Privacy Policy

ICNC people (Iconic People Holland B.V., KvK 87347652, Emmaplein 2, Amsterdam) is a Dutch manpower consulting firm specialising in the cross-border mobilisation of skilled technical specialists. We process personal data as part of our core operations — and we take that responsibility seriously.

This policy sets out what personal data we collect, why we collect it, how long we keep it, and what your rights are. It covers three groups of people whose data we process:
— Website visitors — people who use icncpeople.com
— Candidates — technical specialists who register or submit their profile for potential placement
— Clients and business contacts — professionals at organisations we work with or seek to work with

If you have questions about this policy or how we handle your data, contact us at privacy@icncpeople.com.

This policy is reviewed annually. Where changes are material, we will notify affected individuals directly.

Who this covers: Anyone who visits icncpeople.com, uses the contact form, or submits a candidate profile via the website.

What we collect
When you visit our website, we collect only what you actively provide through our contact or candidate submission form:
—Name, company, role, and contact details (from the contact form)
—Name, email, phone, LinkedIn profile URL, and CV (from the candidate form)

Please, read our cookie policy for further information.

Why we collect it
—To respond to your enquiry or assess your candidate profile
—To contact you about a relevant placement opportunity (candidates only)

Legal basis
Art. 6(1)(b) GDPR: processing is necessary to take steps at your request prior to entering into a contract (for candidates).
Art. 6(1)(f) GDPR: legitimate interest in responding to business enquiries (for clients and general contact).

How long we keep it
Contact form submissions: we retain your details for up to 12 months from the date of your enquiry, unless a business relationship develops.

Candidate submissions that do not lead to a placement: we retain your profile for up to 2 years from the date of submission. We will contact you before this period expires to confirm whether you would like your profile to remain active.

Who this covers: Technical specialists who submit a profile via icncpeople.com, respond to a direct approach, or are referred to us by a sourcing partner.

What we collect
To assess your suitability for placements and manage your deployment, we collect the following categories of personal data:
— Identity details: full name, date of birth, place of birth, nationality, second nationality
— Contact details: personal email address, mobile phone number, LinkedIn profile URL
— Work history and qualifications: CV, job titles, professional experience, certifications
— Right to work: passport number, expiry date, country of issue, permit or visa type and number, permit expiry date
— Tax and payroll: BSN number (Dutch tax ID), IBAN, BIC/SWIFT code, bank name, loonheffingskorting preference, 30% ruling status
— Address details: country and city of residence, Dutch address or temporary home country address, BRP registration details
— Emergency contact: name, relationship, phone, email, address of your nominated emergency contact

Why we collect it
We collect this data to fulfil our employment, payroll, and immigration obligations as your employer of record, and to manage your deployment with our clients. Specifically:
— To verify your identity and right to work in the Netherlands
— To prepare and issue your employment contract
— To process your salary and comply with Dutch payroll and tax obligations (loonheffing, Belastingdienst)
— To manage your IND immigration process and permit applications
— To coordinate your placement with the assigned client (role-relevant details only)
— To comply with UWV reporting obligations
— To ensure we can reach your emergency contact if needed during deployment

Legal basis
Art. 6(1)(b) GDPR: performance of your employment contract with Iconic People Holland B.V.
Art. 6(1)(c) GDPR: compliance with legal obligations under Dutch and EU law (immigration, tax, employment law).
Art. 6(1)(f) GDPR: legitimate interest in coordinating your deployment with the assigned client (limited to role-relevant details).

We do not rely on consent as the primary legal basis for processing employment and payroll data. Where the onboarding form includes consent checkboxes, these relate specifically to the sharing of role-relevant data with the client to whom you are assigned. You may withdraw this consent at any time without affecting the lawfulness of processing already carried out.

Who we share your data with
Your personal data may be shared with the following parties, under strict controls:
— The assigned client: role-relevant professional details only (name, qualifications, work history, contact details for site coordination). We do not share financial, permit, or health information with clients.
— Dutch authorities: IND (Immigration and Naturalisation Service), Belastingdienst (Dutch Tax Authority), and UWV, as required by law.
— Payroll processors and HR software providers: operating under GDPR-compliant data processing agreements.
— Our legal and immigration advisors: where required to process your permit or advise on your employment situation.

We do not sell your data. We do not share your data with third parties for marketing purposes.

International data transfers
Where your data is transferred outside the European Economic Area (EEA) — for example, to process permit applications in your country of origin — we ensure appropriate safeguards are in place in accordance with GDPR Chapter V. This includes standard contractual clauses where required.

How long we keep it
For the duration of your employment with Iconic People Holland B.V., and for a maximum of two years thereafter, after which data is deleted or anonymised in accordance with GDPR Art. 5(1)(e) (storage limitation).

Some categories of data — such as payroll records — are subject to longer statutory retention periods under Dutch law (Belastingdienst requires a minimum of 7 years for financial records). In these cases, we retain only what is legally required and restrict access accordingly.

Who this covers: Named contacts at client organisations, prospective clients, and other business professionals we interact with.

What we collect
— Name, job title, company name
— Work email address and phone number
— LinkedIn profile URL (where shared)
— Notes from meetings, calls, or correspondence relevant to managing the business relationship

Why we collect it
— To manage our commercial relationship and deliver our services
— To send relevant communications about our service lines, sector developments, or compliance updates
— To fulfil contractual obligations under client service agreements

Legal basis
Art. 6(1)(b) GDPR: performance of a contract to which you or your organisation is a party.
Art. 6(1)(f) GDPR: legitimate interest in managing our business relationships and communicating with professional contacts.

How long we keep it
We retain business contact data for the duration of the client relationship and for up to 3 years thereafter, unless you ask us to delete it sooner or a longer period is required for legal or contractual reasons.

Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data. These rights apply to all groups covered by this policy.

— You may request a copy of the personal data we hold about you. Right of access
— You may ask us to correct inaccurate or incomplete data. Right to rectification
— You may ask us to delete your data where there is no legitimate reason for us to continue processing it. Note that this right may be limited where we are required to retain data by law. Right to erasure
— You may ask us to limit how we process your data in certain circumstances. Right to restriction
— You may ask us to provide your data in a structured, machine-readable format, or to transfer it directly to another organisation. Right to data portability
— You may object to processing based on legitimate interests (Art. 6(1)(f)). We will consider your objection and stop processing unless we have compelling legitimate grounds that override your interests. Right to object
— Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. Right to withdraw consent

To exercise any of these rights, contact us at privacy@icncpeople.com. We will respond within one month of receiving your request. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include access controls, encryption of data in transit, and restricted internal access on a need-to-know basis.

All workers who handle personal data receive onboarding guidance on data handling responsibilities. Documents classified as GDPR-sensitive are handled in accordance with our internal data protection procedures.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform affected individuals without undue delay where required under GDPR Art. 33–34.

The data controller responsible for your personal data is:

Iconic People Holland B.V.
KvK 87347652
Emmaplein 2, Amsterdam, the Netherlands
privacy@icncpeople.com
icncpeople.com

We do not have a designated Data Protection Officer (DPO) at this stage. All privacy-related enquiries should be directed to privacy@icncpeople.com.

This policy was last updated in April 2026. We review it annually and whenever our data processing activities change materially. The current version is always available at icncpeople.com/privacy-policy.

Where changes affect candidates or workers, we will notify them directly via email.