Privacy & Cookie Policy

This general Privacy Policy (hereinafter referred to as the ‘Privacy Policy’) regulates the processing of your personal data by CFR Group (hereinafter referred to as ‘CFR’, ‘we’, ‘us’, ‘our’) in the context of your visit to our website, at the office, or in your communications with us via our website, email, telephone, fax, and social media.

When you accept this Privacy Policy, you give us your consent to process your personal data in accordance with the provisions in this policy as stated below.

What do we use your information for?

1. General

1.1 Your personal data is processed by CFR Group

1.2. Within our organization, the data is only accessible to employees who, depending on their jobs, must have access to this data. If you have additional questions and/or would like more information, please don’t hesitate to contact our Data Protection Officer (DPO)

1.3. The General Data Protection Regulation defines personal data as the following:

any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

When this Privacy Policy refers to personal data, it is referring to it in the sense of this definition from the Regulation.

We do not process any special categories of personal data. Processing of special categories of personal data is understood to mean:

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

2. The types of personal data we process

2.1. When you use our website, we collect the following:

  • technical information relating to the device you are using, such as your IP address, browser type, geographic location, and operating system; and
  • information relating to your browsing behavior, such as the amount of time you spend on a page, what links you clicked, which pages you visited, and how often you visited a specific page.

2.2 When you fill in a contact form on our website, subscribe to our newsletter, participate in a survey, or contact us by email, telephone, fax, or social media, we collect the following:

  • the identification data that you provide to us, such as your name, email address, postal address, telephone number, employer, and position;
  • the contents of the message and the technical details thereof (which one of our employees you are communicating with, the date, the time, etc.); and
  • any other personal data that you provide to us.

2.4. When you are invited to CFR for a selection, development, or recruiting project, we request your consent to process your personal data.

The consultant with whom you are interviewing will process all of the data you have provided into well-founded recommendations concerning your candidature, development, or further evolution within the organisation for which you are at CFR. You will also receive a business card from this person afterwards. If you have listed any references, you hereby give the CFR consultant the consent to contact these people in the context of this recommendation application and to verify the relevant information.

The recommendation or report is intended for the HR manager, the general manager, or any other authorized parties within this organisation and CFR will send it only to these parties. Any further distribution of the report becomes their responsibility. CFR stores this report for a maximum of three years. You may consult the report during this period. The CFR consultants also have access to this data for a maximum of three years. Naturally, they are bound by their professional confidentiality.

The consultant will discuss all the data acquired with you at your request. This is done after the processing thereof and after the principal has received the report. If you wish, you may request a copy of the assessment report after completion of the feedback meeting with one of our consultants. The further communication of this confidential data or the careless storage thereof is your full responsibility.

2.5. When your company requests to work together with us, we store data on you. This data includes, but is not limited to:

  • the contact data that you provide to us, such as a name, email address, postal address, and telephone number;
  • your job title;
  • your company;
  • the contents of the message and the technical details thereof (which one of our employees you are communicating with, the date, the time, etc.); and
  • any other personal data that you provide to us.

2.6. When you give us your business card: if you have given us a business card in any way whatsoever, then we will input your data into our database of general contact data. We assume that by giving us your business card, you have also given us your express consent to be included in our database.

Moreover, we will also save certain publicly available information that we find about you in our database to complete your contact data. This concerns the following sources: public databases on the internet, such as LinkedIn, databases with company data, and company websites.

3. The purposes for which we use your personal data

3.1. We process your personal data to provide you with the requested information, products, and services (management of contacts and public relations) in a personal, efficient manner.

The legal grounds for this is consent and legitimate interests (specifically, freedom of enterprise).

3.2. When you are looking for a job, we process your personal data for the following (applicant management) purposes:

  • to help you find the right job;
  • to communicate with you about job vacancies and the progress of any applications;
  • to provide your data to the appropriate future employers, on the condition that you have specifically given us consent to do so;
  • to provide you with notifications concerning open positions that we think may be of interest to you;
  • to help and advise you during your search for a new job;
  • to provide you with information about general trends on the job market;
  • to request your feedback on our services; and
  • to comply with our obligations to our principals when you are offered a job.

The legal grounds for this is your consent.

If you have not provided the requested personal data, then we may not be capable of providing you with assistance in the context of your search for the right job.

3.3 We process your personal data to carry out statistical analyses for the purposes of improving our website, products, and services or of developing new products and services.
The legal grounds for this is legitimate interests (specifically, freedom of enterprise).

