1. Who are we?
We are Sytac B.V., an IT service provider that supports clients with consultancy, development, and implementation of IT solutions and projects.
Address: Rozenstraat 1, 2011 LS Haarlem, The Netherlands
Chamber of Commerce: 24397725
E-mail: privacy@sytac.io
Phone: +31 (0)23 5320932
2. To whom does this statement apply?
To (website) visitors, (potential) clients and suppliers, candidates, employees/freelancers, and other relations.
3. What personal data do we process?
- Identification & contact details: name, address, e-mail, phone.
- Professional profile (candidates/employees/freelancers): CV, motivation, skills, certifications, availability, references, (optional) profile/portfolio links.
- Business details of clients/suppliers: role, business contact details, contract and invoicing data.
- Website and communication data: IP address, browser information, page visits, e-mail interactions (functional/analytical only; for marketing cookies we request consent — see cookie statement).
- Legally required data: data necessary for payroll, tax, and financial administration.
4. Purposes
- Recruitment & selection: assessing suitability for assignments and roles; communication about the process; talent pool with consent.
- Assignment and project execution: matching professionals to client needs; planning, project administration, and quality assurance.
- Relationship management & sales: maintaining client and supplier relations; quotations, contracts, and account management.
- HR/employment & collaboration with freelancers: contracting, onboarding, time registration, payroll, and reimbursements.
- Finance & compliance: invoicing, payments, audit, statutory retention obligations.
- Website & security: providing and improving the website, preventing misuse, and protecting systems.
- Marketing & events: newsletters (opt-in), webinars, knowledge sharing (with opt-out option).
5. Legal basis (GDPR)
- Performance of a contract (e.g. with clients, employees/freelancers).
- Legal obligation (e.g. tax and payroll administration).
- Legitimate interest (e.g. security, internal administration, B2B relationship management; we make a balancing assessment).
- Consent (e.g. talent pool/retention of application data, marketing communication, non-essential cookies).
The GDPR requires clarity about why and on what basis personal data is processed; this duty to inform is set out below.
6. Source of data
Directly from you, via public sources (e.g. professional networks), or via carefully selected recruitment and advertising platforms that comply with the GDPR.
7. Recipients (processors and third parties)
We only share data if necessary for the purposes mentioned above, with:
- IT and cloud providers (hosting, ATS/HR systems, e-mail, collaboration, security).
- Financial and administrative service providers.
- Clients (only profile information necessary to assess/arrange your engagement on an assignment or project).
We conclude data processing agreements with processors. Data transfer outside the EEA only takes place with appropriate safeguards (e.g. EU model clauses).
8. Retention periods
We do not retain personal data longer than necessary for the purpose or as required by law. Guidelines:
- Applicants:
- Without consent: max. 4 weeks after the end of the procedure.
- With consent: max. 1 year (consent can always be withdrawn).
- Client and supplier administration / invoices: at least 7 years (tax retention requirement; 10 years for certain VAT/real estate situations).
- Project and contract files: as long as the agreement is in force and during the limitation/retention period reasonably necessary for (legal) claims and audit.
- Newsletter data: until you unsubscribe or we discontinue the mailing.
Specific retention periods may be further specified in internal registers/policies.
9. Cookies and similar technologies
We use functional and analytical cookies to operate and improve the website. For marketing/trackers we request prior consent. Details (types, purposes, retention per cookie) are set out in our Cookie Statement; this privacy statement explicitly refers to it.
10. Security
We take appropriate technical and organizational measures to protect personal data, including access management, encryption where appropriate, logging/monitoring, least-privilege, and periodic evaluations.
11. Your rights
You have the right to access, rectify, erase, restrict, transfer, and object (including to processing based on legitimate interest and to direct marketing). You can withdraw your consent at any time. You also have the right to lodge a complaint with the Dutch Data Protection Authority.
12. Contact
Questions or requests regarding privacy? Please contact us via privacy@sytac.io or write to:
Sytac B.V., Attn. Privacy, Rozenstraat 1, 2011 LD Haarlem.
13. Changes
We may amend this privacy statement. Please check the version and date above regularly. In case of material changes, we will actively inform you where appropriate.