The employee and Paymate* agree that they intend to enter into a temporary employment contract in accordance with the provisions of the Law of July 24th 1987. This declaration of intent needs to be signed only once and applies to all orders, even if they follow each other at intervals.
This policy particularly concerns the protection of personal data when it is processed in the context of the personnel file and payroll data. It applies to all employees who are linked to the employer by a temporary employment contract or a (labour) contract with the subsidiary company ergoflex, as well as to individuals:
All the above categories are intended in this policy when referring to the ’employee’.
1. Whom to contact in case of questions?
Agilitas Group, registered in the Crossroads Bank for Enterprises under the number (VAT BE) 0478.971.449, with registered office at 2800 Mechelen, Stationsstraat 120, is the Controller for the processing of the personal data. Paymate declares that, as the Controller of Processing, it complies with Belgian privacy legislation, as well as the provisions of the General Data Protection Regulation as of its entry into force.
2. What is personal data?
The General Data Protection Regulation defines personal data as “all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
In principle, no special categories of personal data are processed, unless the performance of the employment contract requires it. Processing of special categories of personal data means:
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and processing of genetic data, biometric data with a view to the unique identification of an individual, or data concerning health, or data concerning a person’s sexual behaviour or orientation.
3. What data is processed?
Nature of the personal data
Paymate collects and processes various personal data of its employees that relate to their employment. These data primarily concern all data resulting from the application of legal, regulatory or conventional provisions relating to the employment of staff. They are generally related to:
The data may also and more specifically, within the framework of the execution of the employment contract and the application of legal, regulatory or conventional provisions, concern different categories of personal data:
These categories of personal data are intended to be exhaustive and do not in any way imply that the employer processes all such data.
The employee shall provide all relevant information required by the employer.
At the time of recruitment or when new measures are applied, the employee shall provide the employer with all the necessary information for the application of the compulsory formalities, either in the field of social legislation, or for the granting, suspension or termination of entitlement to allowances and other benefits.
The employer reserves the right to request a copy of the diplomas and/or certificates obtained if these documents are important in the job that the employee performs. The employer shall treat the information collected with the required confidentiality. He may read them, but he may not keep them.
Any change in the original personal information (change of address, marital status, dependent family members, etc.) shall be spontaneously communicated in writing or by e-mail to the agency concerned without delay.
The employee is responsible for not informing the employer or for not informing the employer in time and, if necessary, will have to reimburse the allowances, benefits or contributions that have been wrongly collected.
Protected personal data
Some of the data are processed solely for the purpose of conferring a benefit to the employee.
“Sensitive data” may be processed if they are necessary for the implementation of the employment rights and obligations of the holder of the file.
(Article 9 of the General Data Protection Regulation, Article 8 of the Law of December 8th 1992, Articles 25 to 27 of the Royal Decree of February 13th 2001)
“The membership of a health insurance fund” may be processed to satisfy a legitimate interest of the data subject if the purpose of the processing is to provide a real benefit and in so far as the data subject does not object to the processing.
(Articles 25 to 27 of the Royal Decree of February 13th 2001)
Processing of personal data
The personal data held by the employer can be obtained both by the employee and through other information channels.
If the employer does not obtain the personal data from the employee, the employee shall be informed of this within a reasonable period of time.
The processing of these data is subject to the Law of December 8th 1992 on the protection of privacy and the Regulation 2016/679 of April 27th 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The controller is the employer who processes personal data with due care.
More information on the rights of the employee in connection with this processing and on the security of processing follows.
4. Why are these personal data processed and what is the legal basis for the processing?
The personal data of the employee are processed:
Within the framework of the personnel file and payroll administration, a large amount of personal data is processed that is required by laws, regulations and instructions at regional, federal and international level concerning labour law, social security, tax law, including collective and individual labour agreements and the labour code. If necessary, the purposes will be more clearly formulated and communicated to the employee.
