Arcadis understands that being open and transparent about how we manage, use and process your data is of the upmost importance. We are committed to protecting your personal data.
How do we ensure your data is protected and what are your rights?
Privacy Notice – whether you’re a Client, supplier or business partner this notice explains how and why we collect and use individuals’ data. It also outlines your rights on how to obtain, review or withdraw your data. We may change this Privacy Notice from time to time. Any such changes will be posted here and any material changes will be made prominent. We encourage you to review this page from time to time.
This Privacy Notice is applicable to the processing of all personal data of Business Contacts of Arcadis N.V. and its group companies (together ‘Arcadis’). ‘Business Contact’ or ‘you’ means each individual whose personal data is processed by Arcadis in the scope of delivering services to clients, recipients of commercial messages or Arcadis, receiving services from suppliers and providing services together with business partners. This includes people working at Arcadis as consultants or employees of third parties providing services to Arcadis. Employees of Arcadis, including job applicants or former employees of Arcadis, including temporary workers working under the direct supervision of Arcadis (e.g. independent contractors and trainees) are referred to the Arcadis Employee Privacy Notice.
The local Arcadis entity you are dealing with and Arcadis N.V. are the controllers of the your personal data as described in this Privacy Notice. The contact details of the your local Arcadis entity and Arcadis N.V. can be found at the Arcadis website .
2.1. Arcadis processes your personal data for the purposes as set out below. If Arcadis processes personal data for other purposes than as listed in this Privacy Notice, you will be informed thereof separately where required and consent will be sought if applicable local law so requires.
3.1. The below overview contains the categories of personal data processed by Arcadis for the purposes described in this Privacy Notice. If Arcadis processes other categories of personal data than as listed in this Privacy Notice, you will be informed separately thereof where required and consent will be sought if applicable local law so requires.
3.3. Arcadis will usually obtain personal data from you directly or via the relevant client, supplier or business partner. Your personal data may also be obtained by Arcadis via public sources, including sanction lists, trade registers and online social media like LinkedIn.
4.1.In general, Arcadis will retain your personal data for the duration of your business relationship with Arcadis (e.g. during the time Arcadis services are delivered to your employer and you are our Business Contact or during the time that Arcadis sends you commercial messages you are interested in, such as newsletters) and with a maximum of 24 months thereafter.
4.2. Arcadis deviates from these retention periods if your personal data is relevant for legal obligations. In such cases, Arcadis will retain your personal data for the period as required by that legal obligation (e.g. for the time Arcadis needs to keep record of its financial transactions based on tax legislation of for the time Arcadis needs to keep record of its activities in scope of screening against publicly available sanction lists).
4.3. Arcadis will also deviate from these retention periods if Arcadis has a pressing interest to keep your personal data longer (e.g. in case of ongoing or expected litigation).
5. Personal data access and transfer
5.1. Access to your personal data is only authorized to the extent such access is necessary to serve the intended purpose and for the respective staff to perform their job. Those that are authorized to access your personal data may include the Arcadis point of contact, and Arcadis personnel such as within Finance, Reporting, Internal Audit, IT, marketing and Legal.
5.2. From time to time, Arcadis may need to make personal data available to unaffiliated third parties, such as service providers (companies that provide products and services to Arcadis such as payment providers, IT systems suppliers), professional advisors (such as accountants, auditors, or lawyers), public and governmental authorities (entities that regulate or have jurisdiction over Arcadis such as regulatory authorities, law enforcement, public bodies and judicial bodies), or in the context of corporate transactions (in connection with any proposed or actual reorganization, merger or sale). Arcadis will put in place agreements with third party service providers and professional advisors to protect your data protection interests.
5.3. Due to the global nature of Arcadis’ operations, Arcadis needs to disclose personal data to its own personnel and departments in other countries. Some of the unaffiliated third parties may also be located outside of your home jurisdiction. Where such international data transfer takes place to a country that has a different data protection regime, Arcadis will ensure that the international data transfer will not negatively affect the level of protection of your personal data. Where required, Arcadis will inform you of any additional details on the international data transfer.
5.4. In case the recipient of the personal data is based outside the EEA in a country that is not considered to have a level of data protection adequate to the EU, Arcadis will ensure that this transfer is based on appropriate safeguards including EU Model Clauses or Binding Corporate Rules. Information on such safeguards can be obtained via the Arcadis Privacy Officers at firstname.lastname@example.org.
6.1. Arcadis will take appropriate technical, physical and organizational measures to protect personal data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure acquisition or access, that are consistent with applicable privacy and data security laws and regulations. This will include requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.
7. Access and correction requests, questions and complaints
7.1. You have the right to request an overview your personal data processed by or on behalf of Arcadis. If the personal data is incorrect, incomplete, or not processed in compliance with applicable law, you have the right to have this personal data rectified, deleted or restricted (all as appropriate). You also have the right to object to processing of your personal data (as appropriate). You can exercise your right by contacting the Arcadis Privacy Officers at email@example.com. If you currently receive marketing emails from us, you can manage your subscription by clicking on the “Manage Communication Preferences” links contained within our emails. Alternatively, please contact firstname.lastname@example.org with your request.
7.2. For data protection or privacy related complaints, you also have the right to file a complaint with the applicable supervisory authority.
7.3. If the processing of your personal data was based on consent, you have the right to withdraw such consent at any time. Such withdrawal will not affect the lawfulness of the processing based on consent before the withdrawal.
7.4. If you are based in the EU, you also have the right to data portability, meaning that a copy of your personal data provided by you to Arcadis will, at your request, be transferred to you in a common machine readable format or transmitted to a third party without hindrance.
Effective 23 May, 2018
The world is a complex place, Arcadis helps you navigate this complexity by understanding the bigger picture. Click here to read some of our experts' latest thinking.
Arcadis is committed to providing a healthy and safe work environment for all our employees.