Privacy policy – RecruitTogether
Last updated on 26 November 2025
This is the privacy policy of RecruitTogether, established in Groesbeek (hereinafter: "we", "us" or "our"). RecruitTogether operates a digital platform that connects independent recruiters and employment agencies with each other.
In this privacy policy we explain which personal data we process, for which purposes we do so, and how we handle your data with due care. This policy applies to all visitors of our website and users of the platform, including recruiters and employees of employment agencies.
We process personal data with the greatest possible care and in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR).
We recommend that you read this privacy policy carefully. If you have any questions, you can contact us using the contact details at the bottom of this policy.
How we obtain personal data
When you use our website or the RecruitTogether platform, you leave personal data with us. This may include data that can be traced back to you directly or indirectly. We only store and use the personal data that you provide to us yourself, or of which it is clear at the time of submission that it is being passed on to us for processing.
We may obtain personal data from you in the following ways:
- When you register as a recruiter or employment agency on our platform and thereby provide personal data, such as contact details;
- When you upload a vacancy as an employment agency or a CV as a recruiter, for example via your own dashboard environment;
- When you enter personal data when subscribing to our newsletter or when using other online forms;
- When you contact us by e-mail, telephone or the contact form on the website;
- When you use the platform as a user, whereby technical data is automatically generated (such as IP address, device data and browsing behaviour);
- When you provide us with personal data during a (commercial) collaboration, for example in the context of support, invoicing or communication;
- When we receive personal data via third parties, for example in the context of a collaboration or via public sources (such as the Trade Register of the Chamber of Commerce);
We assume that recruiters who enter personal data of third parties (such as candidates) have a valid legal basis for doing so and correctly inform the persons concerned about the processing via RecruitTogether.
Types and specific personal data that are processed
When you use our website or the RecruitTogether platform, we may – depending on your role and use – process the following personal data about you:
- Identification and contact data: such as your name, company name, e-mail address, telephone number and job title;
- Account and access data: such as username, password (stored encrypted), role within the platform and settings;
- Organisation data: such as Chamber of Commerce number, VAT number, sector, type of service, number of employees;
- Communication data: such as information you provide when contacting us via e-mail, telephone or contact forms;
- Invoicing and payment data: such as billing address, payment status, bank account number (if applicable), and other administrative data;
- Technical data: such as IP address, browser type, device data, session information, and data about your use of the platform (such as logged-in sessions, click behaviour, login moments);
- User interactions and preferences: such as use of specific functionalities within the platform, matching requests or settings of your account.
We only process personal data that you actively provide yourself when using our services, or that is automatically generated during your interaction with the platform.
Mandatory data and consequences of non-provision
For the platform to function correctly and for us to perform our services, it is necessary that certain personal data is provided. If you do not provide this data, we cannot offer or perform (certain parts of) our services. This concerns in particular the following situations:
- When creating an account, it is mandatory to provide a name, e-mail address and organisation name. Without this data, we cannot create a user profile or grant access to the platform.
- For some features within the platform (such as posting vacancies, searching for profiles or creating them), additional data is required, such as job information or organisation characteristics. If these are not entered, these functions may be limited or unusable.
- For payments, invoicing data such as company name, address and VAT number are mandatory. Without this information, we cannot generate invoices or process transactions.
- For the security of accounts and systems, it is necessary to process technical data, such as username, encrypted passwords and IP address. Without this data, we cannot guarantee secure access.
If you choose not to provide certain data, this may mean that you cannot use (part of) our services or the platform.
Special and/or sensitive personal data that we process
We do not intend to collect data about website visitors or other data subjects who are under 16 years of age, unless they have consent from a parent or guardian. However, we cannot verify whether a visitor is actually older than 16. We therefore advise parents to be involved in their children's (online) activities, in order to prevent data from being collected without parental consent.
If you suspect that we have processed personal data of a minor without consent, please contact us using the contact details at the bottom of this privacy policy. We will then delete the relevant information.
We do not process special categories of personal data within the meaning of Article 9 of the GDPR, such as data on health, ethnic origin, religious beliefs, criminal record or political opinions. In the context of our regular installation and maintenance services, the processing of such data does not apply, unless this is necessary on the basis of a legal obligation (for example for tax or administrative purposes).
Automated decision-making and profiling
RecruitTogether does not use automated decision-making that has legal consequences for you or otherwise significantly affects you, as referred to in Article 22 of the General Data Protection Regulation (GDPR).
