This Privacy Statement applies to grant applicants and (potential) grantees (Grantees) that share personal data with Porticus Amsterdam C.V. and its affiliated Porticus group entities (Porticus). Porticus is the international organization that manages the philanthropic programs of charitable institutions set up by entrepreneurs from the Brenninkmeijer family, including Auxilium, Benevolentia and Clementia (Foundations). Porticus provides these institutions with strategic advice on their donation programs and offers a wide range of services in the field of donation management. Porticus processes personal data of Grantees in the course of providing its services to the Foundations. When processing personal data of Grantees, Porticus and the Foundations are joint data controllers. With this Privacy Statement, Porticus and the Foundations aim to be transparent about the way in which personal data relating to Grantees (if any) is processed. Porticus’ entities are located across the globe. Each Porticus entity shall adhere to this Privacy Statement, unless local law requirements demand otherwise.
For the purposes of this Privacy Statement, the following definitions apply:
• Personal data means any information relating to an identified or identifiable natural person (a ‘Data Subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data, or one or more factors specific to the physical, economic, cultural or social identity of that natural person.
• Processing means any (set of) operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment, combination, restriction, erasure or destruction.
• Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Joint Controller means two or more controllers who jointly determine the purposes and means of processing.
This Privacy Statement may be changed over time. You are advised to regularly review the website of Porticus and/or the Foundations for possible changes to this Privacy Statement. This Privacy Statement was last amended on 1 September 2018.
At Porticus and the Foundations, we are committed to maintaining the accuracy, confidentiality and security of personal data. We may process your personal data:
• in order to assess grant applications diligently, when such personal data is included in the information provided to us in the context of a grant application or proposal.
• as part of our relationship management with Grantees, and for Porticus also in the context of developing strategic grant making advice.
• to enter into an agreement, to facilitate a payment, or to fulfil obligations under an agreement.
We may, in the context of grant management and depending on the relevant circumstances, collect the following categories of personal data (not limitative, and not always applicable):
• Name and contact details (including title, address, telephone numbers, email addresses)
• Logs of communications with us (including emails)
• Photos (relating to approved projects and grants)
• Financial information (relating to payment details)
• Incident reports
We also collect certain information through our websites, including technical data (such as the IP address, web browsers, click and surfing behaviour).
Please refer to the Website Privacy Statements on the respective websites of Porticus and the Foundations for more information. We process such personal data on the basis of the following grounds:
1. Consent by the data subject
2. Requirement to fulfil contractual obligations
3. Legitimate business purpose (relationship management, cross referencing Grantees, etc.)
4. Compliance with local laws
We collect and process personal data to enter into agreements and/or to comply with applicable statutory requirements. More specifically, we process personal data for the below purposes:
• Assessing submitted grant applications and proposals
• In respect of Porticus, for developing strategic advice for Auxilium
• Relationship management with Grantees and co-funders
• Compliance with laws and regulations (identification obligations, fraud prevention, internal controls and company security, tax law, archiving)
• Regular course of business (for example, when you send an email, we process your contact details, the contents of your message, any attachments you add to your message)
Please note that you are not obliged to provide personal data to us. However, in order for us to enter into agreements and / or to comply with statutory requirements, we require personal data to be provided. If you decide not to provide us with personal data, we may not be able to enter into an agreement with you
Porticus and the respective Foundations are the joint controllers for your personal data, which means that Porticus and the respective Foundations jointly determine what personal data is collected and for what purpose, and is responsible for the protection of such personal data. Porticus and the respective Foundations have entered into joint controller agreements pursuant to which they have allocated their responsibilities in respect of the protection of personal data.
Porticus comprises of different group companies, located in- and outside the EU. Personal data submitted to one Porticus entity may be shared with other Porticus entities. All Porticus entities have agreed to adhere to the standard model clauses of the European Commission for data transfer. Depending on the specific circumstances, our affiliated and related entities may be granted access to your data, for example to assess and review Grantees or to execute grant agreements.
In general, we enter into processing agreements with all third party data processors. These agreements include adequate obligations to safeguard that your personal data is being shared with that data processor only for the purpose of providing the agreed services to us. If it is required that your personal data is transferred to a country that does not provide an adequate level of protection of personal data, we will take measures to ensure that your personal data are adequately protected in accordance with the applicable legal requirements.
We may use various systems to collect and store your personal data, such as a management information system. We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have, and ensure that our data processors have, implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, and against all other forms of unlawful processing (including, but not limited to, unnecessary collection). The retention period for storing personal data varies, depending on the type of personal data, the purpose for which it was collected, and local laws. We do not store personal data beyond the permitted retention period in accordance with applicable law.
You can request access, correction, restriction, portability, objection or removal of your personal data at any time by sending a request to Porticus via email@example.com.
In the event we are processing your personal data on the basis of consent, you have the right to withdraw your consent at any time.
Should you have any questions regarding the collecting or processing of your personal data, or if you are unsatisfied about the way in which we are processing your personal data, please contact firstname.lastname@example.org.
In the event you are an EU data subject and you are unsatisfied with the response you receive from us in relation to your request or complaint, please be aware that you have the right to submit a complaint with the local data protection authorities in your country. We also have an obligation to report all material data breaches to relevant data protection authorities within 72 hours of the data breach occurring.
