Privacy statement
Introduction

Vebego B.V. (hereinafter referred to as: Vebego) is an internationally operating family business active in cleaning, healthcare, facility management, landscaping, and personnel services. Vebego is located in Voerendaal (Cortenbach 1, P.O. Box 23092 / 6367 ZH, registered in the trade register under number: 14007867). Together with its many subsidiaries, Vebego is responsible for the processing of personal data. In this statement, Vebego informs its stakeholders about the various data processing activities that take place.

 

Handling Personal Data

In the services provided by Vebego, people are central. With more than 100 companies that are part of Vebego and thousands of employees in Europe, personal data is processed on a large scale. Additionally, Vebego and its staff frequently work outdoors with customers and suppliers and collaborate with many external partners for their services. To protect all employees, the company, and its partners, Vebego takes privacy very seriously.

 

Regarding the topic of privacy and the protection of personal data, Vebego adopts a 'risk-based approach' in its operations. This means that it does not solely focus on compliance with laws and regulations but also focuses on the most extensive and risky processing activities and their security. Vebego recognizes that protecting personal data and keeping its organization privacy-proof is a dynamic process with many challenges. The processing of personal data from its many employees is most important, and this is where Vebego's focus lies. There is also a strong emphasis on creating awareness in the workplace regarding careful handling of all data.

 

Vebego is constantly seeking and will strive for the right balance between compliance—meeting legal and regulatory requirements—and maintaining a workable situation for all parties involved, with sufficient room for entrepreneurship and a passion for service.

 

Processing of Personal Data

Vebego processes, depending on necessity, among others, the following personal data:

  • First name
  • Last name
  • Date of birth
  • Email address
  • Phone number
  • Gender
  • (Residential) address
  • IP address

 

The processing of personal data within Vebego mainly occurs in the area of HR. Vebego only processes data from its employees that are necessary for creating and maintaining personnel and, if applicable, absenteeism files. During the employment period and for some time after the end of the employment, Vebego retains, in addition to the necessary basic employee data, a copy of the ID proof, references, certificates, and, if necessary/applicable, pre-screening documentation, A1 declarations, residence permits, work permits, notifications, or VAR statements.

 

Additionally, data from business relations is processed, namely from (potential) customers, suppliers, and (other) partners. The data that Vebego processes from its business relations are mostly business data and do not fall under the General Data Protection Regulation (GDPR). However, the data of contact persons (name, contact details, position) of all business relations are subject to GDPR. Vebego handles all data with great care. Business data is also treated very confidentially.

 

Purposes of Processing

Vebego collects and processes personal data for the following purposes:

  • To fulfill its role as an employer for many employees, both permanent and flexible, which includes but is not limited to: making and managing personnel files and absenteeism files, payroll administration, meeting obligations related to reintegration, assessing the suitability of employees for assignments, and deploying employees. Vebego also processes data from applicants in recruitment and selection procedures.
  • To fulfill its role as a contractor or supplier in many areas within the various facets of services in which Vebego operates, which includes but is not limited to: managing data of prospects, customers, and clients in CRM and maintaining these business relationships.
  • To provide data of permanent and flexible employees to clients and customers, which is necessary for the execution of an agreement. Many employees of Vebego are always on-site with clients/customers. The law requires Vebego to provide certain data of its employees to these clients/customers where the employees work. These clients/customers must be able to verify the identity of the employees and include data in their records. Where the basis for providing data is not legally established, but the client/customer still requests it, a review will always take place to assess whether the data provision complies with GDPR.
  • To process health-related data of patients by Vebego subsidiaries that operate in healthcare. This processing is justified by the exception in GDPR regarding the prohibition on processing such data when it is done by healthcare institutions. The processing occurs for the execution of the agreement regarding medical treatment or with another justified basis.
  • To exchange data within Vebego Holding, with and between subsidiaries for the optimization of services.
  • To provide data of employees to the national government where requested/required, for example, to obtain a certificate of conduct for employees.
  • To monitor or control employees, for example, with a personnel tracking system. This occurs only when there is a concrete reason and is necessary to investigate incidents. A review will always take place to see if the problem/incident can be resolved with less intrusive means.
  • With a view to the security of individuals, buildings, grounds, and property of Vebego, camera surveillance may be used. The cameras film no more than the entrance of the buildings and possibly other areas around the buildings and grounds. The camera footage is not used for purposes other than security and is not retained longer than permitted. Camera surveillance may also take place at clients or customers of Vebego where employees are deployed. Vebego has no visibility into this and is not responsible for it. The respective client or customer must inform all employees (own employees and hired employees) about this.
  • To provide data to processors of Vebego, which is necessary for the execution of an agreement between Vebego and this processor. A processor of Vebego must always sign a data processing agreement in which the rights of the data subjects are sufficiently safeguarded and the processor is required to secure the data appropriately.
  • To send newsletters to existing customers and other stakeholders who have indicated a desire to receive the newsletter, keeping them informed of developments and offers. There is an option to unsubscribe from the newsletter. Email addresses are used solely for the services of Vebego and are not provided to third parties without permission.
  • If the client gives permission, email addresses may be provided to third parties such as advertising providers for offering personalized advertisements. If the client withdraws this consent, this service will be terminated.

These processing activities always have a legal basis, such as your consent, necessity for the execution of an agreement (or pre-contractual measures) in which you are a party, necessity to comply with our legal (retention) obligation, or necessity to safeguard our legitimate business interest, which we will always weigh against your right to privacy.

 

When personal data is processed without falling under one of the above purposes, a review will always take place to assess whether one of the legal purposes applies and whether a lawful basis for processing exists.

