Randstad Sourceright´s service provider privacy notice.

1. Randstad Sourceright is a processor to its clients 

This privacy notice explains how Randstad Sourceright processes your personal data as part of its service delivery. When Randstad Sourceright delivers services to its clients, like RPO or MSP services, it will collect and process your personal data on their (the client’s) behalf and on their instructions. 

Where we process your personal data as part of our service delivery to our client, that client will be your controller. As controllers, our clients are responsible for providing you with a privacy notice describing what personal data they collect, the legal grounds for doing so, what they use it for, how it is disclosed, and what your individual rights over your data are. This privacy notice is not intended to replace that of the controller. Its goal is to explain Randstad Sourceright’s role as service provider to our clients, and a non-exhaustive overview of what personal data we process on their behalf. 

2. What personal data do we collect?

Randstad Sourceright processes personal data that our client has provided us, and/or that we may collect from you on behalf of our client. These categories of personal data will vary depending on the service we provide and on their specific instructions. 

For example: your name, date of birth, gender, email address, home address, phone number, rates of pay, CV, qualifications and certifications, copy of passport or ID document/data from passport or ID document, bank account/IBAN, company registration number, social security number…

3. What do we use your personal data for?

Randstad Sourceright uses the Personal Data to provide the services to our clients pursuant to the applicable data processing terms with those clients. 

In its capacity as a processor, Randstad Sourceright only processes your personal data as per the instructions of the controller, for their benefit, and on their behalf.

This may include the following processing activities: job seekers profile review, shortlisting, contingent worker/cloud based vendor management onboarding process, timesheet submission review, approval process, provision of reference and security checking services, compliance checks, provision of payroll services, analytics, reporting business reviews etc.

4. With whom do we share your personal data?

Randstad Sourceright does not disclose your personal data to third parties except where permitted or requested by our client as necessary to provide our services, or where required by law. We may share your personal data for example with other Randstad group of companies,  third parties providing HR (e.g. payroll)-IT, marketing (e.g. CRM and/or BI Tool)-related services to us, with providers of professional services (e.g. auditors, tax- and legal advisors) or public authorities, law enforcement authorities, courts and regulatory authorities. 

5. International data transfers

For the purpose of our service delivery to our clients, your personal data may be transferred internationally (e.g. shared or accessed from outside of the European Economic Area or the United Kingdom). If we transfer your personal data internationally, we will only do so in line with applicable law, ensuring appropriate safeguards are in place. 

Such international transfer will only take place where:

• The laws of the country to which your personal data is transferred ensure an adequate level of data protection; or
• the transfer is subject to standard data protection clauses approved by the competent authority; or;
• any other relevant safeguard as required under applicable data protection law are in place.

6. How we will protect your personal data

We have technical and organizational security measures in place to protect your personal data from being accidentally lost, used, altered, destructed, disclosed or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data are governed by Randstad's rules for information and IT security, data protection and other internal regulations and guidelines as well as our client's requirements applicable to the processing of personal data.

7. How long do we keep your personal data?

Retention periods depend on the data processing terms with our clients and their choices, type of personal data, purposes of its collection and processing, and applicable law.

8. Your data protection rights

In case you want to exercise any of your individual rights (e.g rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability, to object, in relation to automated decision making and profiling, to lodge a complaint with a supervisory authority) or have other questions about your personal data, we request you contact our client directly. In case you direct your queries at us via rsrdpo@randstad.com, we will forward these to that client as we are not in a position to respond or act on our own accord. Where so instructed by our client, your controller, we may support the fulfillment of your individual rights request.

You can consult our privacy notice for those cases where we act as controller. 

9. Changes to this privacy notice

We may update this notice from time to time. You can see the date on which the last change was made below. We advise you to review this notice on a regular basis so that you are aware of any changes. 

This statement was updated on: 28/08/2023