Any technical tools within the platform – such as the use of an AI matching tool – are used solely to support users. All decisions about the deployment of people, vacancies or other actions are always made by authorised users, without RecruitTogether making any automated decisions.
Legal bases for processing your personal data
| Purpose of processing | Legal basis (GDPR) |
|---|---|
| Registration of users and creation of accounts: name, e-mail address, password (encrypted), company name, job title | Performance of the contract |
| Access to and use of the platform (such as posting vacancies or running searches): user data, preferences, click and interaction behaviour, session information | Performance of the contract |
| Generating AI matches between vacancies and CVs (technical processing): vacancy content, metadata about platform use, technical data (such as search parameters and click behaviour) | Legitimate interest (optimisation and service provision) |
| Customer communication, support and service (e.g. e-mail or contact form): name, e-mail address, telephone number and the content of your message | Performance of the contract and/or legitimate interest |
| Invoicing and administrative processing: company name, address, VAT number, invoice data, bank details, payment status | Legal obligation and/or performance of the contract |
| Security of the platform and accounts: IP address, login moments, technical device data, user role | Legitimate interest (security and abuse prevention) |
| Sending service messages or functional updates: name, e-mail address, user role | Legitimate interest (provision of information) |
| Possibly sending commercial e-mails or newsletters (if applicable): name and e-mail address | Consent and/or legitimate interest (in the case of an existing customer relationship) |
Legitimate interests
For a number of processing activities, RecruitTogether relies on legitimate interest as the legal basis (Article 6(1)(f) GDPR). In doing so, we always carefully weigh our business interests against your privacy interests. We ensure that the impact on your privacy is as limited as possible, and you always have the right to object to this processing (see also 'Rights of data subjects').
We process personal data on the basis of legitimate interest in the following situations:
- Analysing usage data to offer users relevant functionalities and a better user experience.
- Logging IP addresses, session information and technical data to prevent fraud, abuse or unauthorised access to our platform.
- Sending important updates or notifications about your account or our services (such as scheduled maintenance notices or changes to terms and conditions).
- Answering questions, following up on contact requests or processing recurring communication, even if you are not yet a formal customer.
- Sending e-mails with information about similar services to users with whom we already have a customer relationship, whereby an opt-out option is always offered.
For each of these interests, the processing is proportionate, the data remains limited to what is necessary, and appropriate technical and organisational measures are taken to protect your privacy.
Sharing personal data with third parties and any transfer outside the EU
We only share your personal data with third parties when this is necessary to provide our services, when we are legally obliged to do so, or with your consent.
In particular, we use the following categories of external service providers:
- Web hosting and platform management: to make the platform available, we use external hosting and infrastructure providers. Your account data and technical data are processed on secure servers.
- Software and IT service providers: we may use external tools for, among other things, e-mail traffic, data storage, CRM functionality and internal communication (such as Microsoft 365 or comparable services). These systems may contain personal data in the context of user management or customer service.
- Administration and invoicing: for our financial administration, invoicing and accounting obligations, we use an external party, namely our accountant. This party processes personal data exclusively on our behalf and in accordance with our instructions.
- Marketing and communication services: if you subscribe to newsletters, we may use an e-mail marketing platform (such as Mailchimp or comparable). This platform processes your name and e-mail address in order to send newsletters correctly.
We conclude data processing agreements with these parties, in which arrangements are laid down regarding the careful handling of your data and appropriate security measures.
Transfer outside the European Economic Area (EEA)
In some cases, it may happen that personal data is processed by service providers outside the EEA (for example because servers are located there). In that case, we ensure that the transfer only takes place under the conditions of the GDPR, such as:
- An adequacy decision by the European Commission for the country concerned;
- The use of Standard Contractual Clauses (SCCs) approved by the European Commission;
- Or other appropriate safeguards that guarantee an equivalent level of protection.
We never provide personal data to third parties for commercial purposes without your explicit consent.
Rights of data subjects
As a user of our platform, you have – under the General Data Protection Regulation (GDPR) – various rights with regard to your personal data. You can exercise these rights by contacting us using the contact details at the bottom of this privacy policy. We will respond to your request within two weeks at the latest.
You have the following rights:
- Right of access: you have the right to know which personal data we process about you, for what purpose, and with whom it may be shared.
- Right to rectification: you can request us to correct or supplement incorrect or incomplete data.
- Right to erasure (right to be forgotten): in certain cases you can request us to delete your personal data, for example when you cancel your account and we no longer have a legal basis to retain your data.
- Right to restriction of processing: you can request that the processing of your data be temporarily restricted, for example during the assessment of a correction request or objection.
