Version 2.0 – 23 April 2020
Imkey B.V. (‘Imkey’) and its associated companies are Dutch companies. We are engaged in the European Economic Area (EEA) and store our data on servers EEA and in the United States. The parties in the United States with whom we store our data are certified under the EU-U.S. Privacy Shield Framework and have consequently taken appropriate safeguards.
Our service enables you to create CVs with the aid of templates. We process your personal data when you use our services, applications, websites and software. For ease, we will hereafter refer to this as the “Service” In this privacy statement we provide a concise description of when and how we collect, use and secure your personal data.
The provisions of this privacy statement may be amended. We will let you know when we do so. However, we advise you to check for yourself from time to time whether the privacy statement has been changed.
There are various ways in which we can collect your personal data. In this section we explain which personal information we can collect from you. The personal data is sorted according to the different processing objective. For each objective it is indicated how long the personal data are stored for the relevant purpose. If any changes occur in statutory retention periods, these will apply to the retention periods mentioned in this privacy statement.
Personal data directly collected by us or directly provided by you to us.
3.1 Processing data pursuant to a statutory basis
1) Administration obligations: we retain these personal data for 10 years maximum
your name
your address
your VAT identification number
invoice and payment details
These personal data must be provided to us if you wish to use our Services. The reason is that we need these data to fulfil our statutory (administrative) obligations.
3.2 Processes that are necessary for the execution of an agreement concluded by you (providing the Service),
1) General: we keep this personal data up to 2 years after the end of the agreement (before we delete your data we will ask you if you should still want to keep your account any longer).
name
work and/or personal email address
session ID/bank/payment information
date of birth
sex
telephone number
employer
work-related role(s)
other positions held
hobbies
qualifications
references
courses attended
internships
the languages you speak
interests in respect of career development
companies you would like to apply to work for
links to websites and/or your social media accounts
photos uploaded by you
skills
Any other personal data you submit when creating a CV or when you contact us.
If you wish to use our Service, you must provide us with your name, e-mail address and payment details. The reason is that these personal data are required to be able to provide the Service to you. We also need to process your session ID so that we can distinguish you from other users. You may provide the other personal data listed above when you create a CV. However, you are not required to provide that personal data to us. If you do however provide us with that personal data, we will process it to create your CV.
If you choose to log in to our Service via your social media account, we automatically receive your name and profile photo from your social media provider. We use this personal data to populate your CV meanwhile.
You can share your CV with third parties via our Service, but only after you have given permission for this in advance. We record your consent, along with the date and time you gave your permission, and the IP address from which you gave permission. If you have given consent, we will share your CV and the personal data contained within it with the parties you have selected.
3.3 Processing in order to look after our legitimate interests
1) Improvement of our services: we keep these personal data for a maximum of 2 years after they have been collected
IP address
device ID
user ID
operating system
login time, date and place
how you handle our website and Service
2) Keeping the Service safe and preventing abuse: We keep these personal data for 1 year after they have been collected (if we discover abuse, we may keep these personal data for an indefinite period of time to protect our Service.)
IP address
device ID
session ID
operating system
login time, date and place
payment location
type of connection
3) In order to inform you about our other services (if you have purchased a paid service from us): we keep these personal data until you state that you no longer wish to receive marketing information
We process this personal data on the basis of an evaluation of interests. If you do not want to provide the data under 3.3.1 or 3.3.2, we ask you to let us know by stating your reasons. We will consider your reasons and re-evaluate the interests. If, after a new evaluation of interests, we come to the conclusion that you still need to provide your personal data, you will not be able to use our Service if you refuse to provide such personal data. More information about your rights can be found below under the heading ‘Your rights’.
You can unsubscribe yourself from the processing mentioned under 3.3.3 by following the unsubscribe instructions that are included with each marketing e-mail. If you unsubscribe, this will not affect our ability to send you important e-mails about the Service and your account. In addition, it does not affect our ability to use your personal data as described in this privacy statement.
