How we secure and protect your privacy rights

  • Your privacy

    Your privacy is important to us and we commit ourselves to protect and secure the privacy rights of your data.

  • Our policy

    DPO Consultancy thinks privacy is important and we want to be transparent about the data we collect, process and how we use it.

    In this privacy policy we describe how we handle your personal data and how we comply with our legal obligations.

    On the basis of the legislation (General Data Protection Regulation, “the GDPR”) we ensure that any processing of your personal data is in line with the following principles:

    We process your personal data for justified purposes only. This means that the processing is necessary in order to achieve specific goals mentioned in the GDPR, or that you have given permission to process your personal data. If it is justified to process your personal data, we will do so neatly and responsibly. We make clear to you for which purposes your personal data is processed and how it is handled.

    We collect and process your personal data only for specific, expressly defined and justified purposes. If we use your data later for another purpose, we will ensure that the purpose is compatible with the original collection purpose.

    We ensure that the personal data we collect and process is sufficient for the purpose for which we collect it, relevant and limited to what is needed.

    We take all reasonable steps to ensure that your personal information is accurate and current. If your data is not (anymore), then we erase or correct it.

    We do not keep your personal data any longer than necessary for the purpose for which we process them. When the data is no longer necessary, then we destroy or erase it.

    We make sure that your personal data is secure and stays confidential. We protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction or damage.

    We are responsible for complying with all of the above principles and can demonstrate that the processing of your personal data is in line with these principles. In order to ensure a fair processing of personal data, the GDPR gives you various rights, which you can exercise against us if you disagree with our implementation of this privacy policy.

  • When does this policy apply

    This policy applies to you when:


    • You provide us with your details via the contact form on the website;
    • You provide us with your information for the provision of one of our services;
    • When you sign up for our newsletter;
    • When you register via the contact form for one of our courses;
    • When you apply for one of our vacancies;
    • When you visit our website.
  • How to contact us

    We are DPO Consultancy, Australiëlaan 12a, 5232 BB ‘s-Hertogenbosch, The Netherlands.

    You can contact us via our contact page on the website. You can also send us an e-mail via or call via +31-85-0711080.

    In order to keep this privacy policy up-to-date, we need to adjust it from time to time. You can always find the latest version on our website. This version of the Privacy Statement is dated May 21, 2021.

  • Which personal data do we collect?

    DPO Consultancy only collects personally identifiable information you provide to us.

    This is the personal information that we may collect and use:


    • Personal details (name, address, e-mail address, telephone number);
    • Company information (address, Chamber of Commerce registration number, VAT number);
    • Your surfing behavior on the website;
    • Personal data you provide to us through communication;
    • Bank details;
    • Interests and preferences;
    • IP address.
  • How do we collect your personal information?

    We receive personal data both directly from you as from external parties:

    Personal data that we receive directly from you:


    • When you visit our website we collect your data;
    • When you leave your details through our website;
    • Information that you provide to us through communication.
    • Personal information you provide to us about others:

    You may be sharing other people’s contact information with us, such as employee contact information. However, it is your responsibility to check whether the persons whose personal data you share agree with this.

  • How do we use your personal information?

    We use the personal data only for specific purposes for which they have been provided. We process your personal data for the following purposes:


    • Sending a newsletter;
    • When you provide your personal data via the contact form for the delivery of one of our services;
    • When you sign up for one of our courses we will use your data to finalise the registration. We may also use this information in the future to send you information about our services;
    • To be able to perform a contract;
    • For the handling of an application procedure;
    • If you visit our website we may also use your data to improve your user experience with our website;
    • In exceptional cases, we are obliged to use your personal data in criminal proceedings;

    Where appropriate and in accordance with local laws and regulations, we may also use your personal data for example in marketing and profiling. Where this is required we will ask your permission to perform all or some of these activities.

  • Our legal basis for processing your data

    According to the GDPR, any processing of personal data must be justified. We process your personal data on the grounds of the following justifications:


    • Necessary for the performance of a contract;
    • On the basis of a legal obligation;
    • Our legitimate interest;
    • Your consent.

    Necessary for the performance of a contract

    Based on Art. 6 paragraph 1 (b) GDPR we may process your personal data if the processing is necessary for the performance of a contract we have with you. Where necessary, we will ask you for permission to process personal data.

    On the basis of a legal obligation

    We are obliged to process your data in order to comply with tax and other legal obligations.

    Our legitimate interest

    Based on Art. 6 paragraph 1 (f) GDPR we may process personal data when it is “necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection (…).”

    The interest of DPO Consultancy is to maintain a lasting relationship with you by providing our services.

    Naturally, we have balanced your privacy interests and the legitimate interest of DPO Consultancy for processing this data. In our opinion, the processing of your personal data has no impact on your privacy.

    In case you should disagree with the processing of your personal data on the basis of the above mentioned legitimate interest, you have the right to object.


    In certain circumstances, we are required to obtain your consent for the processing of your personal data in relation to certain activities. Depending on exactly what we are planning to do with your information, this will be either opt-in consent or soft opt-in consent.

