Michael Illert

Privacy Policy

Last updated: April 1, 2025

Michael Illert Executive Recruitment B.V.

Your Privacy is Important to Us

Michael Illert Executive Recruitment B.V. ("Michael Illert", "we", "us", or "our") is committed to protecting and respecting your privacy. Michael Illert Executive Recruitment B.V. is a private limited liability company registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under registration number KVK 97105805. CTART and Co-Creation Partners are brands that form part of Michael Illert.

This Privacy Statement explains how we collect, use, store, share, and protect your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection legislation. We encourage you to read this Privacy Statement carefully so that you understand our practices regarding your personal data and how we treat it.

By using our website, engaging with our services, or otherwise providing us with your personal data, you acknowledge that your personal data will be processed in accordance with this Privacy Statement.

Your Personal Data

Who Is Your Data Controller?

Michael Illert Executive Recruitment B.V. is the sole data controller within the meaning of Article 4(7) of the GDPR for all personal data processed in connection with our business activities. This means that Michael Illert determines the purposes and means of the processing of your personal data and bears responsibility for ensuring that such processing complies with applicable data protection legislation.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Statement or the processing of your personal data, you may contact us at:

Michael Illert Executive Recruitment B.V. Email: privacy@michaelillert.com

We will endeavour to respond to your inquiry as promptly as possible and in any event within the timeframes required by applicable law.

To Whom Does This Privacy Statement Apply?

This Privacy Statement applies to the following categories of individuals whose personal data we may process:

  • Website visitors who access and browse our website;
  • Clients (including prospective clients) who engage or seek to engage our recruitment and executive search services;
  • Candidates (including prospective candidates) who register with us, submit their curricula vitae, or are considered for placement opportunities;
  • Newsletter recipients who subscribe to or receive our newsletters, market updates, or other marketing communications;
  • Suppliers and service providers who provide goods or services to Michael Illert or with whom we maintain a business relationship.

When Does Michael Illert Collect Your Personal Data?

We may collect your personal data in a variety of circumstances, including but not limited to the following:

  • When you register on our website or create an account through our online platforms;
  • When you submit your curriculum vitae (CV) or resume to us, whether directly or through a third-party platform;
  • When you apply for a position or express interest in a vacancy that we are managing on behalf of a client;
  • When you visit our website and interact with our online content, including through the use of cookies and similar tracking technologies;
  • When you subscribe to our newsletters or other marketing communications;
  • When you attend or register for events, seminars, webinars, or other professional gatherings organised or co-organised by Michael Illert;
  • When you contact us by telephone, email, post, or through our website contact forms;
  • When we receive your personal data from job board partners with whom we maintain professional relationships;
  • When we receive your personal data through referral partners, including professional networking platforms such as LinkedIn and XING;
  • When we obtain your personal data from publicly available sources, such as professional directories, company websites, public registers, or social media profiles, to the extent permitted by applicable law.

What Kind of Personal Data Does Michael Illert Collect?

Depending on the nature of our relationship with you and the services we provide, we may collect and process the following categories of personal data:

A) Identification and Contact Data

Names (first name, surname, maiden name, and any preferred names), postal address, telephone number(s), date of birth, email address(es), and gender.

B) Professional and Career Data

Curriculum vitae (CV) and resume, professional background and work history, educational background and qualifications, application history, interview history and assessment notes, placement history, compensation details (current and expected remuneration, benefits, and bonus structures), and contract type (permanent, temporary, freelance, or interim).

C) Contact and Communication Records

Records of telephone conversations and phone call notes, chat records and instant messaging communications, email correspondence, and written letters or other postal communications exchanged between you and Michael Illert.

On What Legal Grounds Does Michael Illert Process Your Personal Data?

We process your personal data only where we have a valid legal basis for doing so under the GDPR. The legal bases upon which we rely are as follows:

1. Performance of a Contract (Article 6(1)(b) GDPR)

We process your personal data where this is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This includes, for example, processing your data to provide recruitment services, to match your profile with suitable vacancies, to facilitate the hiring process with prospective employers, and to manage our ongoing contractual relationship with you.

2. Legitimate Interests (Article 6(1)(f) GDPR)

We process your personal data where this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include, but are not limited to:

  • Ensuring the security and integrity of our information technology systems and infrastructure;
  • Detecting and preventing fraud, unauthorised access, and other unlawful activities;
  • Managing and improving our business operations, services, and processes;
  • Complying with legal obligations and defending or establishing legal claims;
  • Conducting internal administrative activities and reporting;
  • Retaining data as required for the purposes of legal proceedings or regulatory inquiries.

3. Consent (Article 6(1)(a) GDPR)

In certain circumstances, we process your personal data on the basis of your freely given, specific, informed, and unambiguous consent. This applies in particular to the processing of your personal data for the purposes of direct marketing, including the sending of newsletters, promotional materials, market updates, and other marketing communications. Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

Why Does Michael Illert Process Your Personal Data?

