Go to:

Main content
Processing of Personal Data

Privacy statement

We process all personal data that we collect from you in accordance with this privacy statement. Team EIFFEL considers the protection of the personal data of individuals to be of great importance. That is why we handle personal data with care. And that is why we work in accordance with the General Data Protection Regulation (GDPR). In this statement, we explain who we are, from whom we process personal data and what the purposes are.

How do we handle personal data?

  • Team EIFFEL B.V. is the point of contact for the processing of personal data by the following (small) subsidiaries.

    • DPA B.V. and all companies operating under the DPA name, plus ConQuaestor, Fagro, GEOS IT, PA Jones, SOZA XPERT, Claimingo, and Yobz
    • Balance ervaring op Projectbasis B.V.
    • TASK integraal projectmanagement B.V.
    • TASK Product & contractmanagement B.V.
    • Palladio Groep B.V.
    • EIFFEL B.V.
    • Thorbecke B.V.
    • Legal Center EIFFEL B.V.
    • AnalyseCentrum B.V.
    • Ruimte in Advies B.V.
    • GemVast B.V.
    • Clafis B.V.
    • Wepro Selekt B.V.
    • Wepro Engineering B.V.
    • Wepro Projekt Engineering B.V.
    • Wepro Engineering en Infra B.V.
    • Wepro Projecten B.V.

    This privacy statement applies to the following websites:


    Each of these organizations is the controller within the meaning of the GDPR for the processing operations that take place within its entity.

    Within Team EIFFEL B.V. and between the various Team EIFFEL B.V. companies, your personal data may be shared if necessary. This may be for administrative reasons, for the use of shared systems, or if necessary to improve our services to customers or employees. 

    In addition, Team EIFFEL B.V. and its subsidiaries may also qualify as joint controllers within the meaning of the GDPR. This is the case for processing personal data in shared systems (such as the recruitment system, the CRM system, the personnel administration system), as well as for complaints and suggestions for improvement, and for processing operations aimed at achieving joint certifications related to quality and sustainability. In this regard, you can consider Team EIFFEL B.V. as the first point of contact for any questions about the processing of your personal data. See also section 8 of this privacy statement.


    Postal address:
    Team EIFFEL
    Attn: Team Legal
    PO Box 3142
    6802 DC ARNHEM

    By email:
    privacy@teameiffel.nl

    This privacy statement does not apply to Care Effect B.V. They have their own separate privacy statement that applies to their processing activities. For more information visit: https://www.care-effect.nl/privacyverklaring.

  • We process personal data for these purposes:

    1. To execute our agreements
    2. To comply with laws and regulations
    3. For application procedures and for career guidance, training and education, personal development of our employees, and internal communication
    4. To maintain contact with our business relations and for marketing activities
    5. To maintain a network of applicants and freelancers
    6. For our personnel and payroll administration
    7. For the development and improvement of our organization
    8. For the services of Thorbecke

    1. To execute our agreements

    We process personal data for establishing, executing, and terminating the agreements we enter into as part of our business activities. This includes hiring agreements, employment agreements, and internship agreements with people who work for us. It also covers the agreements with our clients for the services we deliver.

    2. To comply with laws and regulations

    Various legal obligations require us to process personal data. There is a legal obligation to pay wages, payroll tax, and social security contributions. There is a legal obligation to arrange for the implementation of the pension agreement. There is a legal obligation to cooperate with an occupational health and safety service. And there is an identification obligation. Without processing personal data, we cannot enter into hiring agreements, employment agreements, or internship agreements. We may also process personal data for arranging internal control and business security, for applying for subsidies, for payroll reductions, and for compliance with other laws and regulations.

    3. For application procedures and for career guidance, training and education, personal development of our employees, and internal communication

    We process personal data to determine whether there is a match between the applicant, the vacancy, and our organization. We also process personal data to guide our employees in their personal development. We do this, for example, by offering them training, education, and other forms of career guidance. To support our application procedure and the development trajectory of our employees, we may also use a so-called Talent Motivation Analysis (TMA). A supplementary privacy statement has been established for this purpose, which is provided separately to the participant. Finally, we process personal data for internal communication within our organization.