3.4 Processing with your permission
1) To inform you (at your request) about the service you have followed or other services offered by us: we keep these personal data until you let us know that you no longer wish to receive marketing information
name
organisation
e-mail address
2) In order to inform you at your request and to answer your questions: we keep this personal data for a maximum of 2 months after your request or question has been processed
name
organisation
e-mail address
other personal data entered by you when contacting us
3) Tracking cookies: we retain this personal data for a maximum of 2 years after you visit our website. For more information about cookies, please refer to our cookie policy at: https://resume.io/cookies.
online/cookie ID number
IP address
device ID
pixel ID
your use of our website
The web page from which you originate
your location
how you use our Service
what purchases you make
which advertisements you have seen
You are not obliged to provide these personal data to us. If you do not provide the personal data to us, this will not have any negative consequences for your use of the Service. You can therefore continue to use the Service. We only process these personal data if you have given permission for processing and they will only be processed once you have effectively given your consent or provided the personal data by yourself.
Unless otherwise stated in this privacy statement, we do not describe, sell or trade any personal data about our visitors and users to third parties.
4.1 Sharing with processors
We may ask others to assist with the provision of the Service. Such third parties may process your personal data. These third parties are referred to as “Processor” in this privacy statement. We conclude processing agreements with these processors.
We use the following types of Processors:
developers and suppliers of software;
storage of (personal) data and database management and maintenance;
research agencies and analytical software to improve our services and website (including privacy-friendly Google Analytics settings to prevent sharing personal data with Google);
ticket managers for customer support;
managers of evaluation forms;
hosting provider(s);
providers of relationship-management software.
In some cases, the Processor may collect your personal data on our behalf. We inform the Processors that they may only use personal data obtained from us to enable the provision of the Service. Processors may not use this information for advertisements.
We bear no responsibility if you provide additional information to these processors by yourself. It will be useful to be properly advised about the Processor and his company before you provide your personal data.
4.2 Sharing with your permission
We may moreover share personal data with others if you give us permission to do so. For example, we can work with other parties to offer you specific services or offers. If you register for these services or marketing offers, we may provide your name or contact details if necessary for providing such service or for contacting you.
4.3 Our legal responsibility
We may furthermore share personal data with third parties if this is:
reasonably necessary or appropriate to fulfil legal obligations;
is necessary to fulfil legal requests from authorities;
is required to respond to any claims;
is necessary to protect our rights, property or safety as well as that of our users, our employees or the public;
is necessary to protect ourselves or our users against fraudulent, abusive, inappropriate or unlawful use of the Service.
We will immediately inform you if a government agency makes a request that relates to your personal data, unless we are not allowed to do so pursuant to the law.
4.4 Merger or sale of (part of) the company
Your personal data may be disclosed, shared or transferred in case we transfer part of our business. Examples include (negotiations about) a merger, sale of parts of the company or in order to obtain financing. We will obviously try to limit the impact for you as much as possible by transferring personal data only if necessary.
We believe it is important to treat your personal details with due care and to protect them. We have therefore taken appropriate technical and organisational security measures for the protection of your personal data. We have at any rate taken the following measures:
We have implemented physical and electronic measures designed to prevent unauthorised access, loss or misuse of personal data as much as possible.
We use SSL/TLS (Secure Socket Layer/Transport Layer Security) technology where necessary to encrypt transmission of sensitive information or personal data to us, such as account passwords and other payment-related identifiable information.
Two-step authentication is used where reasonably possible in order to prevent unauthorised access to personal data to the greatest extent.
Where reasonably possible, backups of personal data are made.
Sensitive information is stored encrypted wherever possible.
Vulnerabilities in the software are dealt with as quickly as reasonably possible.
We would like to point out that absolute security for the transmission of personal data via the internet or the storage of personal data cannot at all times be guaranteed.
Our Services may contain links to other websites and services. In addition, our Service may moreover be provided with third-party advertisements. Third-party websites and services may keep information about you. We have no control of these sites or their activities. We have no involvement if you provide your personal data to third parties. In that case, the privacy policy of such third party applies. We bear no responsibility with regard to the content of the privacy policy of such parties and the way in which these parties deal with personal data. We encourage you to review their privacy and security practices and policies before you provide personal information to them.
