Privacy

Raet uses several different methods to assure the privacy of your data and protect your personal details.

We process personal details in accordance with the applicable European privacy legislation and guidelines. Our information security policy is based on the European General data Protection Regulation (GDPR).

The GDPR identifies Raet as a ‘processor’, since our service provision focuses on processing personal, payroll and related data. The GDPR imposes requirements on the form and content of agreements with customers and suppliers. Furthermore, this act also stipulates a number of independent obligations and restrictions that apply to Raet in its capacity as processor.

Based on the GDPR we ensure that:

  • we and our suppliers comply with the law.
  • any data recorded only relates to our service provision.
  • the data recorded has been obtained lawfully and is consistent with the purpose of processing.
  • any provision of data to third parties results from the purpose of recording the data, is necessary in order to comply with statutory obligations or is done with the customer's approval.
  • there are sufficient guarantees as regards technical and organizational security.
  • data that is entrusted to us is kept secret.you, in your capacity as controller, i.e. the party responsible for processing, are able to comply with the obligation to report any data breaches.
  • data is processed in countries with a suitable security level;
  • a privacy officer is appointed as the internal supervisory and advisory official;
  • ‘Privacy by Design’ and ‘Privacy by Default’ development principles are being used;
  • Binding processing agreements will be agreed with controllers and sub-contractors.
     

The above aspects are part of our framework of standards and our information security policy, which implies that we are able to have them verified on the basis of ISAE3402 and ISO27001 standards.

Customer data

In order to be able to deliver the services agreed, Raet has customer data at its disposal. We do not use any customer data that can be traced back for other purposes, unless you give us explicit permission to do so. We have therefore imposed requirements on how customer data is handled at Raet. 

Testing

Rules and requirements governing handling customer data are laid down in the internal ‘Guideline on using customer data’. This guideline complies with the "Guidelines on personal data security" issued by the Dutch Data Protection Authority. We only use data of fictitious people to test information systems with personal data.

Returning customer data

When your contract with Raet is terminated, your data will be returned to you according to the contractually agreed procedure. We can make your data available in the form of a widely used data file and on a commonly used medium. Raet normally works with a ‘comma separated’ (.csv) file format on DVD.

Removing customer data

We remove your data from our operational systems when your contract with Raet ends based on your instructions. For technical reasons, it is not possible to remove the data from any backups that have already been stored. However, we can include agreements in the contract about saving data for later retrieval, e.g. for the tax authorities.

MKB software

Obligation to report data leaks

The obligation to report data breaches as stipulated in the GDPR requires that any data breaches are reported to the Data Protection Authority. For example, the “Guidelines on the obligation to report data breaches” issued by the Dutch Data Protection Authority provide further information about this. We will inform you, in your capacity as the controller, about relevant incidents in good time, correctly and in full, enabling you, the controller, to comply with the statutory requirements.

Data centers in the Netherlands

We use three locations where data is processed by software and stored:

  • Apeldoorn: production environment and storage location for customer data, development environment and test environment.
  • Aalsmeer: backup environment with replicated customer data and acceptance environment.
  • Lelystad: storage location for backups of encrypted customer data (off-site backup).

Youforce runs on several servers and has various hardware components. The 'Apps' and 'Options' are available to users online. The data is processed in a data center in Apeldoorn in the Netherlands. The systems are protected by means of 'hardening' as laid down in the ICT security guidelines of the Dutch National Cyber Security Center and in other related standards. You can find more details about security under 'Security'.

All computer centers and data storage comply with strict legislation.

If an emergency occurs we can switch to our second location in Aalsmeer. In order to minimize the risks of environmental factors, we have deliberately opted for a location at a considerable distance from the town of Apeldoorn. We use replication to continually keep your data in this backup environment identical to the data in the production environment. We use some of the systems in the backup environment for acceptance testing. Of course, we do not use your data for this purpose and the production data is kept physically separate from the test data.

All computer centers and data storage comply with strict European legislation on logical and physical access security and continuity.

Suppliers

We use services provided by KPN, one of the largest suppliers of data center services, for our computer centers. The systems and storage space we use are kept physically separate from the services KPN provides to other customers. KPN computer centers are extremely reliable and are certified for quality and information security. All the computer centers used are at least ISO9001 and ISO27001 certified. We test compliance with our requirements for suppliers in the production process every year and we report on this in our ISAE3402 type 2 report.

Viruses

Youforce is protected against misuse by malware and is protected by anti-virus software to prevent any connected users from being infected by viruses. 

We do not check for viruses in the data and any attachments recorded by users, since this data is not run as software programs and cannot therefore harm Youforce. We assume that, in order to protect your own data, you use virus detection and malware protection on your own systems.

 

Suppliers

Raet has various suppliers to provide our services. The tables below give an overview of these suppliers and their use in relation to Youforce.

Infrastructure

Supplier Service that is delivered Use in relation to Youforce Location of processing
Apigee Platform for API management Cloud enablement
AWS Frankfurt
Cloud VPS Cloud and infrastructure provider
Total Scheduling The Netherlands
CM TelecomProvider SMS-gateway for two-factor authentication Portal
Fox-IT Managed security monitoring Portal The Netherlands
KPN Housing, Hosting and Storage services Hosted storage for all Youforce applications The Netherlands
KPNInternedServices Cloud and infrastructure provider Total Scheduling The Netherlands
Microsoft Supplier for on premise and cloud software Database and serversoftware Microsoft Azure Ireland

Interfacing

Supplier Service that is delivered Use in relation to Youforce Location of processing
Broadbean Job board integration with YouforceRecruitment Recruitment AWS Ireland; United Kingdom
CapGemini Secure infrastructure services regarding payment files Payment manager The Netherlands
Mimir Job board integration with Youforce Recruitment Recruitment
SurfConext SSO provider for Education market Portal The Netherlands

Software

Supplier Service that is delivered
Use in relation to Youforce
Locationof processing
Activ8 Development Services Management Information England, Wales
Company.info (Webservices) Route information and postcode check for declaration functionality HR Self Service AWS Ireland
eHRMVision (TMA) Provides cloud solution for talent analysis Talent Suite
HSO Implementation, maintenance and support of Microsoft Dynamics 365 environment regarding PAWW Operational environment PAWW Microsoft Azure Ireland
IMC Cloud solution supplier for Learning Management System Training centre Youforce applications Microsoft Azure Ireland
Infravision Reseller for cloud solution ITRP ITRP is used for incident management. AWS Frankfurt
Reseller for cloud solution Right Answers Right Answers is a knowledge base for some BPO-customers
InRGY Supplier for RaaS (Robotics as a Service) Robotics Automation of standard HR-tasks for BPO-customers AWS region
Intradata Digital signature HR Self Service Microsoft Azure Ireland
Partner concerning Dossier Documents & Dossier
MobileXpense Travel and expense management (to be embedded in Youforce) HR Self Service Belgium
Onderteken.nl Digital signature (PAWW) Used for signing documents in PAWW environment The Netherlands
Pointlogic Software for strategic personell planning embedded in Youforce Prognose
Talentsoft Cloud solution provider recruitment system Recruitment
Visma - Lumesse Cloud solution provider recruitment system Recruitment AWS region
Vonq Job board integration with Youforce Recruitment Recruitment

Other

Supplier Service that is delivered Use in relation to Youforce Location of processing
PostNLCommunicatie Services
Print and mail provider Payroll and pensions (physical output)
The Netherlands