✔ Data stored in EU   ✔ Fast verification process   ✔ Safe and secure (ISO)

EN / NL

Privacy Statement – version 2026.1

1.    Introduction

This Privacy Statement informs you, as a data subject, about the reasons why and the way in which Validata Group BV, trading as: DISA Global Solutions (hereinafter: ‘DISA’) handles your personal data when screening candidates. This statement applies to all processing of personal data in the context of a screening performed by DISA. This statement does not cover data processed through the website www.disa.com/nl/en. For more information about this topic, please click on this link.

DISA processes personal data on behalf of the initiator of the screening (our client, most often your future employer). The information provided in this document does not replace the duty under article 13/14 GDPR of DISA's client as the data controller to provide transparency on the processing of personal data.

employee working on a laptop

2.    Why does DISA process personal data?

DISA is specialised in screening individuals by means of a digital screening process. We process your personal data in order to perform a screening of relevant data at the request of a client. 

 

3.    What is DISA’s role under the GDPR?

DISA is the data processor in the context of the processing of personal data within the meaning of the GDPR. This means that we process data on behalf and for the purposes of the organisation that requested the screening for you: the client (often your future employer).

We recommend reviewing the client's privacy notice and screening policy. As a data controller, the client is best positioned to explain to you why you are being screened and why each of the screening components was chosen.

Our contact details are:

DISA Global Solutions 
Address – Apollolaan 151, 1077 AR Amsterdam
Telephone - +31 880 502 100
Email – info@emea.disa.com
Chamber of Commerce no. 34346504

DISA has a Data Protection Officer ('DPO') who is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The DPO can be contacted via privacy@emea.disa.com

 

4.    On what legal basis does DISA process personal data?

The client determines the legal basis for screening. In some cases, for example, screening may be required by law; in other cases, the organisation requesting your screening has a legitimate interest. You can find more information about the legal basis of processing in the client's privacy statement. 

 

5.    What personal data does DISA process?

For each screening, DISA processes the following personal data, which we receive from you or from our client: 

  • Data concerning your name and address, gender, email address and telephone number. 

In addition, depending on the client's screening policy and the resulting components of the screening, the following personal data and/or documents may be processed: 

  • Curriculum Vitae (CV);
  • Date of birth, Place of birth, Nationality;
  • Identity document: passport, (Dutch) identity card or Dutch document for foreigners;
  • Driving license;
  • Certificate of Good Conduct (Verklaring Omtrent Gedrag ‘VOG’);
  • Data concerning your educational background;
  • Data concerning your work experience;
  • Data provided by referees;
  • Data from sector and/or professional registers;
  • Data concerning your financial situation; including data from your bank account, the register of persons under guardianship, data from the insolvency register, the ratio of your personal financial liabilities to your earnings or assets, and your credit rating;
  • Data from declarations you have made, or from your integrity statement:
    • data concerning outside activities and/managerial positions;
    • data concerning circumstances that cast doubt on your reliability, competence or integrity;
    • data concerning convictions for a criminal or corporate offence or being treated as a suspect in an inquiry into a criminal or corporate offence;
  • Data concerning legal entities: legal status, business information, financial information and/or managerial powers;
  • Data from social media and/or public sources;
  • Data from international terrorist watchlists, politically exposed persons (PEP) lists and sanctions lists, and;
  • Data relating to additional documents that are gathered, verified or checked at the request of our client, such as a payslip, confidentiality statement, landlord statement, employer's statement, disciplinary law statement (Verklaring Onderwerping Tuchtrecht ‘VOT’) and/or a code of conduct. 

 

6.    From whom does DISA receive personal data?

In order to perform specific components of a screening or to verify data, DISA receives personal data from the following parties:

  • you;
  • our client;
  • data suppliers in the context of performing a screening;
  • relevant educational institutions (within and/or outside of The Netherlands);
  • relevant sector and/or professional registers, such as the BIG register (for healthcare professionals);
  • employers and/or other persons submitted by you as referees. 
     

