Date dernière mise à jour : 4 avril 2025
This Policy sets out the principles and guidelines for the protection of personal data (hereinafter the “Data”) and for safeguarding the rights of data subjects in relation to processing activities carried out by PaHRtners and its platform https://www.pahrtners.be/fr/.
The processing of personal data by PaHRtners is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”), as well as by the Belgian Law of 30 July 2018. The competent supervisory authority is the Data Protection Authority (APD) – www.autoriteprotectiondonnees.be.
The purpose of this Policy is to inform you about how we collect, process and use personal data (PD), and about the rights you have over such data when using the PaHRtners website.
This Policy may be supplemented or replaced by any contractual document having the same purpose, concluded by PaHRtners with one or more data subjects. It may also be amended in line with changes to the website.
The term “Data” corresponds to the definition under the GDPR: personal data (PD) is any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to that person, hereinafter referred to as the “Data Subject”.
This Policy applies to all Data processed by PaHRtners, regardless of how it is collected or processed.
In this context, our data processing policy is based on the following key principles:
The terms defined below shall have the following meaning in this document (hereinafter the “Charter”):
The Data Controller will be PaHRtners or one of its Partners, depending on the Service used:
This Charter applies to our Platform, to websites of other publishers offering PaHRtners’ Services in white label, and to any other initiative involving the collection of Data. Specific terms and conditions may supplement it where necessary.
Data entered as part of the use of Partner Services, for which PaHRtners is not the Data Controller, are excluded from the scope of this Charter.
This Charter has been drafted in line with applicable data protection legislation, in particular the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. It also takes into account the ePrivacy Directive, as transposed into Belgian law by the Law of 13 June 2005 on electronic communications, especially for rules relating to electronic marketing and cookies (hereinafter the “Applicable Law”). It may be amended at any time by PaHRtners to reflect regulatory, case-law, editorial or technical developments.
Keen to build and maintain a relationship of trust with our Users and Clients – which is not only essential for any lasting relationship, but also crucial to the sustainability of our business – we are committed to collecting, processing and protecting Data in a secure manner and in full compliance with the Applicable Law.
As Data Controller, PaHRtners ensures that:
3.1 Introduction to collected data, purposes and legal bases
In order to continuously improve your experience on our Platform and provide you with personalised services, PaHRtners collects different categories of data, either directly via our Site, or through third-party services (such as Facebook, Google, LinkedIn) to which you have given your consent. We encourage you to consult the privacy policies of these third-party services.
The personal information we use for commercial or marketing purposes is that which you provide directly to us, and it is processed internally in compliance with applicable legislation.
In addition, we collect behavioural data through tracking tools such as cookies. You may consent to or refuse the use of such tools when registering on the Site (opt-in system).
The data collected enables us to continuously improve and personalise your experience on our Platform. The specific purposes of each data processing operation, as well as the legal bases on which they rely, are detailed in the table below.
The processing of your personal data may be based on the following legal grounds:
Note: this Privacy Policy does not cover the collection and processing of personal data of company employees. That processing is governed by a separate employee privacy notice.
3.2 Implementation – Table of collected data
Données collectées - Finalité - Base légale
Candidate data: last name, first name, email, telephone, CV, cover letter, photo, salary expectations, social security number, interview notes
Recruitment, assessment of applications, building a talent pool
- Performance of pre-contractual measures (Art. 6.1(b))
- Legitimate interest for retention (Art. 6.1(f))
- Consent (for extended retention or special categories of data – Art. 6.1(a) + Art. 9.2(a))
Client data: last name, first name, professional email, professional phone, position, history of exchanges, recruitment needs
Client relationship management, recruitment assignments, B2B prospecting.