    4. To maintain contact with our business relations and for marketing activities

    We process personal data to maintain contact with our contact persons at our suppliers, clients, collaboration partners, and any other interested parties. We process personal data to keep our relations specifically informed about our services. We do this through newsletters, invitations to our events, and similar mailings. We also send our business relations satisfaction surveys and we conduct benchmarks to continuously improve our services.


    5. To maintain a network of applicants and freelancers

    We process personal data to maintain a network of freelancers and applicants. We invite these candidates to our periodic recruitment events. Or we inform them about possible new assignments or vacancies.


    6. For our personnel and payroll administration

    We process personal data of our employees for our personnel and payroll administration.


    7. For the development and improvement of our organization

    We process personal data to develop and improve our organization. This can involve various aspects of our operations, such as evaluating our services, identifying areas for improvement, and implementing changes to better serve our clients and employees.

    8. For the services of Thorbecke

    Thorbecke provides specific services that require the processing of personal data. This relates to the specialized nature of Thorbecke's work and the specific requirements associated with their client engagements.

  • We process personal data when someone:

    1. Applies for a job with us;
    2. Works for us as an external employee;
    3. Works for us as an independent contractor or wants to in the future;
    4. Has a business relationship with us and delivers services and/or products, uses our services, or collaborates with us;
    5. Submits information on our website;
    6. Receives our newsletter, knowledge documents, and mailings;
    7. Visits our office;
    8. Attends our event;
    9. Appears in event photos or videos;
    10. Is a party in a case where a client has engaged Thorbecke for legal (independent) advice, assistance, or an appraisal.

  • Below we describe what personal data Team EIFFEL may process per category of data subjects, the legal basis for that processing, and the applicable retention period.

    1. Job applicants
    2. Employees and interns
    3. External employees (employed by another organization)
    4. Independent contractors
    5. Business relations
    6. Website visitors
    7. Recipients of mailings or content
    8. Office visitors
    9. Event attendees
    10. Event photos and videos
    11. Legal advise/assistance


    1. Job applicants

    We process the following data from job applicants:

    • Name, address, city and contact information such as email address and phone number
    • Title, date of birth, gender
    • Curriculum Vitae (CV) (possibly with photo), information about education, internships, work experience and expertise 
    • LinkedIn URL
    • Assessment results if this is part of the procedure
    • Other data relevant for evaluating suitability, such as references or certificates
    • Notes/interview records from a job interview
    • Communication
    • Data from the talent motivation analysis (TMA) that may be conducted as part of the application process, for which a separate privacy statement is available to the candidate via the TMA portal


    Legal basis:

    We process this data primarily to fulfill the application request and to take measures prior to concluding a potential employment contract. We also have a necessary and legitimate interest in providing and continuing to provide our services as a business service provider, and in having staff with the right qualifications and talents for this purpose.

    We may also ask the applicant for consent to retain their data after the application procedure because we would like to keep them informed about new positions or our recruitment events in the future.

    Finally, we may ask an applicant for consent to share their work experience data with a potential client to present this candidate for a specific request or assignment. You can withdraw your consent by unsubscribing via the unsubscribe link in one of our emails or by emailing privacy@teameiffel.nl.


    Retention period:

    We delete the data of our applicants after 4 weeks once the application procedure is completed. Only if the applicant has given consent, we retain the data for 1 year. After that year, we may ask again to retain the data. When the data may no longer be retained, we anonymize the data for analysis purposes to optimize our application process and policy.


