Privacy Statement

for use Johan.nl - APP

wave

Click here for the English version

English version

Privacy statement for the use Johan.nl - APP

With the Johan Portal you can work on your own sustainable employability or in your role within the organization to shape sustainable employability.

Johan takes your privacy very seriously. This privacy statement tells you what information we store about you and for what purpose. In the following summary we explain the most important points. We ask you to read this privacy statement before creating an account, so that you know our conditions.


Summary

  • With your Johan account you can access all kinds of products and services that can help you in the field of sustainable employability. These products and services are usually offered to you through your employer, training institute or industry organization. If you create a Johan account, it is always your choice. Nobody can force you to create an account. Which products and services you would like to use is also your choice. Your provider may not force you to buy products or services.
  • The data you collect or enter yourself is yours alone. By default, we do not share this data with anyone, not even the person who offers you the account. If you share personal data (e.g. with a coach), you always do so yourself and give the person concerned explicit permission to do so via your Johan account.
  • When you create a Johan account, we ask for your name, cell phone number and your (private) e-mail address, among other things. We use your mobile number to make your account secure. (2 factor authentication.)
  • Your account is personal: it is yours and yours alone. You can keep your account at any time, throughout your career. Even if you no longer have a relationship with the person who offers you this account. (For example, if you leave your current employer.) You always have the right to cancel your account.
  • You can always review the data stored in the Johan Portal or have it changed if it is incorrect.
  • The person offering you the Johan account may wish to use anonymized data for group reports , management information or scientific research. If that is the case, it will be mentioned in the terms and conditions / privacy statement. This is only statistical information. This data is always anonymous and can never be traced back to you.
  • If the additional services in the Johan Portal have their own terms and conditions, we will inform you explicitly when you are about to use those services. We find it important that additional services are in line with Johan's privacy policy and require this from their suppliers.
  • If you create an account, we make every effort to store your data securely so that only you can access it and no one else. For this we have taken all kinds of technical and organizational measures. Johan is ISO-27001 certified. This is the most important international standard for information security. Twice a year, our security policy and all security measures are audited by an independent institute. On request we will send you the details of this.

Our full privacy statement can be found below.


1. General

  1. This privacy statement applies to the use of the website at https://app.johan.nl, hereinafter referred to as the "Johan Portal."
  2. Johan B.V. takes the privacy of its users very seriously. Information that we process about you (hereinafter referred to as 'personal data') is treated with the utmost care and security. This privacy statement is designed to tell you, as a user of the Johan Portal, which personal data is collected and how we have ensured that it is as secure as possible.
  3. Johan B.V. provides you with a personal account that you own personally. Creating a Johan account is your choice.

    It may be that JOHAN actively offers the account, because your employer, training institute or trade association (henceforth called: the SUPPLIER) wants to make you an offer for questionnaires, content and services in the field of Sustainable Employability (DI), that you can use personally. The SUPPLIER can do this in cooperation with other providers. These providers are the suppliers of the said questionnaires, content and services (henceforth referred to as "PRODUCTS").

    If a SUPPLIER wants to offer you PRODUCTS, the name of the SUPPLIER is explicitly mentioned before you create an account. You can then decide whether you want to accept the offer from the SUPPLIER and create an account. If you already have a Johan account, you can accept the offer from the SUPPLIER with your existing Johan account.

    The creation of an account is voluntary. The OFFER may never force you to create an account.
  4. Part of your personal account is your personal safe. This is a secure digital safe in which your data is stored that you collect through the use of PRODUCTS. For example, the answers to a questionnaire, the advice of a professional or readings from a PMO (preventive medical examination).
  5. Johan B.V. is within the meaning of the law "General Data Protection Regulation" (AVG) the data controller for processing your personal data necessary for providing and maintaining your personal account. (Which data this is, is stated in article 3.1.)
  6. When you purchase PRODUCTS on the JOHAN Portal, personal data may also be collected with these PRODUCTS. This can happen in two ways: (1) by you entering this personal data independently, for example as answers to questionnaires; (2) by professionals adding personal data to your personal safe.

    Unless otherwise stated in the privacy statement of the PRODUCTS, Johan B.V. together with the provider of those PRODUCTS is responsible for processing personal data. Johan can act as an independent data controller or as a joint data controller in cooperation with the provider. This data is stored in your personal safe. (Which data this is, can be found in articles 3.6 and 3.7.) For personal data that is collected through PRODUCTS, Johan B.V. concludes an adequate agreement with each provider. This means that you can always contact Johan to exercise your rights. (Such as access to your personal data, rectification, suspension of processing or removal of your account).
  7. If your APPLICANT has supplied your name and email address (and possible additional personal data such as your function or department) to Johan B.V. for the purpose of offering you a Johan account, Johan B.V. acts as a processor of this personal data. Johan B.V. concludes a processing agreement with each SUPPLIER that sets out privacy protection measures and the required information security. (Which data this is, is further described in art. 3.2 and 3.3.)
  8. Johan B.V. is located at Debbemeerstraat 25, 2131 HE in Hoofddorp and is registered with the Chamber of Commerce under number 67386377. Questions about this Privacy Statement can be sent to privacy@johan.nl.

