 2011 011 or send us an email at info@arcadis.com.

  1. The types of personal data we process

We may collect and process the following categories of personal data, depending on the programs you participate in:

  • Information you provide: we may ask you to share your personal data with us when you wish to participate in one of our programs. For example, when you apply for our employee shareholding plan, we will ask you for your contact details, the Arcadis company you work for (your employer), your employee number, nationality, date of birth and tax identification number (social security number). And if you apply for our international transfer program, we will process your request for transfer (explaining amongst others your objectives, the time period of the transfer and the required budget), your resume and profile picture. You may also choose to write a blog on the Lovinklaan website or post your experiences on social media.
  • Our communication with you: when you send us an email or chat with us via social media, we register your communication with us.
  • Specific information in relation to our employee shareholding plan: to perform our share plan we will register data about your participation in the plan, including your salary, your personal bank account, the start and end date of the participation agreement, details with regard to the monthly amount of deductions, acquired shares, dividend, and details regarding your cash account and share account. We will also process information in relation your online account, such as your user ID. We receive some of this data from the Arcadis company your work for (your employer) or the third parties involved in the execution of the program (see par. 4 for more information)

Certain categories of personal information we collect and use, such as data revealing racial or ethnic origin or data concerning health, can be considered ‘special categories of personal data’ under applicable data protection law. We may be required to collect, use and share your special categories of data with third parties for the purposes as described in this privacy policy. For example, for the purpose of the employee shareholding plan, we require your tax identification number (also referred to as social security number). And you may choose to add your profile picture to your online exchange program account.

  1. For which purposes we use your data

Purposes. The main purposes for which we use your personal data are:

  • To perform our programs and provide our opportunities and services to you.
  • To administrate our plans and your online accounts.
  • To communicate with you.
  • For security purposes.
  • For record keeping and to comply with our legal and fiscal obligations.

Legal bases. We collect, use and store your personal data to perform our programs for you, to comply with the legal obligations we are subject to, if necessary for our legitimate interests or the interests of a third party or on the basis of your consent. You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent or by contacting us (please see par. ‘Your Rights’ below). If you refuse to provide personal data that we require for the performance of our programs or compliance with a legal obligation, you may not be able to participate in all or parts of our programs. When we process your personal data for our legitimate interests or the interests of a third party, we have balanced these interests against your legitimate interests. Where necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you. Our legitimate interests may for example include security and safety purposes. More information on the balancing tests we perform is available upon request. Where we process your personal data for our legitimate interests or the interests of a third party, you have the right to object at any time on grounds relating to your particular situation (please see par. Your Rights’ below).

  1. Disclosing or sharing data with third parties

Arcadis group companies. We may disclose or share your personal data with the Arcadis group companies, if necessary for the performance for our programs. For example, if you participate in our employee shareholding plan, we will share your monthly amount of deductions with the financial or HR department of the Arcadis company you work (your employer) for so the they can offset this amount against your salary.

Service providers. We may also share your personal data with our service providers, such as IT and hosting suppliers and communication agencies. If you participate in our employee shareholding plan, we will also share your personal data with the provider of the online banking system in which you can track your shares.

Public authorities. We may also be required by law to share your personal data with public authorities or governmental organizations for the purpose of compliance with tax regulations or other legal obligations.

Third party websites. Our website contains links to third-party websites. If you follow these links, you will exit our websites. We may also use the online services of our service providers to perform our programs, such as the online banking system in which you can track your shares if you participate in the share plan. This privacy policy does not apply to websites of third parties or service providers we involve. For more information on how these third parties treat your personal information, please check their privacy policy (if available).  

  1. Security and retention

We will take appropriate technical and organizational measures to protect your personal data against loss or unlawful use.

Your personal data will be retained for as long as required for the purposes described in this privacy policy or in so far as such is necessary for compliance with statutory obligations and for solving any disputes.

  1. International transfer of your data

Lovinklaan may transfer your personal data to countries other than your country of residence (including countries outside the European Economic Area). This occurs in the course of performing our plans, or because our group companies are vested or our service providers have operations in countries across the world. The laws of these countries may not afford the same level of protection to your personal data.

For example, when you participate in the employee shareholding plan, your data is stored with the provider of the online banking system in Switzerland. The European Commission decided that Switzerland should be considered as a country which provides an adequate level of data protection. An overview of all countries that are considered to provide an adequate level of protection, is provided here.

In other cases, Lovinklaan will ensure that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws. For transfers of personal data outside the European Economic Area, Lovinklaan may amongst others use Commission approved Standard Contractual Clauses as safeguards (see article 46 GDPR).

  1. Your rights

You may contact our Privacy Contact Person (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to data portability, and (6) the right to object to processing.

  1. Right to access

You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.

  1. Right to rectification

You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.

  1. Right to erasure

You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us.  Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.

  1. Right to restriction of processing

You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continue storing your personal data. We will inform you before the restriction is lifted.

  1. Right to data portability

Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.

  1. Right to object.

You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see par. ‘Legal bases’ above).

You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by adjusting your settings (if available) or by contacting our Privacy Contact Person.

There may be situations where we are entitled to deny or restrict your rights as escribed above. In any case, we will carefully assess whether such an exemption applies and inform you accordingly. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in case the personal data was not provided by you or if we process the data not on the basis of your consent or for the performance of a contract.

Contact

When you would like to exercise your rights, all you have to do is send your request to our Privacy Contact Person:

Lovinklaan Foundation – Privacy Contact Person
Mr. Max van der Wegen, info@lovinklaan.com or +31 62706 2149
PO Box 33
6800 LE Arnhem
The Netherlands
You can also contact us at if you have any questions, remarks or complaints in relation to this privacy policy. However, if you have unresolved concerns you also have the right to complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevenshttp://www.dutchdpa.nl) located in The Hague, The Netherlands. If you live or work normally in another EU Member State, you may also contact the Data Protection Authority of that country. For an overview of all EU Data Protection Authorities, please visit this webpage of the European Commission.

  1. How we look after this policy

This privacy policy was most recently amended on 22/05/2018 and replaces earlier versions. We may amend this privacy policy from time to time and will notify you of any changes prior to these changes taking effect.

News