Buy Now








Target Audience:

All employees (temporary or permanent) of all majority owned, businesses and companys management control and staff departments.

Issued by:

Talentate Human Resources Legal Department


This Talentate Human Resources Global Data Protection Policy for Client, Supplier and Business Partner Data (Policy”) supersedes all Talentate Human Resources data protection policies and notices that exist on the Effective Date to the extent they address the same issues and are not consistent with this policy.

Approved by:

Talentate Human Resources Legal Management

In the event of any discrepancies between the English version of this Policy and a translated version, the English version shall prevail.



This policy has been prepared by the Legal Department to clearly explain the personal data processing activity carried out by Talentate Human Resources ("company") to the data subject group. This policy addresses the Processing of all Personal Data of Clients, Suppliers and Business Partners. The principles established by this policy are based on European data protection and privacy laws and take into account the requirements of the EU General Data Protection Regulation (GDPR). This privacy policy is prepared in extent of the article 13-14 of GDPR by controller Legal Department. This policy applies to the Processing of Personal Data by electronic means and in systematically accessible paper-based filing systems. Talentate Human Resources cares about data protection and privacy. As such, Talentate Human Resources respects and protects the rights of individuals, particularly the right to data protection and privacy in context of the processing and use of personal data. This applies equally to employees, applicants, customers, suppliers, partners and all other persons whose personal data Talentate Human Resources processes. Talentate Human Resources is a global corporation with its headquarters in Holland, a member state of the European Union (EU). This Policy is binding on Talentate Human Resources acting as a Data Controller. The Data Protection Executive shall be responsible for business organizations compliance with this policy. Staff must comply with this policy.


This policy applies to all employees who process Personal Data completely or partially by automatic means or means, or who process Personal Data (other than automatic means and means) by other means and tools that are part of a recording system or are intended to form a part of a recording system; it is applied to the processing of personal data of Talentate Human Resources employees, employee candidates, service providers, visitors, Talentate Human Resources candidates and other third parties. Where there is a question as to the applicability of this policy, staff shall seek the advice of the appropriate Data Protection Executive prior to the relevant processing. This Policy is binding on Talentate Human Resources acting as a Data Controller. The Data Protection Executive shall be responsible for business organizations compliance with this Policy. Staff must comply with this Policy. The Policy does not apply to Talentate Human Resources when it is acting as a Data Processor. Individuals keep any rights and remedies they may have under applicable local law. This policy shall apply only where it provides supplemental protection for Personal Data. Where applicable local law provides more protection than this policy, local law shall apply. Where this policy provides more protection than applicable local law or provides additional safeguards, rights or remedies for individuals, this policy shall apply.


EU Data Protection Directive 95/46 / EC and Privacy, Electronic Communications Directive 2002/58 / EC and all laws and regulations in an EEA country that give them a binding legal effect, including the General Data Protection Legislation (2016/679), in case there is a law providing higher protection by any successor or alternate legislation and regulations, it complies with that law.


Personal Data : Any information relating to an identified or identifiable natural person (data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Natural persons can be identified directly based on names, phone numbers, e-mail addresses, postal addresses, user IDs, tax and social insurance numbers or indirectly through a combination of any other information. The personal data that is subject to this policy includes data of employees, applicants, former employees, customers, potential customers, suppliers, partners, and users of TALENTATE HUMAN RESOURCES websites and services. It can be contained in systems of TALENTATE HUMAN RESOURCES, third parties that operate on behalf of TALENTATE HUMAN RESOURCES, and customer systems operated by customers themselves, and by TALENTATE HUMAN RESOURCES, or by third parties to the extent that TALENTATE HUMAN RESOURCES employees could gain access to the saved personal data in course of support and consulting activities.

Data concerning health : Any freely given and unambiguous statement or other clear affirmative action by which the data subject indicates in an informed manner that he or she agrees to the processing of his or her personal data for a specific purpose.

Consent : Any freely given and unambiguous statement or other clear affirmative action by which the data subject indicates in an informed manner that he or she agrees to the processing of his or her personal data for a specific purpose.

Anonymous data/ Anonymized data : Anonymous and anonymized data does not refer to an identifiable natural person. Even if other data or additional information were added, identification of the natural person is not (or is no longer) possible. This policy does not apply to such data.

Special categories of personal data : Certain personal data that is particularly sensitive due to its nature, processing of which is likely to result in significant risks for the rights of the data subject; and therefore, requires special protection. This includes data concerning health, genetic data, biometric data processed for uniquely identifying a personal data, and information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, or sexual orientation. Depending on the context, this may also include data that could be misused for identity theft purposes such as social security, credit card and bank account numbers, ID-card or drivers license-numbers, also personal data regarding criminal investigation proceedings, convictions, and crimes, or data that is subject to professional confidentiality obligation.

