What do we do?
FairWork fights and prevents modern slavery in the Netherlands and stands up for the interests of its victims. Our focus is on three areas:
- coaching victims who want to break out of their isolation, or who have just done so. We do this together with police, justice and other organisations;
- train professionals who come in contact with victims of human trafficking (how to recognise such victims and approach them?;
- raise public, political and employer awareness of the problem and encourage more attention and action.
Our focus lies on modern slavery outside of the sex industry, for example in restaurants, agri- and horticulture and the cleaning industry. This form of human trafficking is known as labour exploitation.
What does this document contain?
This document has been drawn up following the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018. The purpose of this Regulation is to better protect your personal data in organisations inside the European Union. This policy has been drawn up in line with the provisions of the General Data Protection Regulation. In this policy you will find what personal data we process and share, for what purposes we do this, what your rights are with regard to your personal data, and how we safeguard your personal data. This policy is applicable to the processing of all personal data of clients, donors, employees, volunteers and newsletter readers.
You can find the General Data Protection Regulation in your own language.
Index
Definitions
Scope
Person in charge of data protection
Collection of personal data
Declaration of consent & data sharing with partners
Retention period
Staff confidentiality
Data security
Rights of data subjects
Exercising your rights
Citation, publication and entry into force
Definitions
Autoriteit Persoonsgegevens
The Autoriteit Persoonsgegevens is the Dutch data protection authority and the independent administrative body designated by law in the Netherlands as the supervisory authority for monitoring the processing of personal data.
Cultural mediators
A cultural mediator is a volunteer at FairWork who uses his or her specific knowledge of language and culture to inform specific migrant groups about their rights and options in cases of labour exploitation.
Database
The database is an extra secured document that contains all of FairWork's current clients. Access to this database is restricted. You can read more about this under the header security.
Client form
FairWork creates a client form for each client. It contains the client's personal data and/or a description of the work situation.
Personal data
Any information about a person that allows him or her to be reasonably identified.
Consent of the data subject
Any freely given, specific, informed and active expression of the data subject’s will, by which the data subject accepts the processing of personal data concerning him/her.
Processing of personal data
Any operation or set of operations which is performed on personal data, including collection, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller
FairWork is the controller of personal data because it determines the purposes and means of processing personal data.
Scope
1. These regulations shall apply within FairWork, based in Amsterdam and shall cover the processing of personal data referred to in these regulations.
2. These regulations cover all personal registrations held by FairWork, i.e., personal registrations in connection with the assistance FairWork provides to its clients. These regulations also apply to personal registrations of employees, donors, volunteers and newsletter readers.
Person in charge of data protection
1. Within FairWork, a designated person has been tasked with the protection of personal data. This person supervises the processing of personal data by FairWork employees and verifies compliance with the General Data Protection Regulation.
2. Within FairWork, Eline Willemsen is responsible for the protection of personal data. She can be reached by email at info@fairwork.nu.
3. Twice a year, the designated person carries out a random check, examining whether current clients have given permission to share their data and whether the data of former clients have been deleted after the expiry of the retention period. If she detects errors, she immediately discusses them with the employee concerned and checks whether the issues are resolved.
Collection of personal data
1. To properly assist clients with their request for help, FairWork requests data from them. With your permission, your data will be stored in our database. You can read more about the security of this database under the heading ‘data security’.
2. FairWork stores your data in order to be able to help you properly with the requests for help you have, so that we do not have to ask you for the same data all the time. We will only store this data to help you and will not use this data for marketing purposes. Fundamentally these data will consist of the following:
- Your name
- Your contact details
- Your date of birth
- Your country of origin
- The contents of your question or complaint
- Any personal data contained in documents you send to FairWork
FairWork may ask you for more (personal) data to better assist you. FairWork hereby emphasises that it is up to you whether and which data you wish to share with FairWork.
Declaration of consent & data sharing with partners
1. If you have contact with FairWork, FairWork will ask you for permission to record your personal data and case details. Depending on the way(s) the contact consists of, this will be via verbal consent or a completed consent form.
2. Giving or not giving consent is entirely voluntary. If you do not give your consent, we may not be able to help you to the best of our abilities.
3. If your case contains signals of human trafficking, your (personal) data may be shared pseudonymously with the Coordination Centre against Human Trafficking
(Coordinatiecentrum tegen Mensenhandel (CoMensha)).
4. In addition, if it is necessary for counselling, FairWork may ask you for permission to share your personal data with partners. These partners include, for example, lawyers, the Social Affairs and Employment Inspectorate (Inspectie Sociale Zaken en Werkgelegenheid), care coordination human trafficking, police and other aid organisations.
5. If you do not give permission to share your (personal) data with partners, FairWork will never give your data to partners.
6. FairWork will also ask your permission to make enquiries with partners if you are referred to another organisation.
7. If FairWork, in their expertise, has the impression you are in a life-threatening situation, it may, after internal consultation, choose to share your data with a partner in order to take action. These are considered exceptional situations and will be handled with extensive due diligence. In such cases, FairWork will share as little data as possible to guarantee your safety.
