Cronos International respects and protects the privacy of all individuals, including customers, employees and other stakeholders. As a consequence, Cronos International commits itself to comply with the GDPR and to take appropriate actions to ensure personal information is protected against unauthorized use, disclosure, modification or destruction, whether intentional or accidental.
Cronos International is committed to safeguarding the privacy of the personal data that we gather on our prospective, current and former employees and freelancers for management, human resources and payroll purposes.
Our Privacy Statement complements other management systems linked to quality, information security, environment and service management. The Statement provides a clear, transparent, and effective framework for collecting, using, disclosing and storing personal data for employment-related and transactional purposes, whether by us or by any third party authorised to do so.
All the tools and processes we have developed or customised comply with the Privacy Statement. As an example, these include the pool of resources, availability management tools and processes, and the automated CV generator.
In line with the GDPR and with privacy best practices, the staff, employees, freelancers and subcontractors of Cronos International are responsible for protecting the personal data of each of these constituencies as well as any personal data related to third parties and external stakeholders (such as customers). Our Privacy Statement details and governs this responsibility.
Our Statement is addressed to all internal and external employees, freelancers and subcontractors working on behalf of Cronos International. It provides a comprehensive overview of how we collect, use, disclose and store employee data in the employment lifecycle.
The five tenants of privacy trust underlying our approach:
Who uses and discloses personal data, which data, and why. How to exercise privacy rights, how we protect personal data, and how to access and update personal data.
We value individuals' choices to pursue careers at Cronos International, we respect whether and how they elect to participate in certain opportunities we may offer to our employees, and we obtain permission from our employees to use and share certain types of personal data in accordance with applicable laws and regulations.
As a company with employees from different nationalities and backgrounds, we understand that employees, freelancers and subcontractors may have different levels of concern about their privacy based on cultural and personal perspectives and experiences.
We therefore only collect, use and share the personal data we need for employment-related purposes and to the extent permitted by applicable law.
We provide employees with reasonable choices to decide how their personal data is used and shared for certain employment-related purposes.
We use technical, physical and administrative measures based on the sensitivity of the personal data to protect it from loss, misuse and unauthorized access, disclosure, alteration or destruction. As an example, Cronos International is ISO27001:2013 (Information Security Management System) certified.
We strive at all times to treat our stakeholders, including our employees, in a manner consistent with the company's values.
2. Information we collect
- name, gender, home address and telephone number, date of birth, marital status, emergency contacts;
- residency and work permit status, nationality and passport information;
- social security or other taxpayer identification number, banking details;
- sick pay, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependants and beneficiaries);
- date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended;
- records of work absences, vacation entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures;
- where proportionate in view of the function to be carried out by an employee or prospective employee, the results of criminal background checks, screening, driving licence number, vehicle registration, fuel consumption data and public transport expenses;
- information required to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g. child support and debt payment information);
- acknowledgements regarding Cronos International policies, including information security, quality and environmental policies;
- information captured on security systems, including CCTV and badge entry systems;
- e-mails stored or transmitted by an employee using a Cronos International computer or communications equipment and which are not labelled as “private”;
- log file information when working on Cronos International computers devices, servers or systems;
- date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g. references).
Most of the personal data we process is information that you knowingly provide to us. In some instances, we process personal data that we are able to infer about you based on other information you provide to us, or on our interactions with you, or personal data about you that we receive from a third party with your knowledge.
Sensitive data (e.g., data revealing ethnic origin, religious or philosophical beliefs, health, sexual orientation, political opinions or trade union membership) are collected only where required by law and are used and disclosed only to fulfill legal requirements.
3. How we use your information
We use personal data concerning employees in order to:
- evaluate applications for employment;
- manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes;
- develop manpower and succession plans;
- maintain sickness records and occupational health programmes;
- protect the safety and security of Cronos International staff and property (including controlling and facilitating access to and monitoring activity in secured premises and activity using Cronos International computers, communications and other resources);
- investigate and respond to claims against Cronos International;
- contact Cronos International employees, freelancers and subcontractors for safety purposes in case of environmental catastrophes, terrorist attacks or other unforeseen circumstances;
- maintain emergency contacts (which involves Cronos International holding information on those you nominate in this respect);
- administer termination of employment and provide and maintain references;
- monitor the performance of the company’s QMS (quality management system), ISMS (information security management system) and EMS (environmental management system);
- comply with applicable laws (e.g. health and safety), including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments).
There are Closed Circuit Television (CCTV) cameras in operation within and around Cronos International offices, which are used for the following purposes:
- to prevent and detect crime;
- to protect the health and safety of Cronos International visitors and staff; and
- to manage and protect Cronos International property and the property of employees and visitors.
We monitor log-file information (such as logical access events, creation-deletion-modification of documents, modifications to computer configurations, administrator events, etc.) in accordance with the Cronos International Information Security policies and any other acceptable use policies.