    2. Employees and interns

    When someone works for us based on an employment or internship contract, these are the main data we process:

    • Name, address, city and contact information (such as email and phone number)
    • Birth data, gender, age
    • Nationality
    • Social Security Number
    • Copy of ID, work permit
    • Bank account number
    • CV (with information about education, internships, work experience and photo)
    • Education and training data (such as completed education and copy of diploma)
    • Other data that may be relevant for evaluating the employee's suitability
    • Data related to pre-employment screening if necessary for one of our clients. Think of our clients in the financial sector, where there is a legal obligation to screen (hired) workers
    • Data related to personnel, salary and absence registration
    • Mileage registrations (of our lease drivers). For the mileage registration of lease drivers, a separate privacy protocol has been established, published on the internal network and applies to lease drivers with mileage registration in the car.
    • Sports interests if applicable
    • Project documentation
    • Data from the talent motivation analysis (TMA), for which a separate privacy statement is available via the TMA portal


    Legal basis:

    We process this data based on multiple grounds. We need the data to execute the employment or internship contract. And also to comply with various legal obligations, such as paying wages, paying payroll tax and social contributions, the statutory placement obligation for executing the pension agreement, and the legal obligation to work with an occupational health service.

    We also process the sports interests of our employees to inform them about and motivate them for the various sports events and vitality programs we organize. These programs support our business philosophy where we link sports as a metaphor to our services. And these programs also contribute to the mutual involvement and vitality of our employees. This data processing serves a legitimate interest.

    As a growing organization, we are continuously improving and developing ourselves. For this, we may also process employee personal data. This data processing serves a legitimate interest.


    Retention period:

    Different retention periods apply to our employees' data. Data from the payroll administration that is of fiscal importance is retained for 7 years after an employee leaves based on law. For payroll tax statements and the copy of the former employee's ID, there is a statutory retention period of 5 years. Other information is deleted within 2 years after leaving employment.


    3. External employees (employed by another organization)

    When we hire an employee from another organization, the main data we process is:

    • Name, address, city and contact information (such as email and phone number)
    • Birth data, gender
    • Nationality
    • Social Security Number
    • Type of ID, number and validity period
    • CV
    • Specification of hours worked
    • If applicable: the presence of an A1 declaration, residence permit, work permit, notification including number and validity period
    • Name, address and city of the employment agency and the employment agency's Chamber of Commerce registration number


    Legal basis:

    We process this personal data based on a legal obligation and to prevent 'hirer liability', which serves our legitimate interest.


    Retention period:

    We retain this data during the statutory (fiscal) retention period (7 years).Wij bewaren deze gegevens gedurende de wettelijke (fiscale) bewaartermijn (zeven jaar).


    4. Independent contractors

    We process the following personal data from independent contractors in our network:

    • Name, address, city and contact information (such as email, phone number)
    • Job description
    • If applicable: gender, date of birth, nationality, curriculum vitae, education data, knowledge and experience, LinkedIn URL, hourly rate and availability data


    Once we enter into an assignment agreement with an independent contractor, these are the main data we also process:

    • The Chamber of Commerce registration number
    • Chamber of Commerce extract
    • The VAT number
    • The bank account number
    • Type, number and validity period of ID (no copy)
    • If applicable, other required data depending on our assignment (provider), based on a legal obligation


    Legal basis:

    We process this data to maintain a network of independent contractors that can support our business activities. This serves our legitimate business interest that periodic and personal contact with independent contractors promotes (future) collaboration.

    When an assignment agreement is concluded, we process the personal data to execute that agreement.

    There is also a legal obligation to process certain personal data for fiscal accounting.

    We also process the data to comply with the requirements set by the Foundation for Labor Standards, within the framework of our NEN 4400 certification. We have a legitimate business interest for this.


    Retention period:

    The personal data remains retained until the independent contractor requests deletion of this data. We also periodically request the independent contractor to update/verify the data, where the option is also offered to delete the data. We also proceed to delete the data if the update/verification requests are no longer followed up. In that case, we assume there is no longer interest in registering the data.

    Once an assignment agreement has been concluded, the data processed in it is retained during the statutory (fiscal) retention period (7 years).