Data processor : A natural or legal person that processes personal data on behalf of the controller, such as an external service provider or a different TALENTATE HUMAN RESOURCES group company that is not the controller itself.

Data Subject or Interested Person : Identified or identifiable natural person to whom the data belongs.

Employee : People employed in Talentate Human Resources based on an employment contract

Employee candidate : Natural persons who made their curriculum vitae and related information accessible to Talentate Human Resources by applying for a job in Talentate Human Resources or by any other means.

Talentate Human Resourcess / Talentate Human Resources Candidates : Natural persons whose personal data are obtained due to business relations within the scope of activities carried out by Talentate Human Resources regardless of any contractual relationship.

Visitors : Real persons who have entered the physical facilities of Talentate Human Resources or visited websites of Talentate Human Resources.

Erasure : The irretrievable obliteration or physical destruction of saved personal data or its anonymization in such a way that makes it impossible to re-identify the natural person afterwards.

Third Persons : Other natural persons, although not defined in the procedure, whose personal data is processed within the framework of this procedure, including but not limited to the supplier, victim, family members and etc.

Selection and Placement Consultancy : Some evaluation systems that are prepared to provide proper employees to the employer who has open positions.

Personality Inventory Test - PiT® : This inventory consisting of 80 questions, provides evaluation of 20 different adjectives related to business life. PiT also determines which position the candidate is most suitable for.

HRWin - Smart Video Interview App : Candidates are subjected to a pre-selection process with position and institution specific questions. It provides online evaluation without space restrictions to candidates in remote locations.

Tests and Exams : C# and SQL adaptive exams and both multiple choice and manual code writing questions are given to candidates. In addition, liberal education and general aptitude tests are given to candidates in line with the requests of Talentate Human Resources.

Pseudonymization : Pseudonymization is a technique that is used to reduce the chance that personal data records and identifiers lead to the identification of the natural person (data subject) whom they belong to. Identifiers make identification of a data subject possible.



2.1 Responsible Controller

Talentate Human Resources is the controller in the context of GDPR ,and the national data protection legislation and other data protection provisions in which the company is based. (If there are different companies, they will be added here.)

Corporate Address: Laan op Zuid 392, 3071AA Rotterdam

Telephone: +31 065 350 79 22

2.2 Data Protection Officer

You can contact the responsible Data Protection Officer, who will be appointed by the controller, with the address below.

Address: Laan op Zuid 392, 3071AA Rotterdam

2.3. Supervisory Authority

If you think that your data contained in Talentate Human Resources is processed against the law, or if you have any complaints about the processing of the data, you can apply to the responsible supervisory authority appointed by the controller under the article 55 of GDPR.

Name: Safa Zengin

Address: Laan op Zuid 392, 3071AA Rotterdam

Telephone: +31 065 350 79 22

Email: [email protected]

2.4. Scope of Processing Personal Data

In general, the company processes personal data only when job applications are made, for the purpose of generating employment, when employee candidate applies to job advertisements created by employer, and when necessary for the fulfillment of our legitimate interests and services. We process the data you send us in accordance with your application to conform your suitability for the position (or other vacancies at our company, if applicable) and to carry out the application process. The processing of personal data takes place regularly only if a legal regulation allows or you have given your prior consent. The collection and use of your personal data is primarily for the following purposes:

  • to use our website / online service
  • for job applications
  • to respond to job applications
  • to register for events
  • to become a registered user

2.5. Legal Basis of Processing Personal Data

Article 6 of the GDPR sets forth the purposes to pursue when processing data. Thereby, we process the data that is mandatory for our legitimate interests, requirements of our business, and the purposes specified in the law. We process your data in compliance with the purposes of the GDPR and the national data protection law in which our center is located. Our objectives in matters where the GDPR is taken as the legal basis are;


  • Your consent to process one or more of your data for the purposes we have specified,
  • In terms of the implementation of a contract to which you are a party or responsibilities before a contract is made,
  • Necessity of processing in order to comply with the legal obligation to which our company is subject,
  • Necessity of processing in order to protect vital interests of our company, the data subject or another natural person
  • Necessity of fulfillment of a duty in the public interest or of an application for an official permit given to our company,
  • Your personal data are processed within the scope of the GDPR and the Dutch personal data protection law (WBP), since processing is necessary for the aforementioned interests; except, if the data subject is a child, the interests of the data subject requiring protection of personal data or fundamental rights and freedoms outweigh the legitimate interests pursued by our company or a third party.