Privacy legislation gives you certain rights in respect of your personal data. The rights described below are not absolute rights. We will always weigh up the interests in respect of whether we can reasonably fulfil your request. If that is not possible, or if it would infringe on the privacy of others for example, then we can refuse your request. If we refuse a request, we will justify our decision.
Right to view
You are entitled to ask us what personal data we process. You can also ask us to give you an insight into the processing purposes, relevant categories of personal data, the (categories of) receivers of personal data, the period of retention, the source of the data and whether or not we use automated decision making.
You may also request a copy of your personal data processed that we process. If you would like additional copies, we can charge you a reasonable sum for this.
Right to rectification
If your personal data which we process is incorrect or incomplete, you can ask us to amend or supplement your personal data.
If we agree to your request, we will inform the parties to whom we provide data about it insofar as that is reasonably possible.
Right to deletion of data
If you no longer want us to process specific elements of your personal data, you can ask us to delete some (or all) of your personal data. Whether or not we will delete the data depends on the purpose of processing. We only delete data we process on the basis of statutory obligations or to fulfil the agreement if the personal data is no longer required. If we process data on the basis of justified interests, we only delete data if your interests outweigh ours. We will make this judgement. If we process this data on the basis of consent, then we will only delete the data if you withdraw your consent. If we have accidentally processed your data unlawfully, or a specific law stipulates that we must delete data, then we will delete the data. If the data is necessary for the administration of legal proceedings or (a legal) dispute, then we will only delete the personal data once the procedure or dispute has been dealt with.
If we agree to your request, we will inform the parties to whom we provide data about it insofar as that is reasonably possible.
Limitation of processing
If you dispute the accuracy of personal data processed by us, if you believe we have processed your personal data unlawfully, if we no longer require the data, or if you have objected to the processing, you can also ask us to limit the processing of that personal data. For example, for the period of time we need to assess your disputation or objection, or if it is already clear that there is no (longer a) legal basis on which to process that personal data, but it is in your interests for us not to delete your data yet. If we limit the processing of your personal data on your request, we can still use that data for the administration of legal proceedings or a (legal) dispute.
Right to transfer
On your request, we can transfer the data we process to fulfil the agreement, or on the basis of your consent, and which is automatically processed, to you or another party nominated by you. You can submit such a request at reasonable intervals.
Automated individual decision making
We do not make an decisions based exclusively on automated processing.
Right to object and withdrawal of consent
If we process your data based on a justified interest, you may object to this processing. If we process data with your consent you may withdraw that consent. Please refer to the relevant processing purposes above for more information.
Exercising your rights
You can send a request to view, correct, delete, or transfer your personal data, or the withdrawal of your consent, or your objection to the processing of your personal data to [email protected].
To prevent misuse, we require sufficient identification when you submit a written request to view, amend, or delete your data. You can do this by sending a copy of valid proof of identification with your request. Do not forget to redact your citizen service number and photo on the document.
We aim to process your request, complaint, or objection within a month. If it is not possible to make a decision within a month, we will inform you of the reasons for the delay and of the timeframe within which we expect to inform you of our decision (no longer than 3 months after receipt).
Data Protection Authority
Please contact us if you have a complaint about our processing of your personal data. We would be happy to assist you. If we are unable to achieve a resolution together, you are entitled to lodge a complaint with the supervisory authority, the Data Protection Authority, in accordance with privacy legislation. You can contact the Data Protection Authority via https://autoriteitpersoonsgegevens.nl/.
If you have any questions, issues or comments about this privacy statement, please contact us via e-mail [email protected], or by post at: Imkey B.V., Van Coothplein 39A, 4811 ND Breda, The Netherlands.
Resume.io // Imkey BV
van Coothplein 39a
4811 ND Breda, Netherlands
CoC: 60887737
VAT: NL854104379B01