GITP aims high when it comes to the quality of its services. One important aspect of this quality is the protection of information and the privacy of (potential) clients and participants and careful handling of their (personal) data, in accordance with what is provided for in the Dutch Personal Data Protection Act, and the professional, sector-specific and/or ethical codes of conduct applicable to particular services (including those of NIP, ROA and NRTO).
This information security policy has been evaluated by an independent certifying body (Lloyd’s Register LRQA) and certified to the international information security norm ISO 27001:2013.
Privacy of users of (mobile) websites; recipients of newsletters, periodicals
GITP respects the privacy of users of its (mobile) websites, recipients of digital newsletters and periodicals from GITP. Of course, your personal data will be treated confidentially.
Want to know more?
Gathering and processing personal data
Depending on the specific service GITP gathers and processes a range of personal data with the following purpose in mind:
- To be able to communicate with you as the client or participant, for example in order to be able to answer your information or offer requests.
- To be able to carry out the agreed service (such as an assessment or training course).
- To perform adaptations related to the operational management of GITP.
- To conduct research with the aim of monitoring the quality of tests/questionnaires (amongst other things, to determine and refine norm scores), to compile benchmarks and statistical analyses. Reporting can be done at group level upon instruction to do so; these reports shall not be traceable to the individual participant, unless the participant has agreed to such.
GITP employees are contractually obliged to preserve the secrecy of confidential information, including personal data. Information is classified, and only authorised employees have access to information. Employees have been instructed how to deal with confidential information. Any third parties involved in service performance or support are also contractually obliged to observe secrecy and - where applicable - shall be bound by further instructions.
On occasion by virtue of a statutory obligation or a dispute certain information must be provided to an external partner, for example in the event of a collection procedure.
Retention period personal data, inspection, deletion
Personal data will not be stored for longer than required for the purpose for which it has been gathered. For the assessment file data there is a retention period of two years. Only if the participant has given consent to do so, will the assessment report be made available to the client.
Participants in a service will be informed in more detail about the purpose, resources, retention period, rights (for example, right to inspection and correction, and deletion, in accordance with what is provided for in the Dutch Personal Data Protection Act) and any other pertinent or relevant matters for the processing of their personal data.
GITP respects the privacy of visitors to its (mobile) websites