The website yuma.nl is owned by Yuma BV. Yuma BV complies with legal regulations regarding the protection of personal data, such as the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.
Yuma BV is an intermediary between employers and employees and guarantees at all times a careful and discreet handling of the information arising from this work.
Data Processing
For its business operations, Yuma BV collects and processes data about candidates. The protection of your personal data is very important to us. Below, we explain how we collect your personal data, what we do with it, for what purposes, on what legal grounds this is based, and what rights and requirements this entails for you.
Collection and Processing of Your Personal Data
a) We may store your personal data on various occasions, for example when you contact us to schedule an appointment or when you provide us with your CV.
b) Depending on the circumstances, we may collect the following categories of personal data:
General information:
Name, first name, gender, language, date of birth, address, landline and/or mobile phone number, email address.
And if you are a business client: your company details (address, landline and/or mobile phone number, email address, VAT number, and registration number with the Chamber of Commerce).
Information related to our services:
- The CV you have provided to us
- Summaries of phone calls or personal conversations
Information from third parties:
We may also collect information about you from references provided by you (never without your prior consent), public databases, or social media platforms such as LinkedIn, which we use to update, correct, or supplement your data, particularly to enable us to advise you better.
c) Where possible, we also record the date on which this data was shared or modified.
d) We only store data if we are legally permitted to do so based on your consent or in accordance with applicable legal regulations (more details on this can be found in the section ‘Legal Grounds for Processing’).
Purposes of Use
We use the collected personal data for the following purposes:
- Candidate data (CVs, contact details, additional information) is used only when interest has been expressed, after our internal assessment, and with the candidate’s consent for searches related to specific vacancies or for networking opportunities with other contacts in our network (informal conversations).
- Client data (business information) is used solely for relationship management and to fulfill specific vacancies, including invoicing.
- Under no circumstances will sensitive data (CVs, contact details, confidential business information) be shared with third parties without the prior (verbal or written) consent of the relevant candidate, client, or contact. If verbal consent is given (e.g., during an interview), we will confirm it in writing via email.
- The introduction of candidates to clients will only take place with explicit approval and via email or hard copy, including their CV (with contact details) and a summary of our impressions and any additional information (e.g., current salary, notice period, etc.).
- Retention policy: All data of candidates, clients, and other contacts is retained only if obtained with consent. Data will be removed upon request from the individual concerned. Maintaining these records allows us to nurture long-term relationships, track candidates’ career progress, and assess their suitability for future roles.
We process your data based on your consent. You have the right to withdraw your consent at any time.
In certain cases, we are legally required to retain or disclose your personal data to government authorities or legally designated entities. In such cases, we process your data in accordance with our legal obligations.
Sharing of Personal Data with Third Parties
Your data may only be shared with a third party (a potential employer) after obtaining your explicit consent.
Security
We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, and unauthorized access. We continuously improve our security measures in line with technological advancements.
Legal Grounds for Processing
If you have given us consent to process your personal data, this consent serves as the legal basis for processing (Article 6(1)(a) GDPR).
For processing personal data related to establishing or fulfilling an agreement with you, the legal basis is Article 6(1)(b) GDPR.
If processing your personal data is necessary to comply with legal obligations (e.g., data retention requirements), we do so in accordance with Article 6(1)(c) GDPR.
Additionally, we may process personal data based on our legitimate interests or those of third parties, as permitted by Article 6(1)(f) GDPR. Legitimate interests may include maintaining our IT systems, marketing our services, and ensuring legally required documentation of business contacts.
Deletion of Your Data
Your personal data will be stored only for as long as necessary for the purpose of processing. Data may be retained beyond this period if required by European or national laws and regulations.
Rights of Data Subjects
As a data subject, you have the following rights under the GDPR:
- Right of access (Article 15 GDPR) – You can request access to your stored data.
- Right to rectification (Article 16 GDPR) – You can request corrections to incorrect data.
- Right to erasure (Article 17 GDPR) – You can request the deletion of your data.
- Right to restriction of processing (Article 18 GDPR) – You can request restrictions on data processing.
- Right to data portability (Article 20 GDPR) – You can request that your data be transferred to another service provider.
If you have given consent for data processing, you have the right to withdraw your consent at any time. This does not affect the legality of processing before withdrawal. Further processing may still take place based on other legal grounds (see the section ‘Legal Grounds for Processing’).
Right to Object
You have the right to object to the processing of your personal data for reasons related to your specific situation if processing is based on Article 6(1)(e) GDPR (public interest) or Article 6(1)(f) GDPR (legitimate interests). If you object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for legal claims.
When you have questions about how Yuma BV handles your personal data, you can contact us at info@yuma.nl.
If you believe that your data has been processed unlawfully, you have the right to file a complaint with the relevant data protection authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Article 77 GDPR).
Changes
Yuma BV reserves the right to modify this privacy statement. Any updates will be published on this website.
Questions and Information
Candidates can request access to their personal data stored at Yuma BV at any time. To do so, they must submit a written request to Yuma BV. Candidates can also request corrections, modifications, or the complete deletion of their personal data by sending a written request to Yuma BV.