2. Consent to the processing of your personal data

  1. This privacy statement applies to the processing of personal data that you voluntarily entrust to Johan B.V. for the purpose of creating your personal account and keeping it available.
  2. To use the Johan Portal, you give us your unambiguous consent to process your personal data.
  3. The starting point is that providing personal data to us is not mandatory. You always have the choice whether or not to use the Johan Portal and whether you want to use the PRODUCTS offered by the Johan Portal. By using the Johan Portal, you give us your explicit permission to process your personal data.
  4. Additional privacy policies may apply to the use of PRODUCTS. When additional terms apply, they are explicitly issued by the party from whom you purchase the PRODUCT and your explicit consent is required for their use. In the PRODUCT privacy statement you will find the personal data it collects and the purposes for which it is used. When you are offered PRODUCTS you can decide whether you want to use them or not.

3. What personal data do we store and for what purpose?

  1. Personal contact information. To register your personal account, enter your first name, last name, date of birth, gender, mobile phone number and self-selected email address. We advise you to use your private email address so that you can always keep your Johan account separate from your ADDRESS.

    We use your mobile number to keep your account secure with 2-factor authentication. (This is done with an extra verification code when you sign up. That code is sent to you by SMS or another authentication method).

    We use your name, date of birth, gender, mobile phone number and email address to contact you and verify your identity in case of a support request. We only contact you when it is necessary for the provision of services. For example, when you submit a support request or if there are essential changes to the Johan Portal. Your e-mail address is also used within our password recovery procedure.

    Your date of birth and gender may be used to calculate scores for various questionnaires in PRODUCTS. These scores can then be calculated without you having to share your date of birth and gender with the provider of those PRODUCTS. The PRODUCT provider has no access to the personal data you provide us. So not even your gender or date of birth.

    The purposes mentioned in this paragraph are determined by Johan. Johan is responsible for processing this information. For you this means that you can claim your rights as mentioned in article 8.
  2. Business contact information. Your SUPPLIER creates a mailing list in the Johan Portal in which your first name, last name, (work) email address and possibly department, function or other characteristics of you as an employee (or student) are entered. This information is used by your SUPPLIER to invite you to create a Johan account and to offer you PRODUCTS. Which data this is, you can see when you accept the SUPPLIER. We also recommend that you review the privacy policy of the SUPPLIER in advance. This should be provided to you by the SUPPLIER through the Johan Portal. So you can read the privacy statement of the SUPPLIER before you decide to accept the offer of the SUPPLIER.

    Your SUPPLIER is the data controller for your business contact data and the mentioned characteristics. In case of questions about this data, (e.g. inaccuracies), please contact your SUPPLIER.
  3. Who offers you the Johan Portal. When you create a Johan Account, we record which SUPPLIER offered the account to you. We do this so that the SUPPLIER can offer you the PRODUCTS they make available to you.
  4. Login attempts. The Johan Portal records some information in a log file when you visit the website, including all login attempts, date and time, and your IP address. The reason for this is to see where the attack came from in case of attacks. This data is not used further.

    Note: Johan is the data controller for the data in this paragraph. For the processing of IP addresses Johan invokes the legitimate interest, as referred to in AVG article 6 (1) paragraph f.
  5. 5. Cookies. The Johan Portal uses functional cookies with a session ID to remember who is logged in and a technical cookie for website security. No analytical cookies and/or tracking cookies are used within the Johan Portal. This is one of the measures we take to ensure your privacy with respect to click and surfing behavior on the Johan Portal.
  6. Data that you enter independently when using PRODUCTS. For example: answers and scores on questionnaires about your vitality, development, career, functioning, work stress, lifestyle, working conditions, health, et cetera. This data is stored to give you insight into your own functioning.

    If there are additional purposes, they will be mentioned in the privacy statement of the supplier of the PRODUCT. You give explicit permission for this when you use a PRODUCT. That privacy statement is shown when you use the PRODUCT concerned (for the first time).

    Unless otherwise specified in the privacy statement that accompanies the PRODUCT, Johan and the professional have determined the purpose and means of this processing and are jointly responsible for the processing of this data. For you this means that you can claim your rights as listed in art. 8, both with Johan and with the relevant professional. For the processing of data where there is a joint responsibility, Johan B.V. concludes a processing agreement with the provider concerned.