We process your personal data for the following purposes, relying on the legal grounds indicated:

  • Services in career improvement, guidance, recruitment, and coaching: We process your identification and contact data (Category A), professional and career data (Category B), and contact and communication records (Category C) in order to provide you with our recruitment, executive search, career coaching, and advisory services. This processing is based on the performance of a contract (Ground 1) and our legitimate interests (Ground 2).

  • Market research, customer retention, marketing, and sales: We process your identification and contact data (Category A), professional and career data (Category B), and contact and communication records (Category C) in order to conduct market research, maintain and develop our client and candidate relationships, and carry out marketing and sales activities, including the sending of newsletters and promotional communications. This processing is based on your consent (Ground 3).

  • Legal processes and evidence for civil proceedings: We process your identification and contact data (Category A), professional and career data (Category B), and contact and communication records (Category C) where necessary for the establishment, exercise, or defence of legal claims, or in connection with civil, administrative, or regulatory proceedings. This processing is based on our legitimate interests (Ground 2).

  • Legal obligations, regulatory compliance, and data retention: We process your identification and contact data (Category A), professional and career data (Category B), and contact and communication records (Category C) in order to comply with legal obligations imposed upon us by applicable laws, regulations, and directives, and to respond to lawful requests from competent authorities, including tax authorities, regulatory bodies, and law enforcement agencies. This processing is based on our legitimate interests (Ground 2) and, where applicable, our legal obligations.

  • Aggregated employment trend analysis: We may process your personal data in an aggregated and anonymised form for the purpose of analysing employment trends, labour market developments, salary benchmarks, and other industry insights. Where data has been fully anonymised such that it no longer constitutes personal data within the meaning of the GDPR, the provisions of this Privacy Statement shall no longer apply to such data.

With Whom Can Michael Illert Share Your Personal Data?

Michael Illert may share your personal data with third parties only where this is necessary for the delivery of our services, in pursuit of our legitimate interests, or where we are required to do so by law. We do not sell your personal data to third parties.

Specifically, we may share your personal data with:

  • Client companies: Where you are a candidate, we may share your personal data with companies that have engaged us to fill vacancies, in order to facilitate the recruitment and selection process. We will always inform you before sharing your data with a prospective employer.

  • IT and technology providers: We engage third-party service providers to host and maintain our information technology infrastructure, including our website, databases, email systems, and customer relationship management platforms.

  • Survey and research providers: We may engage third-party providers to conduct surveys, satisfaction assessments, and market research on our behalf.

  • Hosting and cloud service providers: We use reputable hosting and cloud service providers to store and process personal data securely.

All third parties with whom we share your personal data are required to provide written guarantees that they will process your personal data in accordance with the GDPR and other applicable data protection legislation, and that they have implemented appropriate technical and organisational measures to safeguard the security and confidentiality of your personal data.

International Data Transfers

In the course of our business activities, it may be necessary for us to transfer your personal data to recipients located outside the European Economic Area (EEA). Where such transfers take place, we ensure that appropriate safeguards are in place to protect your personal data in accordance with the requirements of the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs): We may rely on standard contractual clauses approved by the European Commission as a mechanism for ensuring adequate protection for personal data transferred to third countries.

  • EU-U.S. Data Privacy Framework: Where applicable, we may transfer personal data to recipients in the United States that have been certified under the EU-U.S. Data Privacy Framework or any successor framework recognised by the European Commission as providing an adequate level of protection.

  • Binding Corporate Rules (BCRs): Where our group companies or affiliated entities have adopted binding corporate rules that have been approved by the competent supervisory authority, we may rely on such rules as a basis for international data transfers.

  • Adequacy Decisions: Where the European Commission has determined that a third country or international organisation ensures an adequate level of data protection, we may transfer personal data to recipients in such jurisdictions without additional safeguards.

If you would like further information about the specific safeguards applied to the transfer of your personal data outside the EEA, please contact us at privacy@michaelillert.com.

What Is Michael Illert's Retention Policy?

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, as set out in this Privacy Statement. The applicable retention period will depend on the nature of the data, the purposes for which it is processed, and any legal or regulatory requirements that mandate the retention of certain records for specified periods.

In determining the appropriate retention period for your personal data, we take into account the following factors:

  • The nature, scope, and sensitivity of the personal data;
  • The potential risk of harm from unauthorised use or disclosure;
  • The purposes for which we process your personal data and whether we can achieve those purposes through other means;
  • Applicable legal, regulatory, tax, accounting, or other requirements that necessitate the retention of records;
  • The need to retain data for the establishment, exercise, or defence of legal claims.

When your personal data is no longer required for any of the above purposes, we will securely delete or anonymise it in accordance with our internal data retention and disposal procedures.

What Technical and Organisational Security Measures Are in Place?

Michael Illert has implemented adequate technical and organisational security measures in accordance with the requirements of the GDPR to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure.

These measures include, but are not limited to:

  • The use of appropriate and industry-standard business systems with built-in security features;
  • Technical security procedures, including encryption, access controls, firewalls, and secure data storage;
  • Restrictions on access to personal data to authorised personnel only, on a need-to-know basis;
  • Regular reviews and updates of our security practices and procedures to ensure their continued effectiveness;
  • Contractual obligations imposed on third-party processors to implement equivalent security measures.