Personal data is used mainly for payroll management, with the possible assistance of a social secretarial service, as well as for personnel administration. They are processed within the framework of the employment contract for temporary work. These are mainly data that appear on the annual individual statement. Marital status and dependent children are necessary for the calculation for tax and social purposes.
CV, cover letter and notes made during the job interview as well as evaluation forms are processed in order to complete the application process, as a legitimate interest. Personal data obtained from evaluations of the employee or monitoring of the employee will also be processed due to the existence of an employment contract. If this information is used for other purposes, the employee will be informed in time according to the legal rules. Photographs and videos are collected and processed for use in internal communication but only with prior consent.
The name of a contact person is collected in order to contact a family member or relative in case of an emergency, with the legal basis of the need to protect the vital interests of the employee. The surname and first name of the partner are necessary in case hospitalisation insurance is offered and the partner and children are insured.
Various data will also be processed due to a legal obligation incumbent on the employer or when the processing is necessary and reasonable for the interests of the Controller (employer) or a third party. The employer shall inform the employee in good time of this, if applicable.
In some cases, the processing of personal data is based on the explicit consent of the employee.
This data will not be used for purposes other than personnel management or payroll administration. If this data is used for purposes other than personnel management and payroll administration, the employee is informed of this as soon as possible in accordance with the statutory regulations.
In some special situations, further data are processed in addition to those listed above:
Camera surveillance: ☑ applicable □ not applicable
Control e-mail and internet:
Photos of the employee:
5. Rights of the employee in the processing of personal data
Processing of personal data by clients
Right of access and copy
The employee has the right to obtain free access to the personal data that the employer processes about him, as well as why the employer does this, where the employer has obtained the data and who receives the data. In this case, the employee can also learn how long the employer intends to keep the data, whether the data will be used for automatic decision-making and whether the employer intends to send data to a country outside the European Union. The employee may exercise this right by requesting it in writing or electronically via the contact details listed under point 1.
The employer shall provide the requested information in writing or electronically within a reasonable period of time. If the employee so requests, the information may be given orally, provided that the identity of the person concerned is proven by other means.
The employee is also entitled to a copy of the personal data being processed. If the employee submits his request electronically, and does not request any other arrangement, this information shall be delivered in an electronic manner.
In case the pay slips are made available to the employee electronically, he can consult these data at any time.
Right to rectify
The employee may ask to correct or supplement (inaccurate) personal data. The employer undertakes to respond to this request as soon as possible.
Right to erase
The employee has the right to have personal data concerning him removed. The employer shall comply with the employee’s request within a reasonable period of time, for example in the following situations:
This request for erasure of personal data can only be refused by the employer when justified, such as in the exercise or substantiation of a legal claim or due to a legal obligation to keep and process certain data. The employee may not oppose the processing of personal data necessary for payroll administration.
Right to restrict personal data
The employee may ask the employer to restrict the processing of his personal data if he disputes the accuracy of the data, the processing is unlawful or the employer no longer needs the data for the processing purposes. In this case, personal data may only be processed in the following cases:
Right to lodge an objection
An employee has the right to object to the processing of his personal data, including profiling on the basis of those provisions. The processing shall then be stopped, unless it is necessary for compliance with social and fiscal legislation, to protect the interests of the employer or a third party, or for the establishment, exercise or substantiation of legal claims.
Right to transfer data
An employee may, for all processing of personal data based on the explicit consent or the exercise of the employment contract, ask the employer to obtain it in a structured, commonly used and machine-readable form. Moreover, the employee may subsequently transfer this data to another employer or data controller.
Right to lodge a complaint
The employee may at any time lodge a complaint about the processing of personal data with the competent authority in the Member State where he normally resides, where he has his place of work or where the alleged infringement was committed.
In Belgium, a complaint can be submitted to the Belgian Privacy Commission: Commission for the Protection of Privacy, Drukpersstraat 35, 1000 Brussels (Tel: +32 22744800; Fax: +32 22744835, e-mail: firstname.lastname@example.org). As from May 25th 2018, this commission will become the Belgian Data Protection Authority.
