Privacy policy

1. Scope of this privacy statement

This privacy statement applies to:

  • ByYourSite BV, which provides the recruitment platform used by End Users.
  • Source International BV, which supports the development and maintenance of the recruitment platform.
  • BYS Hosting BV, which is responsible for hosting the recruitment platform and ensuring its availability.
  • ByYourSite BV, Source International BV, and BYS Hosting BV will be referred to hereafter as “the Companies.”

2. Purpose of this statement

The Companies believe that the privacy of the persons they do business with is very important. The Companies actively promote privacy awareness among their employees. Employees are trained in privacy protection and information security. The Companies have taken technical and organisational measures to protect the personal data they process.

The purpose of this privacy statement is to inform the customers of the Companies about the personal data processed, how this information is used and shared, and the rights data subjects have and how they can exercise these rights.

3. What does processing of personal data mean?

Personal data is defined as any information relating to an identified or identifiable natural person (‘data subject’). Processing personal data includes the following activities: collecting, recording, saving, viewing, adapting, using, publishing, transferring and deleting of personal data.

4. What personal data is processed?

The Companies process the personal data of:

  • Persons who are using the services provided by the Companies as an End User and/or Customer
  • Persons who represent a legal entity that is configured within one of the Companies' platforms or services
  • Persons making use of any digital platforms or applications of the Companies
  • Persons who wish to utilize payment or account information-related services provided by the Companies
  • Persons whose data has been entered, uploaded, emailed to, retrieved from connected systems, or otherwise inputted into the platforms of the Companies (e.g. applicants who have applied to a vacancy)
  • Natural persons with whom any of the Companies is engaged
  • Persons who visit the Companies’ websites but are not (yet) customers
  • Job applicants

Of these data subjects, the following data is processed:

  • Name, postal code, country, location and/or date of birth
  • Contact details such as telephone and e-mail address
  • Resume and employment history of job applicants
  • Educational background of job applicants
  • Data provided or derived for personality assessment purposes (e.g. assessment results, responses to personality tests or evaluations)

5. What is the personal data used for?

The personal data is used by the Companies for the following purposes:

  • To assess work experience
  • To assess educational experience
  • To perform personality insights
  • To comply with legal requirements
  • The Companies’ legitimate interest, e.g. fraud detection, safety of transactions
  • The consent given by the data subject. This consent can be revoked at any time

6. Protection of Personal Data

The Companies have measures in place to ensure that client data is stored securely to prevent unauthorized access. Systems are protected through a combination of physical and electronic access controls, firewall technology, and other security measures. Access to systems is segregated to ensure that only staff who facilitate the purpose for which data was shared have access. IT administrators with broader access sign additional agreements obligating them to protect client data. The Companies require the same standards of security from their service providers.

7. Personal Data shared

The Companies may use third parties for certain services that require the processing of personal data, such as specialized personality insight providers, IT service vendors, and auditors. In these instances, only the necessary personal data is shared and third parties are obligated to uphold the same standards of data protection and privacy. The Companies do not share personal data outside the EU.

8. Data minimization

  • All personal data is stored for a finite period of time: the duration required to conduct a hiring process.
  • Personal data will be deleted or anonymized if no longer necessary: all personal data will be deleted after completing the hiring.

9. Rights of data subjects

Data subjects have the following rights regarding their personal data:

  • The right to information about which personal data is processed and for what purpose
  • The right to request rectification or deletion of their data
  • The right to restriction, meaning the right to limit how the Companies may use their data in the future
  • The right to request a copy of their personal data
  • The right to object or file a complaint about the collection, processing, and storage of their data

10. How to exercise these rights

Data subjects can exercise their rights by sending an email to the Companies:

For the attention of the Privacy Officer

privacy@byyoursite.com

If deletion of personal data is requested, please note this can only be executed if data retention is not mandated by law or regulation. If access to data is requested, the Companies will provide an overview of the processed and stored data or copies of documents containing personal data.

The Companies will respond within one month of receiving a request. If a longer response time is anticipated, the Data Subject will be informed. Identification will be required to exercise these rights.

The same contact can be used to submit complaints about how personal data is processed. Please indicate which of the Companies the complaint concerns. An acknowledgment of receipt will be provided along with an explanation of the complaint handling procedure. If the Data Subject is not satisfied with the outcome, they may file a complaint with the Dutch Data Protection Authority.

11. Use of Artificial Intelligence (AI)

The Companies may use Artificial Intelligence (AI) technologies to support certain internal processes, such as automating insights, analyzing trends, or enhancing user experience. However, the Companies strictly prohibit the sharing or transmission of personally identifiable information (PII) to any AI systems unless such information has been explicitly provided by the data subject, such as through a public profile (e.g., LinkedIn) or through direct consent. AI systems are only used in ways that are consistent with the Companies’ data protection policies, ensuring that personal data remains secure and is processed lawfully, transparently, and for legitimate purposes.


Date of this Privacy Statement: May 19, 2025.

The Companies reserve the right to unilaterally amend this Privacy Statement. This version is the most recent. Previous versions are available upon request.