Skip to main content

Privacy beleid

For Recruitment and Selection at the Rijksmuseum

This is the Privacy Policy for recruitment and selection of the Stichting Het Rijksmuseum, located at Hobbemastraat 20, Amsterdam ("Rijksmuseum," "we," or "us"). It outlines how we handle personal data in our recruitment and selection processes. The Rijksmuseum values your privacy, and we will always process your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Scope

This Privacy Policy for recruitment and selection applies to all personal data collected by the Rijksmuseum about its (potential) applicants, including those who register for job alerts, candidate employees, guest researchers, secondees, honorary staff, fellows, temporary workers, freelancers, volunteers, and interns (hereinafter collectively referred to as "Candidates"). Personal data includes information that allows us to identify you as an individual, as outlined below in 'The personal data we process about you.' The Rijksmuseum is the controller of your personal data. We recommend that you read this Privacy Policy for recruitment and selection carefully, so that you are well informed about which personal data is processed and for what purposes.

2. The personal data we process about you

The personal data that we collect, and use includes:

  • Your name, email address, address, (mobile) phone number, date of birth, gender, nationality, LinkedIn page, and other contact and identification details.
  • Information provided by you in the context of your application, such as details on the application form, your covering letter, and CV, including personal characteristics, education, training, language proficiency, work experience, references, and research proposal.
  • Psychological data, such as the results of an assessment.
  • Other personal data arising from and related to your (open) application or candidacy at the Rijksmuseum.

3. Purposes and legal basis for processing your personal data

The Rijksmuseum collects and uses your personal data for the necessary purposes outlined below, and in compliance with established legal procedures.

  • Collection necessary for the performance of your (open) application/candidacy with the Rijksmuseum

Your personal data is collected and processed to enable the execution of the recruitment and selection process, sending job alerts, and maintaining contact regarding your (open) application/candidacy.

In addition to these necessary reasons, we may, in limited circumstances, ask for your consent to process certain data. If we do this, we will provide you with full details of the processing and the reason for which we need the personal data. This allows you to carefully consider whether to freely give your consent. At that time, you will also be informed that the given consent can be withdrawn by you at any time and how you can do so.

4. Who has access to or receives your personal data?

Only authorized employees of the Rijksmuseum have access to your personal data and only in as far as it is necessary for the performance of their duties at the Rijksmuseum, including the Human Resources, Management, and Finance departments. In the context of the recruitment and selection procedure, the Rijksmuseum may appoint a committee that includes external assessors. In this case, the Rijksmuseum grants committee members access to your personal data only as far as is necessary for the selection and assessment of candidates. Additionally, the Rijksmuseum may engage third parties, such as IT hosting providers and service providers like a recruitment agency, who share personal data. In all cases where the Rijksmuseum engages a third party, a data processing agreement will be established with these parties in accordance with the GDPR regulations.

Apart from this exception, stated here in point 4, we will not disclose the personal data you provide us with to third parties without your explicit prior consent, unless it is necessary for the purposes described in point 3.

Finally, we may pass on your personal data to the relevant authorities in the context of compliance with our legal obligations.

5. Transfer of your personal data

Unless otherwise stated, we only process and store your personal data within the European Union. Our service providers may transfer your personal data outside the European Economic Area ("EEA") to a country that does not provide the same level of protection under European law. In that case, we will take the necessary steps to ensure that your personal data is adequately protected, such as agreeing to standard contractual clauses approved by the European Commission with parties located outside the EEA. You can request a copy of these model contractual provisions, which include the security measures, via PenOadministratie@rijksmuseum.nl.

6. Security

We take appropriate and reasonable security measures to protect your personal data against unauthorized access, modification, disclosure, loss, or improper use and to protect the accuracy and integrity of your personal data. In terms of access to our systems we ensure a level of security appropriate to the risk, taking technical and organizational measures, which includes security.

7. How long do we retain your personal data?

The retention period of your personal data depends on the consent you gave during your registration, where you are provided with a choice; to allow the data to be kept for 12 months after registration or for 4 weeks after the closure of the application process. This period may be extended by 12 months if you give consent after receiving an email reminder.

The correct period can be found in the Rijksmuseum’s data retention policy, which can be requested by contacting PenOadministratie@rijksmuseum.nl. Once the applicable retention period has expired, Candidates’ personal data will be securely deleted or destroyed.

8. What rights do you have regarding your personal data, and how can you exercise these rights?

Based on applicable laws and regulations, you have various rights regarding your personal data, including:

  • Right of access. At your request, we will provide you with information free of charge regarding the personal data we process about you.
  • Right to rectification. At your request, we will correct, supplement, block or delete your personal data if it is factually incorrect, incomplete or irrelevant to the purpose or purposes of the processing, or if they are processed in any other way that infringes a legal provision.
  • Right to withdraw your consent. You can withdraw your consent for future processing of your personal data by us at any time.
  • Right to restriction. If applicable, you have the right to restrict the Rijksmuseum from processing your personal data. This means that your personal data may (temporarily) not be processed and may not be modified.
  • Right to erasure. If applicable, we will erase your personal data without unreasonable delay (right to be forgotten).
  • Right to object. If applicable, you have the right to object to the processing of your personal data based on, among other things, the 'legitimate interest' basis of the Rijksmuseum.
  • Right to data portability. If applicable, we will provide you with an overview of the personal data you have provided to us so that this data can be transferred to another data controller, to the extent that this is technically possible (data portability).
  • Right to lodge a complaint. Finally, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is processed in violation of this privacy statement. If you want to exercise any of your rights, you can do so by contacting PenOadministratie@rijksmuseum.nl.

9. Contact details

If you have any questions about this Privacy Policy, the way we process your personal data or if you would like to exercise your above rights, please contact the Rijksmuseum via the contact details below:

PenOadministratie@rijksmuseum.nl.

10. Final provisions

If an application leads to an appointment at the Rijksmuseum, the Privacy Policy for employees applies.

The Rijksmuseum reserves the right to adjust the policy.

If this arrangement does not provide for a specific case, the management will decide.