In addition, the employee can always bring a civil action and claim compensation if, for example, he or she suffers damage as a result of the processing of his or her personal data.
Right to withdraw consent
Where the processing of personal data is based on the employee’s consent, the employee may withdraw such consent at any time, without prejudice to the lawfulness of the processing based on consent before the withdrawal.
6. Safeguards and security of personal data
Security of personal data
The employer shall make every effort to ensure compliance with the technical and organisational security measures for the processing of personal data, in particular to avoid the destruction, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties of collected personal data, as well as any other unauthorised processing of such data. This security is guaranteed by high-tech tools and the quality of the staff. The staff are bound by professional secrecy.
If some documents are sent to the employee electronically (e.g. the pay slip) and are kept electronically, this is done via the social secretarial service, where strict security standards are applied.
When transferring personal data to countries outside the European Union, appropriate safeguards will be taken by the employer or the consent of the employee will be sought.
Controller and Data Protection Officer
The controller – employer – ensures the accuracy and relevance of the personal data being processed. He shall ensure that they comply with the applicable regulations.
The employee may always contact the controller, or the controller’s representative, to exercise his or her rights or request additional information.
Where appropriate, the Data Protection Officer will monitor compliance with personal data protection.
7. Retention period of personal data
The personal data of candidate-employees are kept for 3 years after the first registration. After the expiry of the 3-year period, the employee is contacted again and asked to give his/her consent if he/she wishes to be kept in the database for a longer period.
The personal data of employees who have actually worked at Paymate are kept active for 5 years after the conclusion of the last contract. After the expiry of the 5-year period, the employee will be contacted again with the request to give his/her consent, if he/she wishes to be kept in the database for a longer period, without prejudice to legal, regulatory or conventional provisions or limitation periods that oblige or require the preservation of the personnel file or part of the personnel file for a longer period in the organisation, e.g. for or as a result of legal action.
8. Who can consult the personal data?
Only authorised members of staff of the employer, including those designated by the company and the employer’s clients, are entitled to carry out internal searches in the personal data. These persons reasonably need the data by virtue of their duties or for the needs of the service. The company shall provide for a system of restricted access and an appropriate level of security.
(Categories of) persons to whom the personal data are transferred (external communications)
The communication of personal data to third parties is limited to the application of legal and regulatory provisions or if the communication is necessary for the normal performance of personnel management or payroll administration, such as government agencies, social security institutions and cooperating social security institutions.
Some personal data is passed on to third parties:
Surname, first name and the data required for the execution of the payroll administration are passed on to Paymate’s clients in the event that work activities are commenced there.
The employee’s personnel file can also be transferred to the auditing firm for the purpose of carrying out an audit in the context of obtaining/maintaining the professional federation’s quality label.
The above-mentioned third parties process personal data on behalf of the employer in order to perform a certain task. A processing agreement is concluded with the above processors so that, among other things, the employee’s personal data is sufficiently protected and secured.
In exceptional circumstances, personal data is passed on to third parties for the performance of their duties, such as accountants, consultants and lawyers in the context of tax and/or legal support, researchers and ICT service providers. These third parties process personal data on behalf of the employer in order to perform a certain task. A processing agreement is concluded with the above processors so that, among other things, the personal data of the temporary agency worker is sufficiently protected and secured.
The personal data will not be sold, rented, distributed or otherwise made commercially available to third parties, except as described above or unless with prior consent.
The employer may be obliged to transfer personal data by court order or to comply with other mandatory laws or regulations.
9. When does this policy enter into force?
This policy shall enter into force on May 25th 2018.
Agreement and receipt
I confirm the letter of intent with Paymate containing the parties’ intention to conclude a temporary employment contract in accordance with the provisions of the Law of July 24th 1987. I confirm that this Declaration of Intent needs to be signed only once and applies to all assignments, even if they follow each other at intervals.
I declare that I have received a copy of the regulations on ‘Protection of the personal data of freelance workers in relation to their personnel files and salary details’. I have read it carefully and declare my full and express agreement with its contents.