3.4 We save your personal data (albeit anonymously) for scientific research.
The legal grounds for this is legitimate interests (specifically, freedom of enterprise).

3.5 We process your personal data to safeguard our legal interests and the legal interests of our partners or third parties if and when your registration via our website or other communication channels can be considered to be (a) a violation of any of the applicable terms and conditions for use, intellectual property rights, or any rights held by third parties; (b) a danger to the safety or integrity of our website or other communication channels; (c) a danger to the website, other communication channels, or underlying systems of our subcontractors as a result of viruses, Trojan horses, spyware, malware, or any other form of malicious code; or (d) hateful, obscene, discriminatory, racist, defamatory, vindictive, abusive, or inappropriate or illegal in any other way whatsoever.
The legal grounds for this is legitimate interests (specifically, the right to fraud protection).

3.6 We process your personal data to send you newsletters per post and per email.
The legal grounds for this processing is your consent or, if you are a customer, legitimate interests, specifically freedom of enterprise.

4. Recipients:

  • technical processors upon whom we rely for support (e.g. a service provider or hosting partner);
  • ​principal, in the context of our selection, development, or recruitment activities. All candidate data provided by CFR to the principal are exclusively intended for the principal and the limited group of people who are also involved in the decision-making process.  The further communication of this confidential information or the careless storage thereof is the principal’s responsibility.  The principal also undertakes to do everything possible to safeguard the confidentiality of the data so that the candidates are not disadvantaged in their professional career;
  • Police and other law enforcement agencies, if we are required to share your personal data with them.

5. Location

We process your personal data within the United States and the local office's country.

6. Storage period

Your personal data are stored for the following periods:

  • general contact data: five years after the last meaningful contact
  • applicant management: three years
  • direct marketing: five years after the last meaningful contact
  • Preventing and combating fraud: one month, unless these data are used in legal proceedings.

Naturally, we will store your personal data in compliance with all possible legally obligatory periods and any prescriptive periods that may apply. For example, this is seven years for invoices.

7. Security

7.1 We will take the necessary technical and organisational measures in order to safeguard your personal data from illegal access, inappropriate use, illegal release, unauthorized changes, and theft, as well as from unintentional loss, manipulation, or destruction. Only employees or third-party processors who must have access to your personal data may consult these. Moreover, they are bound by strict confidentiality rules.

8. Your rights

8.1 Right of access
If you want to review any of the personal data we have about you, then you may do so by exercising your right of access.

CFR will provide you with an overview of the personal data that we store about you that is as complete as possible. We can already confirm that there are no special categories of personal data stored (such as race, ethnic origin, data concerning health, data concerning sexual orientation, etc.).

You can get a copy of the personal data that are collected (for candidates after a feedback session).

8.2 Right to rectification
If changes must be made to your personal data (such as name, address, email address, etc.), then you can always have this corrected or completed.

8.3 Right to erasure
If you are of the opinion that we have processed certain personal data illegally, i.e. without having a proper purpose for this, then you may request to have your personal data erased.

8.4 Right to restriction of processing
If your personal data is incorrect, and you have requested that these be corrected, or you are of the opinion that we have processed your personal data illegally, then you can request to restrict the processing thereof.

8.5 Right to data portability
If you wish, you have the right to request that we transfer to you directly or to a third party all the data that you have personally provided to us. The GDPR stipulates several restrictions with regard to this right, so that it may not be applicable in all cases. Naturally, this will be studied on a case-by-case basis.

8.6 Automated individual decision-making
Some data processing and processes are fully automated without any human interference. However, we do not make any use of this concerning the processing of your personal data.
Should this still be the case and if you are opposed to such a fully automated process, then you have the right to object to this so that your personal data will no longer be processed in this manner.
There are several exceptions to this right, which must also be studied on a case-by-case basis.

8.7 Retraction of consent
When your personal data are processed on the basis of consent, you are entitled to retract this consent at any time. We will then be required to erase your personal data.

If you would like to exercise one or more of these rights, then please do not hesitate to contact, clearly specifying which right you would like to exercise.

Please note that you are also entitled to submit a complaint to the supervisory authority at any time. Naturally, we request that you discuss your complaint with us first in order to find a quick solution.


When we make changes to our Privacy Policy, we will specify the date on which the changes were implemented at the bottom of this page.

This Privacy Policy was last updated on 26 November 2018.