We outsource most of the administrator and operator tasks to Smartsys, a company of De Cronos Group that is ISO27001 certified.
4. Disclosures of your personal data
In order to carry out the purposes outlined above, we disclose your information only for the purposes set out above to human resources staff, line managers, consultants and other appropriate persons in Cronos International or De Cronos Groep. On top of theses, we may disclose your information to service providers and suppliers, to customers and legal authorities, under the conditions detailed below.
Service providers and suppliers
Like many businesses, we outsource the processing of certain functions and/or information to third parties, mostly within De Cronos Groep. Within De Cronos Groep appropriate safeguards are in place such as Binding Corporate Rules (BCRs).
When we do outsource the processing of your personal information to third parties or provide your personal data to third party service providers, we contractually oblige those third parties to protect your personal data with appropriate security measures and prohibit them from using your personal data for their own purposes or from disclosing your personal data to others.
Customers / Business transfers
Cronos International facilitates IT careers in European Institutions and provides expert resources and consultancy services to these organizations. In these transactions, Cronos International reserves the right to include your personal information as an asset in any such transfer.
Therefore, Cronos International has data bases and specific tools (e.g. the Automate CV Generator) where employees, freelancers and subcontractors can update their personal data (contact information, working experiences, technical skills, educational background, professional certifications and registrations, language capabilities, training courses attended, etc.) to provide potential customers with updated CVs.
This information will not be publicly available and will never be used for other purposes. E-mail and mobile number will be used for contacting purposes or for safety purposes in the unlikely event of environmental catastrophes, terrorist attacks or other unforeseen circumstances.
Legal authorities / legal requirements
We reserve the right to disclose any personal data we have concerning you if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property. We also reserve the right to retain information collected and to process such information to comply with accounting and tax rules and regulations.
5. How (long) do we store your information
As other companies within De Cronos Groep, we have centralized parts of our data processing and of our human resources administration within the holding company. As such, De Cronos Groep processes most of your personal information.
The Data will be retained for no longer than necessary to achieve the aims for which they were collected and subsequently processed or required by law.
- Personnel, CV and payroll administration: up to a maximum of 5 years after termination of employment;
- Employment and freelance contracts: up to a maximum of 7 years after termination of employment;
- Personal data of candidates: up to a maximum of 1 year;
- Other personal data: up to a maximum of 3 years after collection of the data.
All personal data of employees collected and processed by Cronos International or De Cronos Groep (companies) is stored and processed locally and within the European Union.
As a ISO27001:2013 certified company, Cronos International uses reasonable safeguards to secure and protect the collected information and takes reasonable steps to verify the identity of the user when he or she seeks to log in into the CV application.
6. Your choices and rights concerning your information
a) Right of access and right to data portability
With some limited exceptions, you may inquire about the personal information we maintain about you by sending us a written request by letter or e-mail to the addresses set out in Section 7 below. Please be sure to include your full name, current (or last) job title and place of employment so we can ascertain your identity and the personal information we maintain about you. On request, Cronos International will provide the personal data concerning a data subject (which he or she has provided to Cronos International) in a structured and machine-readable format. We may not disclose data that you are not entitled to receive under applicable laws (e.g. data revealing information about another individual).
b) Right to rectification
You may request that we correct personal information that we hold about you by sending a letter or email to the address set out in Section 7 below. If we agree that the information is incorrect, we will delete or correct the information. If we do not agree that the information is incorrect, Cronos International will, nevertheless, record the fact that you consider that information to be incorrect in the relevant file(s).
c) Right to erasure, to restriction of processing and to object
You may request that we erase or stop processing personal information that we hold about you by sending a letter or email to the address set out in Section 7 below. If we agree that the information processing should be stopped, we will delete the information without undue delay. Unless we can demonstrate compelling legitime grounds for the processing, or for not erasing the personal data, for compliance with a legal obligation or for the defence of legal claims, we will no longer process the personal data.
7. How to contact us
If you have any questions about this Statement, or any concerns or complaints with regard to the administration of the Statement, or if you would like to submit a request (in the manner described in Section 6 above) for access to the personal information that we maintain about you, please contact us by any of the following means:
- for current internal employees, by contacting the general manager; and
- for applicants, freelancers, external employees and former employees, by contacting the HR responsible at firstname.lastname@example.org.
As indicated above, all requests for access to your personal information must be submitted in writing.
8. Changes to our Privacy Statement
Just as our business changes constantly, this Statement may also change. To assist you, this Statement is dated and has an associated version number on the front page and footer of this document. Paper copies of this document are to be considered outdated. Only the electronic version published on the Cronos International CV application represents the last updated version.
In the occasion of major changes to our Privacy Statement, Cronos International will make reasonable efforts to inform all data subjects by e-mail.