- Legitimate interest (Art. 6.1(f))
Data collected via the website: information entered in contact forms, applications sent by email, IP addresses (via logs or cookies)
Handling incoming requests, managing applications, traffic analysis
- Consent (Art. 6.1(a));
- Legitimate interest for managing requests (Art. 6.1(f))
HR and administrative data (employees): contractual data, contact details, working hours, payslips, social data, signed documents (DocuSign)
Staff management, HR and social law obligations
- Legal obligation (Art. 6.1(c));
- Performance of the employment contract (Art. 6.1(b))
Data from tools used: data already mentioned above but stored or processed via:
• Tools for Staffing (T4S): CV management
• HubSpot (CRM): client and prospect management
• Monday: project tracking
• OneDrive: document storage
• SDWorks: payroll & HR
Internal organisation, collaboration, recruitment, commercial and administrative management
- Legitimate interest (Art. 6.1(f));
- Legal obligation for SDWorks (Art. 6.1(c));
- Performance of a contract (depending on context – Art. 6.1(b))
The Data retention period depends in particular on the legal basis for collection and on whether you are a PaHRtners Client or a User of Partner Services.
4.1 Retention periods
In line with GDPR principles and with respect for your privacy, PaHRtners keeps your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or regulation.
The table below sets out the specific retention periods for the main categories of data we collect:
Type of data and Retention period
Candidate data
2 years after the last contact, unless the candidate agrees to a longer retention
Client data
5 years after the end of the contractual relationship
Data collected via the website
1 year for contact forms, 2 years for applications
Administrative and HR data
Legal retention period under labour law (generally 5 years after the end of the employment contract)
4.2 Notes
PaHRtners also acts as a Processor on behalf of some of its partners that are Data Controllers. In this context, PaHRtners may conduct commercial prospecting on behalf of such partners. PaHRtners may also share personal data with its own processors for commercial purposes and to perform contracts, in order to improve services and propose tailored offers to clients.
PaHRtners is committed to ensuring the security of processed Data. Protection and security procedures are therefore applied to all processing operations, and enhanced measures and specific procedures are implemented for Data that may present a higher risk, in accordance with the Applicable Law. These measures protect Data against unlawful or unauthorised processing, as well as accidental loss, destruction or damage. To this end, we use in particular:
At the organisational level, several specific procedures have been implemented to optimise Data security and minimise the risk of disclosure:
These measures enable PaHRtners to ensure:
6.1 Data storage
Some of your data is stored on our own internal servers, managed with the support of our external IT provider and KERN IT. These servers are located in Belgium and are accessible only by authorised PaHRtners staff or their mandated technical partners.
Appropriate security measures are implemented, including access restrictions, password protection and regular backups.
We also use professional cloud services and software for processing and storing certain data (recruitment, project management, communication, HR, etc.). These providers are carefully selected to ensure a high level of GDPR compliance, particularly in terms of security, confidentiality and limiting transfers outside the EU.
Our main hosting or storage services include:
When data is transferred outside the European Union, this is done in accordance with GDPR rules, notably through the use of Standard Contractual Clauses, recognised certifications (such as the EU–US Data Privacy Framework), or other appropriate safeguards.
6.2 Transfer of data outside the European Union
In certain cases, PaHRtners may transfer your personal data to countries outside the European Union. Such transfers are carried out only when necessary for the purposes described in this Privacy Policy and in compliance with GDPR requirements.
When we transfer your data to a country outside the EU, we ensure that the transfer is subject to appropriate safeguards, such as:
Regarding data transfers to the United States, following the invalidation of the Privacy Shield, transfers are now carried out under the EU–US Data Privacy Framework where our providers are certified. If not, we require the application of Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure a level of protection equivalent to that required by the GDPR.
We are committed to transferring your personal data only under conditions that guarantee its security and confidentiality, and we remain available for any questions regarding these transfers.
A Data Protection Impact Assessment (DPIA) is a tool used to design processing activities that respect privacy, demonstrate GDPR compliance, assess potential risks to Data security (loss, breach, unauthorised access) and evaluate the possible impact on privacy, as well as to identify technical and/or organisational measures to protect Data. We systematically conduct DPIAs for processing operations likely to result in a high risk.
PaHRtners has therefore decided to:
PaHRtners conducts prior checks before entering into contracts with its Processors, as well as regular audits, in order to ensure that each Processor implements appropriate procedures for Data processing and complies with the Applicable Law.
8.1 Specific measures in the event of a personal data breach
In the event of a personal data breach, PaHRtners will notify the incident to the supervisory authority, the APD, no later than 48 hours after becoming aware of it, in accordance with Article 33 GDPR.
