This Privacy Policy / Statement is meant to describe the use of Personal Data of all individuals – for whom personal data is stored and/or processed – throughout all DISA International Group’s entities, in connection with HR (=Human Resources), Planning and Finance systems and/ or procedures, as explained further below.
The following entities are part of the DISA International group (list showing entity name & country):
• DISA International Holding BV (Belgium) – this is the ‘mother’ holding company – DISA IH
• DISA België BV (Belgium)
• DISA Nederland Holding BV (The Netherlands)
• DISA Nederland BV (The Netherlands)
• C-Ventus Holding BV (The Netherlands)
• C-Ventus Offshore Windfarm Services BV (The Netherlands)
• C-Ventus Offshore Windfarm Services Ltd (UK)
• LEDI Subsea Drilling BV (The Netherlands)
• VLCV BV (The Netherlands)
• Skeye BV (The Netherlands)
• DISA Singapore PTE Ltd. (Singapore)
• DISA USA Holding Inc. (US)
• DISA USA Inc. (US)
DISA refers to one or more entities part of the DISA International Group, whereby each entity a separate legal entity is and can act as processing-responsible. The entity that acts as processingresponsible through making available the HR, Planning and Finance systems – where your personal data is stored and processed – is DISA International Holding BV, with legal seat in Ketelaarstraat 5C, 2340 Beerse, Belgium and registration number 0422 294 052.
The personal data present in those systems are managed by / used by / shared to staff working in any of the DISA entities mentioned above. Each entity is responsible for the data it inputs into the global systems.
The HR systems serve to manage personal (related) data, and provide extracts of those data towards relevant 3rd parties (e.g. salary processing services, tax authorities) in the countries where DISA employees are contracted. The main purpose of processing personal data by HR is to be able to pay employees in a correct manner (as defined per their employment contract) and other employee benefits such as insurances (e.g. accidental insurance, pension scheme etc) . Other purposes are to provide relevant communications to employees and job seekers, and to maintain a personnel record for employees.
The Planning systems serve to allow planning of project staff (both employees and externally sourced people) for work on projects run by any of the DISA Group entities. The main purpose of processing personal data by Planning is to be able to judge if an individual can be assigned to a project, based on required competencies and registrations. Another purpose is to communicate the job schedule to those individuals.
The Finance systems serve to manage Finance / Bank related data, and provide extracts of those data towards relevant 3rd parties (e.g. banks) in all countries where DISA performs contractual work for clients. The main purpose of processing personal data by Finance is to be able to pay suppliers in a correct manner (as defined in a supplier agreement / PO file / invoice).
The HR systems process personal data from former, current and future employees of all DISA Group entities.
The following categories of personal data are processed in the HR systems as well as in the Planning Systems. These systems process personal data from employees and freelancers, related to all DISA Group entities.
• Name, job title, address, email, telephone number
• Sex, date and place of birth, marital status and date of marriage, copy of ID, Next of Kin information in case of emergencies
• Employment contract, declarations (from employer and employee), medical records, training and certificates records
• Curriculum Vitae related info
• Registration / qualification info
The Finance systems process personal data from current and former employees, and freelancers (supplier or customer), related to all DISA Group entities.
The following categories of personal data are processed in the Finance systems:
• Name, address, email, telephone number
• Bank account info
• Supplier or customer code (to be used in the accounting system)
Sensitive personal data reveal your race or ethnic affiliation, political view, religious or philosophical convictions, union membership, genetic data, biometric data, health related data, sexual behaviour or sexual nature.
DISA does not intentionally collect your sensitive personal data in any system, with the exception of medical data that is required for assessing suitability of working in a certain function and/or because requested by a client to be allowed to enter the project location (e.g. for a diver); and race data can be inferred from the photo on the ID.
Access to your personal data is limited to those who require that access.
• HR staff have access to HR systems, with a section exclusively accessible to the DISA Group HR Mgr.
• Planning and Finance staff have access to Planning systems
• Finance staff have access to Finance systems.
Any 3rd party will receive your personal data only if:
• This 3rd party has a contract to process your personal data for a specific purpose (e.g. salary processor, bank), or
• If you explicitly have requested it, or
• To follow-up on a court order, or
• Because of a legal or regulatory obligation
All DISA systems are hosted on Cloud servers, which could be located in or outside Europe.
The access rights to those systems are defined as mentioned earlier. Your personal data will be processed according to the applicable legal and professional regulations in the jurisdiction where the DISA entity operates.
DISA will not transfer personal data from one jurisdiction to another, unless this is required for a specific reason, related to / which has an impact on the individual (e.g. to enable correct calculations of salaries when the individual works on projects in different jurisdictions).
The following retention periods are relevant within the DISA Group:
• For HR systems, the retention period is in accordance with the legal retention periods for each information domain. For example some of the information in the personnel file is subject to tax legislation. This means this is a tax obliged specific retention.
• For Planning systems, the retention period is linked to the deployability / usability of the people for DISA projects (as defined by actuality of registration data and/or contact data); on a yearly basis, the list of people is checked and cleaned up. This is also in accordance with the legal retention periods.
• For Finance systems, the retention period is minimally 10 years (due to legal requirements for data retention), and realistically some data cannot be removed from the database environment (because removal would corrupt the database content – e.g. index data)
DISA is committed to see to it that your personal data is safe. To prevent unauthorised access or revealing of personal data, DISA has taken technical and organizational measures to secure and protect your personal data. All DISA employees and 3rd party staff assigned by DISA to process your personal data are required to respect the confidentiality of your data.
DISA will not transfer your personal data to 3rd parties (other than the ones described under section 7), unless you have provided approval for this, or unless DISA is required to do so by law.
You have the right to request the details of your personal data that DISA has in its possession.
For confirmation that your personal data is present in the HR, Planning or Finance systems, or to gain access to your personal data, you can direct your request to privacy@disa-international.com.
You can check if your personal data is accurate and actual. You can request to
• rectify,
• remove,
• limit the processing or
• obtain a copy of your personal data
by sending an email to privacy@disa-international.com
If you are concerned about a possible violation of privacy law or any other regulation, please contact us by sending an email to privacy@disa-international.com . The relevant person at DISA will investigate your complaint and inform you on how it will be dealt with and solved.
If you are not happy about the way DISA has dealt with your complaint, you have the right to enter a complaint with the Privacy Regulator in your country. You can also refer the case to the relevant court in your jurisdiction.
If you have additional questions or worries, please contact us by sending an email to privacy@disa-international.com.