 

Providing Data to Third Parties

Providing personal data to third parties may be necessary to fulfill an agreement or to comply with laws and regulations. Data is shared within Vebego and the various subsidiaries. This provision occurs with the aim of improving services, enhancing customer experience, improving working conditions, safeguarding the health of our employees, and reducing absenteeism. Vebego does not provide personal data to third parties for commercial gain under any circumstances.

 

To fulfill agreements with clients/customers and one of the purposes mentioned above, Vebego must provide data to these parties. Vebego always checks whether the client/customer is requesting more data than necessary for the purpose and makes agreements with these parties to ensure the protection of this data. If required by law, Vebego will provide data to the national government or enforcement agencies.

 

(Sub-)Processors

Vebego uses sub-processors to carry out its services. To fulfill its employer role, Vebego may outsource services to third parties. Examples include outsourcing payroll administration, IT management, strategic workforce planning, and hiring freelancers. These third parties may process personal data, whereas being classified as processors under GDPR. Vebego demands a high level of protection for personal data from its processors. The standards for processors are higher than for Vebego itself, as the data is taken outside the Vebego environment, and processing occurs with less visibility for Vebego. Processors are also selected based on their privacy policies, agreements are contractually established, and compliance is monitored when necessary.

 

Information Security

Most of the data processed within Vebego are employee data. This means that the risks regarding employee data are the greatest. Therefore, Vebego focuses on securing its IT processes and systems and protecting the privacy of its employees. This focus is reflected in security measures, particularly directed at the central technical infrastructure, which includes the IT Platform, the ERP Platform, and access to the central server from decentralized locations. The security is aimed at protecting the information itself and the means by which it is stored, such as various information systems, hardware, operating systems, databases, corporate networks, and physical locations. Vebego always takes technical and organizational measures to prevent misuse, loss, and unauthorized access to personal data, with all consequences thereof.

 

Retention Policy

Data is not kept longer than the retention periods set by law or the Exemption Decision of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). Vebego maintains a retention policy in which all periods applicable to data processing are recorded.

 

Access, Modification, Deletion of Personal Data

Data subjects have the right to:

  • Request access to the processed personal data.
  • Request rectification or deletion of personal data.
  • Request the restriction of the processing concerning them.
  • Object to the processing and the right to data portability.

 

Requests as mentioned above regarding employee data can be submitted by sending an email to info@vebego.nl.

 

Business relations can submit a request regarding the aforementioned rights to their contact person within Vebego. The contact person will share this request with the Privacy Officer of Vebego, who will respond to the request within one month at the latest. It may be necessary to provide additional information and/or documentation (including for verifying the identity of the requester) to process the request.

 

Complaints or suspected misconduct regarding the processing of personal data within Vebego can be reported to the contact person within Vebego, or to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), or to the Privacy Officer of Vebego.

 

 

Cookies statement

 

Vebego uses functional cookies and/or web statistics cookies on its corporate website(s). Additionally, Vebego uses cookies to share the content of our website via social media. On the intranet websites accessible to employees, only functional cookies are used to gather information about the technical functioning of the intranet. The use of these cookies does not impact the privacy of intranet visitors, as no personal data is processed with these cookies.

 

Cookies are small text files that are stored on your device, such as your computer, phone, or tablet when you visit a website. This text file contains information that can be read by the website during a later visit. JavaScripts and web beacons are examples of similar techniques that, together with cookies, enable a system to collect information.

 

Below we provide an overview of the different types of cookies used and their purposes.

 

Functional cookies

Functional cookies are necessary for the functioning of a website. For example, these cookies ensure that information from one page is carried over to the next. This way, you do not have to fill in the same information every time. Your prior consent is not required for the use of these cookies.

 

Analytical cookies

Analytical cookies are used to analyze your visit to our websites. For example, we analyze the number of visitors to our websites, the duration of visits, and the order of the pages visited. Using the collected information, we can make our websites more user-friendly. To carry out these measurements, we use (but not limited to) Google Analytics, Hubspot, Leadinfo*, Visual Website Optimizer, and Vimeo.

 

With analytical cookies, we collect the following data:

  • The number of visitors to our web pages.
  • How long a visitor stays on our website.
  • What visitors are searching for.
  • Which version of the website is being presented (A/B testing).
  • Information about your browser and device used to visit our website, such as operating system and screen size.
  • How you arrived at our website (for example, by clicking on a link in one of our emails).

 

* Vebego uses the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

 

Tracking Cookies

Tracking cookies, often placed by third parties, are used for commercial and promotional purposes. The data collected through these cookies are linked and analyzed to develop profiles, allowing us to show the most relevant information and personalized offers on Vebego's websites.

 

Only if you have given prior consent will we use tracking cookies for commercial purposes.

 

Cookies from External Parties

Some cookies are placed with the consent of Vebego by third parties to draw your attention to certain products and services or to give you direct access to social media.

Examples include:

  • Google Maps
  • LinkedIn
  • YouTube
  • Facebook

 

These cookies enable us to display maps on our websites, play videos, and measure traffic between our websites and social media platforms like LinkedIn and Facebook. For cookies placed by these external parties, the information they collect, and the purposes for which that information is used, we refer you to the privacy statements of these parties on their own websites.

 

Contact Information

If you have questions about the above or complaints regarding how we handle personal data, you can contact:

 

Nicky Waals

E-mail: nicky.waals@vebego.com

 

Finally

Vebego reserves the right to make changes to this Privacy and Cookie Statement. The changes will be announced via the website and will replace the previous version.

 

Latest version: 25-10-2024