Privacy statement of HeadFirst Global – Version 18-07-2024

About us
HeadFirst Global Plc (HeadFirst Global, we, our, us) connects self-employed professionals, suppliers of professionals and clients. HeadFirst Global is the parent company of HFBG Holding B.V. (HeadFirst Group) and Impellam Group Limited (Impellam Group).

Our relationship with you
Your privacy is important to us. This statement explains what personal data HeadFirst Global processes, how HeadFirst Global processes it and for what purposes. Please read this privacy statement carefully, as it is integral to our relationship with you.

We process your personal data when you when you visit one of our websites and when you contact us. For example, through our websites you can contact us by e-mail, request information or chat with us.

  1. Who are the data controllers

The controller determines the purpose and means of data processing. Pursuant to the General Data Protection Regulation (GDPR), most of the obligations lie with the controller and they are also the first point of contact for you as a data subject. HeadFirst Global qualifies as an independent data controller. When you fill in the contact form or contact HeadFirst Global trough the use of its website you can be referred to either HeadFirst Group and/or Impellam Group depending on your inquiry. The privacy statement of the company that handles you inquiry applies.

You can find the relevant privacy statements here:

  1. Contact Center

If you have any questions or requests regarding what happens to your personal data, please contact HeadFirst Global. The contact information can be found in the privacy statements from HeadFirst Group and Impellam Group as mentioned above.

  1. What type of personal data are processed? For what purpose and on what basis?

We process different types of personal data about you when you fill in the contact form. This entails your name, phone number, email address, company name (when this includes personal data) and any personal information that you provide in your inquiry.

We process personal data only when there is (or are) one (or more) basis(s) for doing so:

(1) Execution of the contract.
Insofar the inquiry results in an agreement, we can process the personal data for the execution of the agreement when this is necessary.

(2) Consent
When you fill in the contact form you give consent to process your personal data. You may withdraw your consent at any time, after which we will not process your personal data for the purposes for which the consent was given.

(3) Legal obligation.
We may be obliged to process certain personal data. When we are obliged to do so, we share this data with the relevant party. However it is unlikely that this will be a ground for processing when you fill in the contact form.

(4) Legitimate interest.
We may process personal data because we have a legitimate interest in doing so, or because the organization to which we provide your personal data has a legitimate interest. This is for example the case when we want to prevent tax liabilities or minimize the risk thereof, or when we want to detect and prevent fraud, but also when we want to promote new products/services related to the current services provided by HeadFirst Global. We also have a legitimate interest in aggregating and anonymizing personal data to conduct market analysis so that we can improve our services. We always strike a balance between our interests and those of the parties involved. If you would like to receive more information about this, please contact us using the contact details under ‘Contact Center’ in this privacy statement.

Personal data generated by our Websites.

We use cookies and similar techniques on our websites and within the environment of our apps. When you visit the websites, certain data are processed and generated, such as your IP address, data about your browser, data about browsing behavior, date and time of your visit and the way you navigate through our websites. Consent is requested for preference cookies, analytical cookies and marketing cookies. We encourage you to consult the cookie statements on our websites. The data are partly based on ‘consent’, partly on ‘legitimate interest’ to operate the website.

  1. Why are your personal data being processed (Purposes)?

In addition to the above purposes, personal data may be processed for the following purposes, as applicable:

Marketing

  • Inform about services provided by HeadFirst Global and its partners and relevant developments in the market (consent).
  • Marketing and promotion of our services and measuring their effectiveness (newsletters) (consent and legitimate interest).

Compliance and security

  • Complying with laws and regulations, detecting, preventing, recording and combating fraud and illegal activities (legal obligation and legitimate interest)
  • Complying with legal judgments and orders and responding to government requests (legitimate interest).
  • Internal monitoring and security. To prevent, detect and investigate possible breaches of our security (legitimate interest).
  1. What makes processing operations lawful under the law?

Some of our processing operations are based on the basis that we are required to process your data by law. In addition, we actively limit the amount of data. We have taken appropriate technical and organizational security measures to protect the personal data we process from unwanted alteration, loss or unauthorized use. For example, we secure our systems and applications in accordance with applicable information security standards (ISO27001). We have also made agreements with our service providers and required them to implement adequate security measures.

  1. Do we process data outside the EEA/UK?

No, we process your personal data in principle within the European Economic Area (EEA)/UK (depending on whether HeadFirst Group or Impellam Group processes the personal data). We use servers located in Europe and our group companies are located within the EEA/UK. Because we may use processors that have their principal place of business outside the EEA/UK, it cannot be excluded that we directly or indirectly share personal data with organizations outside the EEA/UK. To the extent this is the case, we take appropriate measures to legitimize such processing, including entering into a transfer agreement based on standard contractual clauses (SCCs) approved by the European Commission. If required, we thereby take additional measures to ensure an adequate level of protection. If you would like to know more about the transfer of personal data and how this is legitimized, please contact us using the contact details in this privacy statement.

  1. How long do we keep your personal data?

The data on the Platform.
As long as there is a contractual relationship with HeadFirst Global, we will keep the personal data. After this relationship has ended HeadFirst Global may retain the personal data for as long as this is necessary.

HeadFirst Group further applies the following rules of thumb:

  • We will always consider whether the (longer) processing of the personal data is necessary. If it is not, the personal data in question will be deleted.
  • We retain complaints, correspondence regarding disputes and incident reports for seven years after they have been fully resolved. We retain documents with respect to payroll and payroll records for seven years.

For cookie retention periods, please refer to our Cookie Statements on the Websites.

  1. What rights do you have?

Under privacy laws, you have a number of rights regarding your personal data and its processing. You can exercise your rights by contacting us using the contact details provided in this privacy statement under ‘Who are the controllers’. We will assess your request and comply with it within one month. If we need more time to comply with your request, we will let you know within one month that we will need another two months. We may ask you additional questions in response to your request in order to establish your identity or to ask you to specify your request.

Right of access
You have the right to hear from us whether we are processing your personal data. If so, you have the right to access that personal data and to receive additional information about the processing of your personal data. If you would like complete overview, or more information on data processing, you can send us a request for inspection.

Right of rectification
You have the right to rectification of inaccurate or incomplete personal data. You can also supplement your personal data. Please contact the party that entered your data. Does that not provide a solution? Then contact the details under no. 2 of this privacy statement.

Right to be forgotten
You have the right to data erasure under certain circumstances. At your request, we will delete your personal data when its processing is no longer necessary.

Right to restriction
In some cases, you have the right to restrict the processing of your personal data, for example, if you believe that your personal data is inaccurate. If we honor your request for restriction, we may no longer process your personal data for the duration of the restriction.

Right to data portability
You have the right to receive the personal data you have provided to us in a structured, common and machine-readable form, and you have the right to transfer that data to another data controller, where the processing is based on your consent or on an agreement.

Right of Objection
You have the right to object to the processing of personal data based on the legitimate interests of HeadFirst Global. HeadFirst Global will then no longer process the personal data unless we can demonstrate that there are grounds for the processing which outweigh your interests, rights and freedoms or which are related to the establishment, exercise or support of a legal claim.