At Porticus we are committed to protecting and maintaining the privacy, confidentiality and security of the personal data of external and internal applicants. When an applicant visits the Porticus career website, LinkedIn, or uses the internal job vacancies site, we collect information (personal data) about the applicant (e.g. via web forms).
Porticus’ entities are located across the globe (www.porticus.com). This Recruitment Privacy Statement applies to all applicants and each Porticus entity shall adhere to this Recruitment Privacy Statement, unless local law requirements demands otherwise.
Porticus uses the applicant’s personal data in a fair and lawful manner; this means that Porticus will collect and process personal data in accordance with applicable privacy laws. Protecting the privacy and personal data of applicants is of the utmost importance to us and is a significant aspect of the way we create, organise and implement our recruiting activities.
This Recruitment Privacy Statement is applicable to Porticus recruitment and selection activities and is intended to inform applicants
Throughout this Recruitment Privacy Statement we use the term “processing” to cover all activities involving your personal information, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of the information.
This Recruitment Privacy Statement may be modified from time to time to comply with applicable laws or to reflect updated business practices
Porticus’ job vacancies sites (www.porticus.com) offer applicants the opportunity to apply on-line (both unsolicited applications and Porticus current open positions).
Personal information submitted by an applicant to Porticus (applicant data) will only be used by Porticus to support a responsible, effective and efficient recruitment and selection process. Applicant data can also be used for anonymised reporting purposes. We will collect and process applicant data in connection with unsolicited applications and from Porticus open positions. We will process applicant data for recruitment purposes only.
Porticus recruitment purposes are:
Not all of the purposes set out above will apply to you all of the time and will always be in accordance to local law.
Porticus collects and processes applicant data submitted by an applicant to Porticus through the Porticus recruitment website www.porticus.com or the internal recruitment channels in case of internal applicants.
Porticus also collects and processes applicant data through other channels, including personal contacts, phone calls, and social media.
Porticus can, subject to the relevant circumstances and depending on the vacancy and location, collect the following applicant data (not limitative, and not always applicable):
Personal details: Personal contact details; date of birth; gender; civil status; nationality; photograph
Recruitment related information: CV; employment history and educational history details; previous employers; references; background screening information
The applicant data that Porticus collects and processes will be adequate, relevant and not excessive relative to the specified purposes for which the applicant data are collected and processed. Applicant data will be as accurate as possible and, as necessary in accordance with applicable laws, kept up to date by applicants and Porticus.
Porticus does not collect, process or store any sensitive applicant data, such as data that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sexual preference. If, owing to certain circumstances, Porticus does collect sensitive applicant data, the applicant’s explicit written consent will be obtained before such sensitive data is processed.
Please note that by providing Porticus with unsolicited sensitive applicant data, the applicant consents to Porticus’ processing of this sensitive applicant data for recruitment purposes only.
Porticus may disclose certain applicant data to a supplier or contractor organisation supplying services which require the use and/or creation of applicant data for the purposes described in this privacy statement and in accordance with applicable laws. Prior to disclosing any information to any third party, Porticus will ensure that all third party recipients are bound to strict standards of information security.
Porticus does not sell or trade applicant data to any third party. Porticus may be obliged to disclose certain applicant data to third parties, such as government authorities, in accordance with applicable laws. It may also be necessary for Porticus to disclose applicant data so as to protect the legal rights of Porticus, again in accordance with applicable laws.
Porticus operates as a global organisation. As a consequence, applicant data may need to be transferred within the Porticus group to another country under certain circumstances. To ensure that an applicant’s application is duly processed, it may be necessary to process and transfer applicant data within the Porticus’ group outside the country of origin of the applicant. Porticus will ensure adequate security measures for the transfer and processing of applicant data to the locations in the various countries where Porticus operates.
Porticus will retain applicant data during the recruitment and selection process. Porticus will only retain applicant data after the recruitment and selection process if there is a legal obligation to do so (e.g. equal opportunity requirements in local employment laws). Retention periods in local legislation always need to be taken into account and complied with. After the retention period the applicant data will be completely deleted from the Porticus system.
Applicant data will be kept or stored for a maximum of one year. Porticus may request your consent to hold your applicant data on file longer in case a suitable vacancy arises or for purposes to building a talent pool.
We have taken adequate safeguards to ensure the confidentiality and security of your personal data. Porticus has, and ensures that its processors have, implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, and against all other forms of unlawful processing (including, but not limited to, unnecessary collection).
Porticus also ensures (contractually) that third parties and affiliates processing applicant data on Porticus’ behalf, will observe similarly adequate security measures again in accordance with applicable local legal requirements.
Access to applicant data is limited to Porticus processors who are involved in recruitment activities.
An applicant has the right to access his or her applicant data that Porticus holds. An applicant has the right to request Porticus to correct his or her applicant data. Correction also implies supplementing, deletion, blocking or ensuring in another way that applicant data will no longer be used. Porticus only has an obligation to correct applicant data when the data is factually inaccurate, incomplete or irrelevant to the purpose for which Porticus processes the data.
Please note that this contact information can only be used to handle privacy related enquiries. Information about Porticus positions or other non-privacy issues will not be answered.
Please send any questions, comments or issues about this privacy statement or Porticus’ applicant data collection and processing activities to email@example.com