As provided in Article 34 GDPR, PaHRtners will inform the affected Data Subject of any breach likely to result in a high risk to their rights and freedoms.
8.2 Trained staff
PaHRtners is committed to training its staff and raising their awareness of their duties and obligations regarding Data protection on a regular basis. Procedures are documented and access to Data is restricted to those who actually need it.
Where clarification is needed, staff must consult the Data Protection Officer.
9.1 How to exercise your rights?
PaHRtners ensures that the Data we hold is adequate and limited to the purposes for which it is collected, accurate and updated when necessary, by allowing our Clients to modify or complete it.
At any time, you may request from the Data Controller the erasure, modification or a copy of your Data, or object to the use of your Data for direct marketing purposes, or notify us of a breach. You can contact the Data Protection Officer at: dpo@pahrtners.be or by post at: Rue du Warchais 34, 6210 Les Bons Villers.
We remind you that: PaHRtners acts as Data Controller when you use our Services. In such cases, you may contact us directly to exercise your Data rights.
Conversely, when you use Partner Services, the Data Controller is the Partner responsible for providing that Service.
9.2 What are your rights?
You have the right to:
We ensure that staff responsible for Data protection is trained and able to recognise and handle requests from Clients and Users seeking to exercise their rights.
9.3 Portability – Request for return of Client data – Access to Data
Where you have explicitly consented to the Processing of Data for one or more specific purposes, you may request that a copy of the Data you have provided to the Data Controller be sent to you, in a structured, commonly used and machine-readable format, as soon as possible, in accordance with Article 20 GDPR.
You may, if you wish, download a copy of all information entered on the Site. If you experience difficulties in obtaining a copy of your Data, please submit your request via the Contact us section of the Site.
You may transmit this Data yourself to another Data Controller or request that it be transferred directly from one Controller to another, where technically feasible.
PaHRtners reserves the right, as Data Controller, to reject manifestly abusive requests (in particular repetitive or systematic requests) and to charge a fee for any additional copies requested.
PaHRtners also reserves the right to request additional documentation for security reasons, such as a copy of your identity document, in order to prevent fraudulent requests. However, if a Data-related request is made fraudulently or by deception, PaHRtners cannot be held liable if the requester was able to provide all the required information and documents.
9.4 Request for erasure
You may request the erasure of your Data at any time via the Site in the Contact us section. After exercising your right to erasure, you will receive an email confirming that your request has been taken into account. Deletion will be effective within a maximum of 1 month, and a confirmation of erasure will be sent to your email address.
Your Data will be deleted from our client databases; however, PaHRtners will retain a record of your request and of the erasure for evidential purposes and to demonstrate compliance with procedures.
If we are unable to find your address in our databases, we will not be able to process your request.
9.5 Request for rectification
You may modify, complete or correct your Data at any time if it is incomplete or inaccurate, via the Site in the Contact ussection.
If the modification concerns your email address, this will result in the deletion of your existing Client account and the creation of a new account using your new email address.
For any other changes, two options are available:
9.6 Right to object
You may, at any time and on legitimate grounds, object to the processing of your personal Data via the Site in the Contact us section, unless the processing is required by law or where the right to object has been expressly excluded by the legislative act authorising the processing.
The objection, which is free of charge, concerns in particular the use of Data for direct marketing purposes by the current or any subsequent Data Controller.
9.7 Automated individual decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where:
9.8 Unsubscribing from PaHRtners marketing messages and newsletter
PaHRtners may send you commercial communications and newsletters to inform you about updates to our offers and new product launches. If you no longer wish to receive such communications, simply click on the unsubscribe link included in each email. Alternatively, you can go to the relevant page on our Site (email management).
9.9 Data provided as part of an application
If you have applied for a position via a job search website, your Data or CV will be processed electronically for the administrative management of your application. The recipients of this Data are the Human Resources and Recruitment teams. In accordance with the Applicable Law, you have the right to access and rectify any information relating to you.
If, after contacting us, you believe that your rights are not being respected, you may lodge a complaint with the Data Protection Authority (APD), the competent authority in Belgium:
www.autoriteprotectiondonnees.be – Rue de la Presse 35, 1000 Brussels.