    5. Business relations

    We may process the following personal data from business relations:

    • Name
    • Gender
    • Email adress
    • Phone number
    • Organization and department data
    • LinkedIn URL
    • Shared (sports) interests
    • Meeting records and project documentation
    • Satisfaction surveys
    • Benchmark survey results


    Legal basis:

    We process this data to execute the various procurement, collaboration and service agreements we enter into with our suppliers, partners and clients. We also process this data within the framework of relationship management, which provides for our legitimate interest, as maintaining our relationships with companies and organizations promotes existing and potentially new forms of collaboration. We may also process this data for the improvement and development of our organization and services.


    Retention period:

    We retain the personal data of our business relations as long as:

    • Contact has been maintained with the relevant (department of the) organization for which the business relation works in the past 3 years. By contact we mean all forms of both one-way and two-way registered communication. If this period is exceeded, retaining the personal data loses its value and thus the necessity to process the data. In that case, we proceed to deletion.
    • Business services have been provided by us to the (department of the) organization for which the business relation works in the past 7 years. Once our services are completed, we have an interest in retaining the data of our business relation for a certain time. On one hand within the framework of relationship management and any desired aftercare. On the other hand for the ability to assess any claims/defects that come up (unforeseen) after completion. We believe the retention period, partly in connection with the statutory limitation periods as well as some time thereafter, must be set at 7 years. This period aligns with the statutory (fiscal) retention period (7 years), in which we also see reason to retain the contact data of our business relations during that period.


    6. Website visitors

    We may process the following data from website visitors:

    • Data concerning the device you use to visit our website, such as brand and model of smartphone or internet browser
    • Data voluntarily published on our website or social media account (via social networks, comment on a blog, etc.)
    • Data voluntarily filled in or left via our website (such as via a contact form, complaint form or registration form), we may process this data:
      • First name
      • Last name
      • Phone number
      • Email address
      • Job title
      • Company name
      • Region
      • The content of your question, request or message
      • Whether you are an investor in our organization (yes/no)


    Legal basis:

    We process this data for the functioning of our website or to answer your questions or respond to your contact request. We therefore have a necessary and legitimate interest in processing this data. We process data about improvement suggestions and internal/external complaints for our legitimate business interest to develop and improve our organization and services and within the framework of client and employee satisfaction.


    Retention period:

    We retain data as long as necessary to fulfill your request. We retain submitted complaints and improvement suggestions as long as the complaint is being handled, and after handling, the complaints are retained for a maximum of 3 years for reporting purposes.


    7. Recipients of mailings or content

    We may periodically send a mailing to our client relations but also other interested parties or former employees who register themselves. Think of a newsletter, information about our services, vacancies and/or invitations to events we organize.

    When someone actively registers (for example via one of our websites) as an interested party for our mailing list or an event, we may register this data:

    • Name;
    • Email address;
    • Phone number;
    • Job title;
    • Organization name;
    • Professional field;
    • In the case of a sent mailing: the 'opens and clicks' with which we can show how well it is being read. Specifically, we register whether and when the mailing was delivered and opened, whether and when a specific subject was opened, and the type of mail client.


    Legal basis:

    We send our client relations mailings within the framework of relationship management purposes. This serves our legitimate business interest that periodic contact with the client relation promotes (future) collaboration. For other interested parties, we process data to execute the active registrations (consent) via our website.


    Retention period:

    The data remains retained as long as the recipient still wishes to receive the mailings. If the recipient no longer wants to receive them, the recipient can easily unsubscribe (opt-out) with each mailing.

    For registration for our events via our contact form, we retain this data as long as necessary to fulfill the (registration) request.


    8. Office visitors

    We may process the following data from visitors to our building:

    • Name
    • License plate
    • Camera footage


    Legal basis:

    We process this data to control access to our office building and to ensure that unauthorized persons do not gain access to the building. We register the license plate for reserving a parking space or providing access to the parking lot. This is for the security of our employees, clients and property. We also know who is in the building if a calamity occurs, such as fire. We therefore have a necessary and legitimate interest in processing names, license plates and camera footage.