    Art. 4(11) GDPR states that (opt-in) consent means: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. In plain language, this means that:


    • Your consent must be given freely, without us putting you under any form of pressure;
    • you need to know what you’re agreeing to – so we make sure we give you enough information;
    • you should be in control of the processing activities for which you consent and the processing activities for which you do not consent; and
    • you must give consent through a clear active act – we will likely show you a box for you to tick so that this requirement is met in a clear and unambiguous manner.

    We will keep a record of the permissions you give in this way.

    We have already mentioned that in some cases we may rely on soft opt-in consent. We are permitted to offer you products or services related to the recruitment services we provide as long as you do not actively opt-out of these communications.

    Right to withdraw consent

    If you have given your consent to the processing of your personal data for certain activities (for example for our marketing activities or automatic profiling), you can withdraw this consent at any time. We will then cease the activity for which you have consented, unless we believe there is an alternative ground to justify continued processing of your data for this purpose. In that case, we will inform you of this condition.

    Formulating, executing or defending criminal proceedings

    Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and regulations, sensitive personal data in connection with the conduct or defense of criminal proceedings. Art. 9 para. 2f GDPR allows this if the processing is “necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.”

  • Automated decision making

    DPO Consultancy does not make decisions based on automated processing on matters that can have (significant) consequences for people. These are decisions taken by computer programs or systems, without involving a person (for example an employee of DPO Consultancy).

  • With whom do we share your personal information?

    DPO Consultancy uses other parties (third-party service providers) to provide its services, the third parties do this in the capacity of processor for DPO Consultancy. We have taken the necessary technical and organisational measures to ensure that the data is processed solely for the purposes mentioned in the privacy statement.

  • List of used tools
    • Microsoft Office 365
    • Linkedin
    • Google Analytics
    • Google AdWords
    • Simplicate
  • How long do we keep your personal data?
    • We will remove your personal information when you request it and when it is no longer required to perform any of our services;
    • The law may oblige us to keep your data longer. To enter into a contractual relationship with DPO Consultancy, your data will be retained for 5 years, unless the law or relevant authorities demand from us to keep your data longer;
    • When you have provided your information to receive a newsletter, we will keep your personal information for as long as you wish to receive the newsletter. When you unsubscribe, your data will be destroyed;
    • If you have applied for one of our vacancies, your data will be deleted within 4 weeks after the final interview. In case you have given permission, we will keep your data for up to 12 months.
  • What are your rights under the GDPR?

    Under the GDPR you have several rights regarding the personal data we hold of you. At any given moment, you can submit a request to access, rectify or erase your personal information. In addition, you have the right to request restriction of the processing of your personal data, the right to object to the processing of your personal data and the right to data transfer. To claim your rights, please contact us by sending an e-mail to  We may ask you to identify yourself, so that we know for sure that we do not provide personal data to the wrong persons.

    When you have given permission, you can revoke it. We hereby note that the withdrawal of your consent shall have no retroactive effect.

  • Right to lodge a complaint to the supervisory authority

    To lodge a complaint against the processing of your personal data, please contact us.  You also have the right to lodge a complaint to the local data protection authority. In The Netherlands this the so-called Autoriteit Persoonsgegevens.

    You can contact the data protection authority in the following ways:


  • Reporting a data breach

    Despite our efforts, incidents unfortunately occur and a data breach can arise. A data breach is in short a breach of security in which the personal data (inadvertently or intentionally) has been lost, provided, accessed or made accessible. As a result of a data breach, personal data may get in the wrong hands.

    If you suspect that there is a data breach at DPO Consultancy, you can report it by calling or e-mailing us (see our contact details). It is important to do this as soon as possible, so we can take measures as soon as possible.

    In case your personal data is involved in a data breach:


    • Then we inform you how this has happened and which personal data is concerned;
    • Which measures we have taken to prevent (possible) damage.
  • What are cookies and how do we use them?
    • A “cookie” is a piece of code that is stored on the computer’s hard drive. Cookies are used by almost all websites and are not harmful to your system. We use cookies to monitor your activity and to provide you with the best possible experience when you visit our website. We may use the cookie information to ensure that we show you options tailored to your needs on your next visit. We may also use cookies to analyse traffic on our website and for advertising purposes;
    • If you want to check which type of cookies you accept when visiting our website, you can do so in your browser settings.

    The cookies we use may change. For more info check out:

  • How to delete cookies

    If you do not wish to receive cookies that are not strictly necessary to perform the basic functions of our site, you may refuse cookies by changing your browser settings.

    Most web browsers will accept cookies, but if you would rather prefer that we do not collect any data from you in this way, you can use the privacy settings of your browser to choose to accept all cookies, accept some cookies or refuse all cookies. However, rejecting all cookies means that it may be possible that you can not benefit from all the functions of our website and/or leave a job application with us. Each browser is different, so check your browser’s help menu to see how you can change cookie preferences;

    For general information about cookies, including how to disable them, you can visit . There you will find details on how to remove cookies from your computer.