    PRODUCTS that you activate / purchase are registered with the provider by whom the product is offered. Your SUPPLIER (employer, training or industry institute) has no access to which PRODUCTS you purchase.
  7. Data that professionals add to your personal account. If you purchase PRODUCTS in which professionals are involved, these professionals can add data to your personal account. This concerns advice and/or results from, for example, occupational health and safety experts, trainers, coaches, career counselors, psychologists, (para)medics, etc. It may also include physical measurements (blood pressure, blood values, heart rate, etc.). This data is stored to give you insight into your own functioning.

    Unless otherwise specified in the privacy statement issued by the professional, Johan and the professional have determined the purpose and means of this processing and are jointly responsible for processing this data. For you this means that you can claim your rights as listed in article 8, both with Johan as with the professional concerned.

    Note: Professionals only give advice if you have asked for it. They only receive information that you give them of your own accord. If you purchase PRODUCTS in which professionals are involved, it is possible that they ask for your contact information or other data that are necessary for the performance of their work.

4. Purposes and data limitation.

  1. Personal data that you add in principle to the Johan Portal is only used by Johan to create your personal account and to be able to keep it available, according to the retention periods in article 7 ("Retention period, return and destruction of personal data").
  2. Your SUPPLIER does NOT have access to the personal data mentioned in article 3, except for the provisions of article 3.2.
  3. Your personal data will not be used for purposes other than those named in Articles 3 and 4.1.
  4. The overarching purpose of processing your personal data on the Johan Portal is the same for all PRODUCTS: To provide you with insight into your own sustainable employability and to offer you opportunities to improve your own sustainable employability. It may be that by taking PRODUCTS, personal data is processed that has an additional or more specific purpose. If so, that purpose is named in the privacy statement accompanying the PRODUCTS.
  5. Your SUPPLIER may offer PRODUCTS that link to external websites. If you are directed to an external website, it is visible in the address bar of your browser: you are then no longer at app.johan.co.uk. Purposes of collecting personal data by PRODUCTS purchased on external website are beyond the scope of this privacy statement.
  6. We do not store your click and browsing habits on our website. We do not use tracking cookies or similar techniques. We do not share your personal data with third parties. We also do not provide personal data to social media platforms. We do not use Google Analytics or similar techniques on our Johan Portal.

5. Third Parties

  1. We engage third parties to perform the services, namely service providers for sending emails, SMS messages and hosting the web application and all data. Insofar as these third parties thereby process your personal data, they do so in their capacity as processors for us. We will never share more personal data than strictly necessary. (For example: for sending an e-mail, only your e-mail address will be used, nothing more).

    These third parties provide the same level of security as Johan itself. (See "security".) We periodically check whether these service providers have taken the required technical and organizational measures to ensure that your personal data is processed in accordance with this privacy statement. You can find which service providers these are at https://johan.nl/privacy.
  2. We only provide your personal data to third parties who have nothing to do with the implementation of the Johan Portal (e.g. supervisors, authorities and government agencies) if we are legally obliged to do so, for example by a court order.
  3. By default, your data is not shared with anyone else unless you give your explicit and unambiguous consent via the account management in the Johan Portal.

6. Processing within the EU

  1. Johan processes your personal data only within the European Union (EU). This is one of the measures we take to protect your personal data. (See also the following article on how we safeguard your personal data).
  2. The exception is your name and email address. We use an external service provider to send occasional e-mail messages. Only your name and email address may be processed outside the EU in this process: the transfer does not apply to other personal data we process about you. For this transfer, we have taken appropriate measures to ensure compliance with the AVG. These measures are based on the recommendations of the Personal Data Authority and include binding corporate rules.

7. Security

  1. At all times, we maintain a level of security in the processing of personal data that is considered more than sufficient, given the state of the art, to minimize risk of unauthorized access, modification, disclosure or loss of personal data to an acceptable level.
  2. We store your data exclusively on our own servers in highly secure data centers in the Netherlands. These Tier III data centers are at least ISO-27001, NEN7501 and ISO-9001 certified. The data centers are accountable to us for their security through an ISAE 3402 Type 1 and 2 report.
  3. Johan B.V. is ISO-27001 certified. This is the most important international standard in the field of information security. At least once a year an external audit of our security policy takes place. The details of our security policy are available at privacy@johan.nl.
  4. Extensive technical and organizational measures have been taken to secure personal data and protect your privacy. The measures taken by Johan B.V. include double authentication, encryption of your data, logical and physical access control, time-out procedure, privacy dashboard, etc. The complete overview of all measures is included in our "statement of applicability", which can be found on our support site.
  5. If the Johan Portal links to PRODUCTS outside the johan.nl domain, it is possible that personal data is processed there as well. In that case the security policy of Johan B.V. is not applicable. Please pay close attention to this. We are not responsible or liable for the processing of data outside the Johan Portal.