While we take all reasonable steps to protect your personal data, please be aware that no method of transmission over the Internet or method of electronic storage is entirely secure, and we cannot guarantee absolute security.

What Are Your Rights?

Under the GDPR, you have a number of rights in relation to your personal data. These rights are set out in Articles 15 through 21 of the GDPR and include the following:

  • Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, to request access to your personal data and certain supplementary information.

  • Right to rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.

  • Right to erasure (Article 17 GDPR): You have the right to request the deletion of your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, or where you withdraw your consent.

  • Right to restriction of processing (Article 18 GDPR): You have the right to request the blocking or restriction of the processing of your personal data in certain circumstances, for example where you contest the accuracy of the data or where you have objected to the processing.

  • Right to data portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

  • Right to object (Article 21 GDPR): You have the right to object to the processing of your personal data on grounds relating to your particular situation, where the processing is based on our legitimate interests. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.

  • Right to information: You have the right to be informed about the collection and use of your personal data, including the purposes of processing, the categories of data concerned, the recipients of your data, and the applicable retention periods.

To exercise any of these rights, please contact us at privacy@michaelillert.com. We will respond to your request within the timeframe required by applicable law (generally within one month of receipt of your request). Please note that in certain circumstances, legal obligations to which we are subject may take precedence over the exercise of your rights, and we may be required to retain or continue processing your personal data notwithstanding your request.

Use of Cookies

What Are Cookies?

Cookies are small text files that are placed on your computer, tablet, smartphone, or other device when you visit a website. Cookies are widely used to make websites work more efficiently, to enhance the user experience, and to provide information to the operators of the website. Cookies may be set by the website you are visiting ("first-party cookies") or by third parties whose content or services are embedded in the website ("third-party cookies").

Types of Cookies

Our website uses the following types of cookies:

Strictly Necessary Cookies

These cookies are essential for the operation of our website. They enable core functionalities such as page navigation, access to secure areas, and the proper functioning of website features. Without these cookies, the website cannot function properly. These cookies do not collect any personal information that could be used for marketing purposes and do not remember where you have been on the Internet. Strictly necessary cookies are placed without requiring your prior consent.

Performance and Analytics Cookies

These cookies collect information about how visitors use our website, including which pages are visited most often, how visitors navigate through the site, and whether visitors encounter error messages. All information collected by these cookies is aggregated and used solely to improve the functionality and performance of our website. We use Google Analytics to collect and analyse this usage information. Google Analytics uses cookies to help us understand how visitors interact with our website, and the data collected is transmitted to and stored by Google on servers that may be located outside the EEA.

Functionality Cookies

These cookies allow our website to remember choices you make, such as your language preference, region, or other customisable settings, and to provide enhanced, more personalised features. These cookies may also be used to remember changes you have made to text size, font, and other customisable elements of the website. The information collected by these cookies may be anonymised, and they cannot track your browsing activity on other websites.

Advertising and Targeting Cookies

These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. These cookies are usually placed by advertising networks with our permission and may be used by those networks to build a profile of your interests and to show you relevant advertisements on other websites. We may use advertising and targeting cookies provided by Google, Facebook, and Zoho for these purposes.

Third-Party Cookies

Our website may contain content and services provided by third parties, including Google Analytics, Facebook Pixel, and Zoho SalesIQ. These third parties may set their own cookies on your device when you interact with their content or services on our website. We do not have control over the cookies set by these third parties. For further information about the cookies used by these third parties, we recommend that you consult their respective privacy policies and cookie statements.

Consent and Withdrawal of Consent

Your Personal Data

Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent to the processing of your personal data, or if you wish to unsubscribe from our newsletters or other marketing communications, you may do so by contacting us at privacy@michaelillert.com. We will process your request without undue delay and in any event within the timeframe required by applicable law.

Cookie Consent and Management

When you first visit our website, you will be presented with a cookie consent banner that informs you about the types of cookies we use and allows you to accept or decline non-essential cookies. You may change your cookie preferences at any time by accessing the cookie settings on our website.

In addition, you may manage cookies through your web browser settings. Most browsers allow you to view, manage, delete, and block cookies for specific or all websites. Please note that if you choose to block or delete certain cookies, some features of our website may not function as intended, and your user experience may be affected. For further information on how to manage cookies in your browser, please consult your browser's help documentation.

Supervisory Authority

If you are dissatisfied with our processing of your personal data or believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority for data protection matters in the Netherlands is:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens) PO Box 93374 2509 AJ The Hague The Netherlands Telephone: (+31)-(0)70-888 85 00 Website: https://autoriteitpersoonsgegevens.nl

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

Changes to This Privacy Statement

Michael Illert reserves the right to amend, update, or supplement this Privacy Statement at any time. Where we make material changes to this Privacy Statement, we will take appropriate measures to inform you, for example by posting a prominent notice on our website or by sending you a notification by email.

We encourage you to review this Privacy Statement periodically to stay informed about how we protect your personal data. The date of the most recent revision is indicated at the top of this Privacy Statement.

This Privacy Statement was last changed on April 1, 2025.