    Retention period:

    The camera footage is not retained longer than 4 weeks, unless we have a good reason to retain the footage longer, such as a police investigation. After that, the footage is deleted.

    When we have registered a license plate, it is deleted as soon as possible but at the latest within 3 months after the visit to our building.


    9. Event attendees

    We may process the following personal data from people who have registered for one of our events:

    • Name
    • Job title
    • Organization
    • Dietary requirements
    • Email address


    Legal basis:

    We communicate with event participants about the event and process personal data of the participants to make the event run smoothly. Such as providing name tags or ensuring food that fits any dietary requirements. The basis for this processing of personal data is a necessary and legitimate interest.


    Retention period:

    We retain data from visitors as long as necessary for organizing the event.


    10. Event photos and videos

    During our events, photos and videos may be made for atmosphere impressions and to promote future similar events. Visitors to an event may appear in this material other than in group settings. This material can be used for social media and on EIFFEL's websites. We may process the following data:

    • Name
    • Photos or videos in which a visitor appears


    Legal basis:

    The basis for processing photos and videos from our events with a strongly individual character is consent.

    Event attendees are asked for consent to use photos or videos in which they may appear for atmosphere impressions and promotion of our events.

    The basis for processing other photos and videos from our events is legitimate interest. Team EIFFEL has a necessary legitimate business interest in promoting activities within the framework of its services and using photos and videos for this.


    Withdrawing consent:

    You can withdraw your consent for photos or videos with a strongly individual character in which you appear. You can do this by emailing privacy@teameiffel.nl. We will then ensure that you are no longer recognizable in the material that is online as soon as reasonably possible, or we will stop using the material altogether.


    Retention period:

    Team EIFFEL periodically determines whether the photos and videos are still relevant and sufficiently align with the then-current house style of Team EIFFEL and can remain public. If the material no longer remains public, Team EIFFEL may archive the images.


    11. Legal advice/assistance

    We process personal data when necessary for providing legal services to (government) organizations and companies. Think of the preparation, execution and completion (including invoicing) of an assignment in the form of providing legal and/or independent advice, drafting documents, conducting legal proceedings, or providing legal knowledge transfer. What personal data is involved depends on the type of service.


    Legal basis:

    The legal basis for processing the personal data is the execution of the agreement with our client. The processing serves the legitimate interest to provide the legal advice and/or assistance within the framework of this assignment.


    Retention period:

    When a case is handled or the legal advice is given, we close the file. After closing, we retain the file for another 5 years.

  • We handle personal data confidentially and we do not share this data outside our organization without good reason. There are various reasons why we may need to share personal data with third parties.

    • The companies within the Team EIFFEL B.V. group cooperate with each other in various ways. They may pass on your personal data to other companies within Team EIFFEL B.V. when this is necessary for business operations or service delivery.
    • We share personal data if this is necessary to give execution to the agreement that we have entered into. You can think of providing the data of an employee to our leasing company in connection with the provision of a lease car that has been agreed upon. Or showing the work experience of a professional to a (potential) client. Or sharing personal data with clients within the scope of our SROI obligations (Social Return On Investment).
    • We may provide data if we are legally obligated to do so. This can happen, for example, through a court order or judgment. Or when we must provide certain personal data to government agencies such as the Tax Authority.
    • Personal data of our employees and other natural persons whom we engage may be processed in the context of inspections. These inspections are conducted for the purpose of obtaining or maintaining desired certifications in the context of our service delivery. Examples of such certifications are NEN-4400-1 and ISO-9001.
    • We may also share personal data with potential clients if we have received permission from a candidate of DPA to do so. In that case, we share information about the work experience of the candidate. This allows us to demonstrate the suitability of the candidate for a specific assignment or application.
    • Finally, we outsource certain activities to other parties. For example, we have outsourced our payroll administration to an external service provider. We have also outsourced the management of our client database (partly) to an external service provider. In those situations, we make clear and appropriate agreements about the handling of the personal data. We also specify what technical and organizational security requirements must be met. We only share the personal data that is necessary for the execution of the outsourced activities.