8. Retention period of personal data

  1. As a user of the Johan Portal, you are the owner of your personal account, the data required to keep it active and all personal data it contains. You always have the right to delete your personal account and all available data yourself or by Johan B.V. (the right to oblivion). Your personal account is yours and independent of the SUPPLIER you are associated with. You also have at all times the right to take your account and all data it contains with you if you end the relationship with your current SUPPLIER. For example, if you leave your current employer who offered you the Johan account.
  2. Johan B.V. stores your personal data for as long as your account is active. To keep your account active you need to log in at least once every two years. After 2 years of inactivity (read: not logging in) you will receive an email and/or SMS to check your data and to keep your account active. If you do not respond, after some time your account will be physically deleted by us. Your SUPPLIER is not authorized to delete your personal account (or have it deleted).
  3. Retention periods for data collected through the PRODUCTS of providers you use are kept in accordance with the privacy statement of the provider that has made the relevant product or service available. Depending on their purpose, retention periods may be different for different PRODUCTS. The provider determines the applicable retention period.
  4. Data automatically logged by our web servers, as described in clause 3.4, are automatically deleted from these servers periodically. This data is kept for a maximum of six months.

9. Your rights under the AVG

JOHAN B.V. acts in accordance with the requirements of the AVG. This grants you the following rights.

  1. Withdrawing your consent. As a user you are the owner of your personal data. When you created your Johan account, you gave us permission to process this personal data. You have the right to withdraw this permission. If you withdraw your permission, this means that we will delete your account and the data stored therein (as mentioned in article 3).
  2. Right of access. In your personal account you can see what personal data Johan BV has stored about you.
  3. Right of correction. You have the right to modify and supplement your data. This right relates only to facts about which there can generally be no disagreement, such as your name or date of birth.
  4. Right to be deleted and 'forgotten'. You have the right to have your data deleted and to be forgotten that way.
  5. Right of restriction. You have the right to temporarily suspend the processing of your data, for example, if you believe that your data is inaccurate or incomplete. NOTE. During the suspension you cannot use the Johan Portal.
  6. Right of Objection. You have the right to object to certain uses of your personal data, for example, if you believe that such data is inaccurate or incomplete.
  7. Right of transfer: You have the right to be able to transfer your data to another data controller. This concerns supplied data such as name and address details, questionnaire responses and/or measurements taken. This data can always be viewed in your personal account.

    For all processing for which Johan B.V. is (solely or jointly) the data controller, you can exercise your rights with us. You can do this by email (support@johan.nl), via our helpdesk (085 - 40 16 245) or by post (Johan BV, Debbemeerstraat 25, 2131 HE, Hoofddorp). We will then contact you for further identification.

    We will process your request as soon as possible. We will do this within the legal deadlines.

    For processing operations for which another party is the data controller, you can contact that party to exercise your rights. For example: for the processing of your employer data you can contact your SUPPLIER.

10. Changes

  1. Johan B.V. reserves the right to make changes to this privacy statement. The latest version of the privacy statement can be found in your personal account. Johan will actively inform you when important changes are made, so you can agree again, or choose to delete your account.
  2. Changes in the privacy policy of suppliers of PRODUCTS are beyond the scope of Johan B.V. Johan has included in its agreement with suppliers that they are obliged to inform you if there are changes in their privacy policy.

11. Reporting incidents or complaints

  1. If you feel that Johan B.V. is not abiding by this privacy statement, you can report this to our Data Protection Officer via privacy@johan.nl or via the address below. You will be contacted as soon as possible to review and resolve the issue. The Data Protection Officer has an independent position and will always handle your complaint.
  2. You can also contact the Personal Data Authority and report the complaint at https://www.autoriteitpersoonsgegevens.nl/nl/klacht.
  3. If you find that your PROVIDER or a provider does not adhere to the principles in this privacy statement or their own privacy statement, we would like you to report this to us at privacy@johan.nl. We have entered into an agreement with all parties offering PRODUCTS on the Johan Portal to ensure that everything is done properly and securely for you. In the unlikely event that this does not happen, it is also important for us to be able to take action.

12. Contact

If at any time you wish to contact us with comments or questions about this privacy statement, you may do so at privacy@johan.nl. We are always looking for ways to improve. Please feel free to share your comments or concerns with us.

JOHAN B.V.
Debbemeer Street 25
2131 HE, Hoofddorp
M: privacy@johan.nl
Chamber of Commerce: 67386377
Last update: 13-01-2022

Download the privacy statement in PDF format here

Download PDF