Last update: April 2019
- Who are we and what do we do?
We are Oedipus Brewing B.V. (“Oedipus”). We produce and deliver special beers to cafés, restaurants, liquor stores and supermarkets throughout the Netherlands and also internationally. In the tasting room of the brewery we organize cultural events where we introduce our beers to a diverse group of people. With our team we further often attend national and international beer events. Besides that we organize our own festivals. You can find more information about our services on the website: oedipus.com (“Website”).
- What is this?
- Privacy and the Relevant Legislation
Your privacy is important to us. We comply with the new General Data Protection Regulation (“GDPR”), which legislation has replaced the various privacy laws in European member states as per 25 May 2018. This legislation will hereinafter be referred to as the “Relevant Legislation“.
- What are ‘personal data’?
Personal Data means all information that could be used to directly or indirectly identify you. This definition is in accordance with the Relevant Legislation.
- Our role as Data Controller
We receive personal data from you as part of our application procedure. These are mainly personal data that you send to us via firstname.lastname@example.org when you apply to us. Some data we collect ourselves later on in the application process.
- Which Personal Data do we process and for which purposes do we use them?
By providing our services, we receive Personal Data from you. These are mainly personal data that you send to us via one of the e-mail addresses on our Website.
We may process the following personal data for the purposes mentioned below:
|(Personal) data:||Purpose(s):||Legal basis:|
|6.1 Contact information:
Your e-mail address and other contact information of the contact person (i.e. name, phone number, address.
|6.2 We use these data to:
– Contact you about your application;
– Keep contact with you about your application.
|We may process these personal data, because we need these personal data to perform our contact with you about your application.|
|6.3 Application details that you provide:
For example: CV, education level, work experience, passport photo, LinkedIn profile gender and date of birth.
|We use this data to estimate whether you are a suitable candidate to work with us and whether your profile matches the vacancy for which you are applying.||6.4 We may process this personal data because we have a legitimate interest in processing this data. We need the data to process and review your application.
6.5 We will only use the data that you provide to us.
|6.6 Application procedure details:
For example: Notes on job interview (s), data received from referees and training institutes.
|We use this data to estimate whether you are a suitable candidate to work with us and whether your profile matches the vacancy for which you are applying.||We may process this personal data because we have a legitimate interest in processing this data. We need the data to process and review your application.|
|6.7 Data from public sources:
Data on public profiles such as LinkedIn and other social media and (if applicable) results of assessments and psychological tests.
|We use this data to estimate whether you are a suitable candidate to work with us and whether your profile matches the vacancy for which you are applying.||6.8 We may process this personal data because we have a legitimate interest in processing this data. We need the data to process and review your application.
We will only use the data that is relevant to your application.
- How long do we keep the personal data?
We remove the personal data as soon as they are no longer necessary for the above purposes. We store your data for up to 4 weeks after the application procedure, unless we have your permission to store your data for a maximum of one year
- Do we share your Personal Data with others?
In the context of our application procedure, we use a number of parties who process the personal data for our benefit (“Processors”). For example, we use Processors to host our e-mail and store (personal) data. This is always done in accordance with the Relevant Legislation.
Apart from the above, we will only share your information with third parties if this is necessary or if we are legally obliged to do so.
- Export of data outside the European Union
We may transmit personal data to parties outside the European Union, if one of our Processors is established outside the European Union. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European standards.
The transmission of data outside the EU will always happen in conformity with the Relevant Legislation (chapter 5 of the GDPR).
- How do we protect the Personal Data?
We protect all personal data we process from unauthorized and unlawful access, change, disclosure, use and destruction. For instance, we take the following technical and organizational measures to protect the personal data:
- Internally, Personal Data is only available in a protected environment, which is only accessible by any employee with a password;
- (Personal) Data can only be accessed via a two-step verification;
- Our employees only have access to the data on a need-to-know basis;
- Our employees have their mobile devices, such as laptops, mobile phones and tablets, secured with a password;
- A back-up is made regularly of the protected environment containing (Personal) Data.
- Your rights and our contact data
As laid down in the Relevant Legislation, you have the right to:
- Ask us to rectify or update your Personal Data;
- Ask us to remove your Personal Data from our systems;
- Ask us for a copy of the Personal Data we process of you. We can also transmit such copy to another data controller at your request;’
- Withdraw your consent to process your Personal Data. This only affects the processing activities that are based on your consent and does not affect the validity of such processing activities before you have withdrawn your consent;
- Object to the processing of your personal data;
- File a complaint with the Dutch Data Protection Authority, if you believe that we process your personal data unlawfully.
If you have any questions, comments or concerns regarding the manner in which we handle your personal data, please contact us through the contact data below:
Oedipus Brewing B.V.
Gedempt Hamerkanaal 85
1021 KP Amsterdam
T: 020 2441673