  • We have implemented appropriate technical and organizational measures to protect personal data against unlawful use, unlawful processing activities, loss of data, destruction of data, damage to data, unauthorized modifications, or unauthorized disclosures. In addition to these technical measures, our employees are bound by confidentiality obligations. This means they may not unlawfully or unnecessarily process your personal data.

    Do we use external service providers for certain processing activities? Then we make appropriate agreements with these service providers in a processor agreement. This processor agreement specifies exactly how the service provider must handle the personal data. If we use third parties that are located outside the European Economic Area (EER), then we ensure that there are appropriate safeguards in place. This can include, for example, data transfer on the basis of Standard Contractual Clauses (SCCs).

    Do you have questions about the security of personal data? Or do you want to make a report about a potential security issue? Contact us at privacy@teameiffel.nl.

  • If your personal data are being processed by us, you may have the right to exercise the following rights:

    1. Right of access to your data
    2. Right to correction of your data if the data are not accurate or are incomplete
    3. Right to deletion of your data
    4. Right to restriction of the processing of your data
    5. Right to object to the processing of your data
    6. Right to data portability (the right to transfer your data)
    7. Right to object to automated decision-making. Team EIFFEL does not currently make use of automated decision-making

    In addition to these rights, you can withdraw your consent for the processing of your personal data at any time. If you gave consent for certain processing activities, you can withdraw that consent. The withdrawal of your consent does not affect the lawfulness of the processing that was based on your consent before you withdrew it. The withdrawal is only applicable to future processing activities.

    If you want to submit a request to exercise one of your rights, you can send this request to:

    By mail
    Attn: Privacy, Team Legal
    PO Box 3142
    6802 DC ARNHEM

    By email
    privacy@teameiffel.nl

    After we have received your request, we may contact you to verify your identity. After the identification process, we will assess your request. Team EIFFEL is not obligated to comply (fully) with your request in all circumstances.

  • On our website careers.teameiffel.nl, you can make use of the AI career coach. The answers that you provide to the statements that you fill in help you with finding a suitable vacancy. The career coach makes use of AI (Artificial Intelligence). Here you can read how this works.

    Your answers to the questions provide insight into your preferences and your interests. We share your answers and our knowledge of skills that match our vacancies with the AI (Large Language Model/LLM) through a separate server. The AI generates a vacancy recommendation with this information. This vacancy recommendation is shared with our server. Our server then shares the vacancy recommendation with you. The vacancy recommendation is a tool to help you quickly discover which positions match your preferences and your skills. We do not ask for your personal data when you use the career coach. And we do not link your answers to you as a person. The answers are not used in the subsequent application process. What you decide to do with the recommendation is entirely up to you. You can also always view our complete vacancy offering without using the career coach. And you can apply directly for any vacancy.

    Because the tool makes use of AI, we are legally obligated to monitor the operation of the tool. We must also improve the tool if this is necessary. To be able to do this, we store the combination of the answers to the statements for a limited period of time.

  • If you have an objection or a complaint about one of our processing activities involving personal data, then you can contact us using the contact information provided below. We will do our best to reach an appropriate solution together with you. In addition to contacting us directly, you also have the right at any time to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

    Contact details:
    Email:
    privacy@teameiffel.nl

    Mail address:
    attn. Privacy, team Legal
    Mailbox 3142
    6802 DC ARNHEM

    If there is a data breach, or if you suspect that there may be a data breach, then we request that you report this immediately. You can report a (suspected) data breach via privacy@teameiffel.nl. Please include your name and contact details in the report, as well as a description of the situation.

  • This privacy statement was last modified on 29-1-2026. We may adjust this privacy statement from time to time to reflect changes in our processing activities or changes in applicable laws and regulations. If there are major changes to this privacy statement, we will inform you about these changes through our website. You will always find the most recent version of this privacy statement on teameiffel.nl/en/privacy-statement/