7.    With whom does DISA share personal data?

In order to perform specific components of a screening or to verify data, DISA shares the necessary personal data with the following parties: 

  • data suppliers;
  • relevant educational institutions (within and/or outside of The Netherlands);
  • relevant sector and/or professional registers, such as the BIG register (for healthcare professionals);
  • employers and/or other persons submitted by you as referees;
  • our client.

In principle, you will also receive a copy of the screening report. However, as the customer is the data controller, they will make the final decision on whether or not to share a copy with you, in accordance with their own screening policy. 

 

8.    With which data suppliers are personal data shared?

DISA has concluded agreements with its data suppliers that set out arrangements to ensure a correct and secure processing of your personal data. DISA's data suppliers are: 

  • DUO
  • Nuffic
  • Qualifícation Check
  • Mitek Systems
  • Company.info*
  • DataExpert
  • Chamber of Commerce
  • iCOVER
  • Surepay
  • Creditsafe
  • Freshdesk
  • Public registers

*Depending on the checks selected, personal data may be processed by Focum for the purpose of conducting the screening.

We offer our clients the option of conducting a screening that includes credit checks for the purpose of entering into an employment relationship. This screening looks at possible payment problems. If you agree to this, your personal data will be provided to Focum for the purpose of obtaining a credit information report. The results will be included in a screening report that we share with our clients. Information about the processing of personal data by Focum can be found here at https://www.focum.nl/privacyverklaring-focum-uitgebreid. This also explains how you can exercise your rights, such as the right to access, object, and erasure.

 

9.    Are special categories of personal data processed?

In some cases, DISA processes special categories of personal data. This depends on which components are included in the screening. The components of the screening have been determined by the client based on its policies, taking into consideration the potential risks associated with a specific job, a membership, specific work activities, or with the rental or sale of a home. Prior to the screening, you will be informed about the (special categories of) personal data that need to be processed. DISA may also process criminal data on the instructions of clients.  

 

10.    Processing identity document (ID document)

DISA processes identity documents to enable our client to meet its legal obligation to verify a person's identity. This involves checking the authenticity of a scan of the identity document based on a number of security features. In addition, the document number is checked to establish that the document has not been reported stolen or missing. 

 

11.    Is submitting to the screening mandatory? 

You have the right not to be screened. Chances are though, that this limits your chances to enter upon a new agreement or position that requires a screening. If you object to (all or parts of) the screening or have any questions, please contact the client. After all, the client has determined the composition of the screening in its policy. 
 

12.    Are my data secure?

DISA has taken appropriate technical and organisational measures to protect personal data against loss or any form of unlawful processing.

 

13.    How long will my data be stored?

Personal data is retained by default for 90 days after completion of the screening. After 90 days, personal data are deleted, unless the client has a different retention period for storing personal data with DISA.  

The ID document and driver's license are retained by default for 14 days after completion of the screening.
 

14.    Will my personal data be transferred to other countries within or outside of the EEA?

DISA processes your personal data within the European Economic Area (EEA). Under certain circumstances, (all or parts of) your personal data may be transferred to a 'third country' outside of the EEA. This is the case, for example, if you are based in third country outside of the EEA, or if the client, a data supplier, or another party with whom we share your personal data, is based in such a third country. 

 

15.    Please be advised of your (privacy) rights:

As a processor, DISA will forward all requests from data subjects to the client (the controller). You can also send your request directly to the client.

  • Right of access: To access the personal data gathered on you by DISA, please login via your personal account at DISA.  
  • Right to rectification: To request changes or additions to the personal data gathered on you, please send an email to DISA.
  • Right to erasure ('right to be forgotten'): You can request DISA to erase your personal data from DISA's systems; for example, if DISA no longer needs the personal data in the context of the business activities agreed with the client.
  • Right to restriction of processing: You can request DISA to (temporarily) stop processing your personal data.
  • Right to object: You can object to the processing of your personal data.
  • Right to lodge a complaint: If you have a complaint about our services, you can lodge a complaint with DISA to our department Support via support@global.disa.com

Please also be advised that you can lodge a complaint with the Dutch Data Protection Authority about how the client or DISA handles your personal data.

If you have any queries concerning the above matters, please contact our department Support via support@global.disa.com.