Retention period
1. FairWork operates with a five-year retention period due to the lead time in legal matters.
2. If there are no developments in a client case for five years, all personal data will be deleted from the file.
3. Client retention periods are maintained in the database.
4. Personal data of newsletter readers will be kept until they unsubscribe from the newsletter. After unsubscribing, the data will be deleted immediately.
5. Donor records are kept for two years due to FairWork’s bookkeeping.
6. For applicant data, a retention period of six months after the conclusion of the application procedure is applied if the relevant applicant consents to it. This retention period is used so that FairWork can still contact one of the applicants if necessary.
7. Legal retention obligations apply to data from personnel files. For employees, a wage tax statement and a copy of the identity document must be kept for five years after the employee leaves employment. No statutory retention period applies to other data from the personnel file. For those data, there is a retention period of two years after the employee leaves employment.
Staff confidentiality
1. All FairWork employees and volunteers are required to provide a Certificate of Good Conduct prior to their employment. They must also sign a code of ethics with a confidentiality statement when signing the contract.
2. All FairWork employees and volunteers shall treat personal data confidentiality.
Data security
Personal data of employees and clients are stored in FairWork’s digital working environment, which includes the use of DA Systems and Office 365 Sharepoint.
1. Employees and volunteers log in to a secure ‘own’ profile. Staff and volunteers only have access to digital folders and/or files that are necessary for them to perform their duties.
2. Employees and volunteers each use their own email account belonging to the organisation. The email account is also password protected.
3. FairWork employees and volunteers shall ensure that they lock their computers when leaving the workplace, even if only for a short time.
4. Emails containing client information will be sent using the business email addresses and not the private email addresses.
5. Employees and volunteers do not discuss clients with external parties without the clients’ permission and do not have telephone conversations about clients when external parties are present. This also applies to telephone conversations on public transport.
6. Employees and volunteers who work from home save their documents in FairWork’s digital working environment as much as possible. If files are stored on private computers, this is done for the shortest possible time and these files should be secured.
7. Employees and volunteers who access their work email address on their private device should secure this device, for example with a PIN or biometric security. The work phone should also be secured in a similar manner.
8. Volunteers and employees whose working relationship with FairWork ends will lose access to FairWork’s digital environment by having their account’s password reset.
9. ‘Confidential’ mail is opened only by the HR role.
10. In the event a data breach with risk to the rights and freedoms of data subjects occurs, we will report the breach to the Dutch data protection authority (the Autoriteit Persoonsgegevens).
Rights of data subjects
1. Right to access
You have the right to request access to your personal data from FairWork. Such request can only be refused if it would cause disproportionate harm to the privacy of others.
2. Right to withdraw consent
Where FairWork processes your personal data on the basis of your your consent, you have the right to withdraw your consent at any time. FairWork is then unable to further process your personal data if consent was the legal basis. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
3. Right to rectification and completion
If you believe that your data at FairWork is incomplete or inaccurate, for example after you have exercised your right to access, you have the right to have your personal data corrected by FairWork.
4. Right to erasure
You have the right to request deletion of your personal data by FairWork in a number of
situations, for example after you have withdrawn your consent.
5. Right to restriction of the processing
You have the right to request restriction of the processing of your personal data if your data may not be accurate, the processing is unlawful, the data is no longer needed (but you do not want it deleted) or when you have objected to the processing.
6. Right to object
In exceptional cases such as life-threatening situations, FairWork will process your personal data without your consent. In such cases, FairWork will weigh the various interests. This balancing of interests may have negative consequences for you. If you do not agree with the processing of your personal data because of your specific situation, you can file an objection with us. FairWork will then stop processing your personal data, unless it has compelling interests not to do so.
7. Right to data portability
You have the right to obtain the personal data you have provided to FairWork in a structured, commonly used and machine-readable format and the right to transmit this data to other organizations. You may also request FairWork to forward this data directly to other organizations.
8. Right to lodge a complaint with the supervisory authority
If you have a complaint about the use of your personal data or the way the exercising of your rights is handled, you can file a complaint with us at FairWork, and we will attempt to find a solution to the situation. If, together with FairWork, you cannot find a solution to your complaint, you have the possibility to file a complaint about this with the National Authority for the Protection of Personal Data. In the Netherlands, this is the Autoriteit Persoonsgegevens, Informatie- en Meldpunt Privacy. Hoge Nieuwstraat 8, 2514 EL Den Haag, phone number:
088 – 1805 250.
Exercising your rights
1. If you wish to exercise your rights, you can do so by sending an email with your request to info@fairwork.nu
2. In principle, a request will be assessed within four weeks and you will receive feedback within this period. The outcome will contain reasons for the decision.
3. Should we need longer than four weeks, we will let you know within this period and include the reason(s) why.
4. If you are a donor, you can exercise your rights in the same way as clients can.
5. If you are a reader of the newsletter, you have the option to unsubscribe at the bottom of the newsletter. The procedure to exercise your other rights is the same as it is for clients and donors.
Citation, publication and entry into force
1. These rules may be cited as Privacy Policy FairWork.
2. This policy takes effect on May 23, 2018 and has been posted on the FairWork website.
3. Amendments to these regulations will be made by FairWork and will be announced publicly on the website.