HES Privacy Statement
Third Parties

HES International B.V. and all its direct and indirect subsidiaries ("HES”) possess and will collect personal data about you both prior to, during and after your affiliation with HES. HES respects your privacy and will treat your data in compliance with the applicable employment laws and data protection laws, including the General Data Protection Regulation. In this policy we describe how and for what purposes HES collects and uses your personal data.

The companies processing your personal information are:

HES International B.V.

  1. WHOSE... personal data is being used?

HES collects and handles personal data in relation to (potential) clients, visitors and website visitors. 

  1. WHAT... personal data is being used?

Personal data, or personal information, means any information relating to an identified or identifiable natural person. Depending on the circumstances, we may collect, store, and use (all together: process) information that you give us (for example by filling in forms on our website or corresponding with us by phone, e-mail or otherwise) or information that we collect from you (for example, when you visit our website ( the web server collects some basic information such as your browser type). The personal data that we process may include the following categories of your personal information:

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses.
  • Information about your business relationship with HES, and information about your professional role, background and interests. If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.
  • If you visit our website it will automatically connect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and version and the pages on our site that you visit. [Our website may also download "cookies" to your device – this is described in our separate cookie statement which can be found on  
  • License plate number.
  • We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.

This personal data will be updated from time to time, for example by receiving new information from you directly. It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your working relationship with us.

  1. WHY… is your personal data being used?

We will only process your personal information when the law allows us to and/or requires us to do so.

We are required by law to have a ground set out in the law to process the information we hold about you. Our processing of your personal information is based on the following legal grounds:

      1. when you have given us your consent to process your personal data;
      2. the performance of a contract to which the data subject is a party or in the performance of pre-contractual measures resulting from a request by you and which are necessary for entering into a contract;
      3. the processing is necessary to comply with legal or regulatory obligations;
      4. the processing is necessary to secure a vital interest of the data subject or of another natural person (such as emergency contact information for your next of kin in the event of an emergency); and/or 
      5. the processing is necessary in the legitimate interests of HES in exercising its and its staff fundamental rights to run a business in a way which does not unduly affect your interests or fundamental rights and freedoms. When processing is necessary for the legitimate interests of HES, we ensure that processing is conducted in such a manner that our legitimate interests outweigh any individual’s interest.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We will only process your personal information as necessary so that we can pursue the purposes described above, and then only where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest in pursuing those purposes.

In exceptional circumstances we may also be required by law to disclose or otherwise process your personal information.

We will tell you, when we ask you to provide information about yourself, if provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. Otherwise you should assume that we need the information for our business or compliance purposes (as described below).

The company collects and processes personal information:

Determining or agreeing with you (or your employer or a company related to you) the terms on which we work together.

      1. Providing contractual benefits to you.
      2. Administering the contract we have entered into with you.
      3. Business management and planning, including accounting and auditing.
      4. Conducting performance reviews, managing performance and determining performance requirements.
      5. To contact you about your or our service requirements.
      6. Making arrangements for the termination of our contractual relationship.
      7. Dealing with legal disputes involving you.
      8. Complying with (internal and legal) health and safety obligations.
      9. To contact you with information about (y)our services.
      10. To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
      11. To operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations.
      12. To protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes; and
      13. To comply with our legal and regulatory obligations and bring and defend legal claims.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. We may from time to time review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above.

Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left HES).

  1. WHAT… happens if you do not provide any personal data?

When our request for your personal information is a legal or contractual obligation, or a requirement necessary to enter into a contract, and you fail to provide that personal information, the consequence could be that you are not allowed to enter our offices, we cannot enter into a contract with you (or your employer or a company related to you) or we have to suspend the execution of our contract with you (or your employer or a company related to you).

  1. WHOM... does HES share my personal data with?

We may share your personal information with third parties to complete the set of purposes that we have explained above. Third parties includes third-party service providers (including contractors and designated agents) and other entities within the HES International group. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with the HES Privacy Policy. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

We may share your personal information with other entities within the HES International group as part of our regular reporting activities on company and/or group performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data. We may also share your personal data with a person who takes over our business and assets or relevant parts of them.

In exceptional circumstances, we may also share your information the competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory.

  1. DOES... HES share my personal data outside the European Economic Area?

We do not transfer your personal information outside the European Economic Area.

  1. WHAT... does HES do to protect my personal information?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They may only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.  

  1. HOW... long does HES store my personal information?

HES aims to only collect the minimum amount of personal data required. We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for. The specific period depends on the reason why we have your personal data. We determine this period in line with the HES Document Retention Policy.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker, contractor or candidate or an individual working at a clients or potential client of ours, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

  1. WHAT... rights do I have?

Under certain circumstances as defined by law, you have the right to:

    • Request access to your personal information (also known as a "data subject access request"). You can ask us whether we process any of your personal data. If we do this, you can request to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request to be forgotten. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your personal information to you or a third party in a structured, commonly used and machine-readable format (also known as “right to data portability”). 

If you want to make use of any of these rights, you may contact our Compliance Officer at You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

  1. WHO... can I contact if I have questions or concerns?

If you have any (possible) concerns on this privacy statement you may report these to the Deputy Chief Compliance Officer ( You can also contact the local compliance officer in case of any questions or requests.

You also have the right, at any time, to lodge a complaint about our processing of your personal information with a data protection authority. The relevant contact information can be found here:

  1. HOW... do you handle changes to this privacy notice?

This privacy statement will be reviewed by regularly and in addition may be reviewed from time to time to take account of, for example, changes to legislation, regulatory developments and organizational changes.

A new privacy statement will be provided to you when any substantial changes are made. We may also notify you in other ways from time to time about the processing of your personal information.