2.6. Data Transfer to Third Parties

The data is transferred to third parties only in scope of legal rules or your consent. We transfer user data to third parties only if it is necessary for the legitimate interest of verbal contract, fulfillment of the contract or the economic and effective operation of our business.

If we hire subcontractors to deliver our services, we undertake to take appropriate legal measures and appropriate technical and organizational measures to ensure the protection of personal data in accordance with legal regulations.

Your data can be transferred to: natural and legal persons permitted in the legislation, other authorized public institutions and organizations when necessary, the relevant party with whom a contractual relationship is established, judicial and administrative courts, law enforcement, institutions and organizations with which we have a business relationship, outsourced consultancy, technology and education companies. However, if there is a reason not arising from the law, you will receive your approval for the transfer.

2.7. Data Transfer to a Third Country or an International Organization

Third countries are those where the GDPR is not directly applicable as legislation. These countries are all countries outside the EU or the European Economic Area. In terms of countries within the EU or the European Economic Area, the principle of freedom of movement is in force.

The data to be transferred is transmitted to a third country or an international organization. In this case, the qualification decision of the EU Commission is taken into account. For this transfer, our company informs the EU Commission that the third country or an international organization that offers an adequate level of protection is safe. With the permission to be obtained in this way, our company can transfer the data to third countries.

2.8 Data Retention and Deletion Period

Personal data of the data owner is rendered inaccessible, locked and deleted / anonymized when the purpose of storage ends. In addition, it is not necessary to delete the data until the end of the period specified by the law, if it is regulated by the European or national legislator in the context of trade union law regulations, labor law regulations, other laws or other provisions for which the responsible party is responsible. Data is also locked upon expiration of a retention period stipulated by specified standards, unless data is required to be retained for a longer period of time to sign or fulfill a contract, and then deleted or anonymized.



2.9. Child Protection

Persons who are under the age of 16 cannot send any personal data to us without the consent of all legal guardians. These data will be processed in accordance with this privacy policy. If it is detected that this data is processed by us, the data will be deleted directly.

Our company is not responsible for the data of minors or children processed without the knowledge of our company.

2.10. Data security

We and our service providers take technical and organizational security measures to protect your personal data from loss, destruction or access by unauthorized persons in any accidental or deliberate manipulation. Our data processing and security measures are constantly improved in line with technical developments. Our personnel are trained in terms of protecting personal data and their access is restricted. Our company has an authority matrix. In accordance with the principle of data minimization, your data is collected only for purposes and to the extent that are necessary.

Security measures specifically include the transfer of encrypted data between your browser and our server.

Our Company is especially careful about sensitive personal data and pays whether the e-mail is an official e-mail and whether it is encrypted while transferring the data. In addition, the company uses SSL encryption technology and conducts data leak tests.

Your personal data are recorded by electronic or manual methods. Our company takes security measures in accordance with the method and quality of data retention, and personnel are trained to prevent data leakage.

2.11. Your Rights

In accordance with the legal provisions, as a related person, you have the right to get free information about your data stored by Talentate Human Resources at any time by contacting our company.

According to the provisions of article 15-22 of GDPR; you have the right to the information, correction, and deletion of your personal data as well as the restriction of data portability and processing. This also applies to automatic individual decision making, including profiling. If you give consent that your personal data can be processed, you can revoke this consent at any time to be valid in the future.

You can also claim your rights to rectification (Art. 16 of GDPR), deletion (Art. 17 of GDPR) or restriction of processing (Art. 18 of GDPR) against Talentate Human Resources at any time. This also applies to the right to data portability (Art. 20 of GDPR).

If you have given us your personal data based on your consent, you can revoke this consent for the future at any time (Article 7 (3) of GDPR).

If you think Talentate Human Resources is processing your personal data illegally, you can contact any data protection supervisory authority regarding for the complaint.

In addition, you have the right to object to the processing of personal data concerning you at any time in accordance with article 6 (1) for reasons arising from your particular situation. This may also apply to any profiling based on article 4 of the GDPR.

You can apply to our company at the address of Laan op Zuid 392, 3071AA Rotterdam to use your rights regarding your personal data.

2.12 Corrections

From time to time it becomes necessary to regulate the content of this information with regard to data protection. Therefore, we reserve the right to change this information at any time. We will also post the modified version of data protection information here. If you visit us again, you should re-read the data protection information.

Trusted By
Experience Talentate
Get A Personalized Product Demo That Meets Your Needs!
Buy Now
en de