- Right to data portability: if the processing is based on consent or performance of a contract, you have the right to receive your data in a structured, commonly used and machine-readable format and – if desired – to transfer it to another party.
- Right to object: you can object to the processing of your personal data on the basis of our legitimate interest, for example in the case of direct marketing. We will assess this objection and, unless there are more compelling interests, cease the processing.
- Right to withdraw consent: if processing takes place on the basis of your consent (for example for newsletters), you can withdraw this consent at any time. The processing up to the moment of withdrawal remains lawful.
For your safety, we may ask you to identify yourself before we process your request.
Third-party websites and social media buttons
Our website and/or the platform may contain references to websites, services or functionalities of third parties, for example via (hyper)links or embedded content. This privacy policy does not apply to the use of those external websites or services. RecruitTogether has no control over the way in which third parties handle your personal data, and therefore cannot be held responsible for it.
We advise you to always read the privacy policy of these third parties carefully before using their services.
In addition, social media buttons may be included on our website or in our communications, such as buttons to LinkedIn or other professional platforms. When you click on such a button, you are redirected to the relevant external website or app. Here too, the processing of your data falls under the responsibility of the relevant platform administrator.
Cookies & Tracking
On the RecruitTogether website we use cookies. A cookie is a small text file that is sent during your visit to the website and stored by your browser on your device (such as a computer, tablet or smartphone). On a subsequent visit, this information is automatically returned to our server, so that you can use the website more quickly and easily.
In this cookie section we explain which cookies we use and what this means for you.
Necessary cookies
We only use functional cookies. These are technically necessary for the website to function properly. Think of remembering a completed form or correctly displaying the page content.
These cookies have no impact on your privacy;
- Cannot be traced back to you as an individual;
- Do not require consent under applicable legislation (GDPR and the Telecommunications Act).
We do not use analytical cookies (such as Google Analytics) or tracking cookies that monitor your browsing behaviour for marketing or advertising purposes.
Additional remarks
If you do not want to store cookies on your device, you can disable or delete them manually via the settings of your internet browser. Please note that the website may then function less well. For more information about managing cookies, see for example: consumentenbond.nl/internet-privacy/wat-zijn-cookies.
Retention periods for personal data
We do not retain your personal data for longer than is necessary for the purposes for which it was collected. In the table below we indicate per category how long we retain your data:
| Category of personal data | Retention period | Reason |
|---|---|---|
| User accounts and registration data | Up to 2 years after last active login or account termination | For reactivation, support or follow-up of the customer relationship |
| Communication data (via e-mail or contact form) | Up to 2 years after last contact | For customer service and documentation |
| Invoicing and administrative data | At least 7 years | Statutory fiscal retention obligation (tax legislation) |
| Technical data (such as IP addresses, log data) | Maximum of 26 months | For security purposes and usage analysis |
| Newsletter data (upon subscription) | Until unsubscription or withdrawal of consent | For sending commercial messages |
| Platform usage data (such as click behaviour, interaction) | Up to 2 years after collection | For analysis and optimisation of the platform |
If you wish your data to be deleted sooner, you can submit a request via the contact details at the bottom of this privacy policy.
Newsletters and commercial communication
We may keep you informed by e-mail of relevant information about our services, for example updates about platform functionalities, new services or developments within RecruitTogether.
When do you receive e-mails from us?
- On the basis of consent: if you actively subscribe to our newsletter (for example via the subscription form on the website), we use your name and e-mail address to send you periodic messages. You can withdraw your consent at any time via the unsubscribe link at the bottom of every e-mail.
- On the basis of our legitimate interest: if you are already a customer of RecruitTogether, we may send you – without separate consent – e-mails about similar services or platform updates. These messages are functional or relevant to your use of our services. In this case too, you can unsubscribe at any time.
For sending newsletters, we may use an external e-mail service provider. If this party is located outside the European Economic Area (EEA), we ensure appropriate safeguards such as Standard Contractual Clauses or an adequacy decision by the European Commission.
At this time we do not yet use an external e-mail service provider. As soon as we select a party for this, we will adapt this privacy policy and be transparent about the identity of that party, the processing location and the safeguards taken.
Every newsletter or commercial e-mail contains a clear unsubscribe link. If you unsubscribe, you will no longer receive commercial communications. In that case, your data will only be retained for administrative purposes or, if necessary, for other legitimate processing activities (such as service communication).
Security measures
We take appropriate technical and organisational security measures to protect your personal data against loss, unauthorised access, misuse or other forms of unlawful processing. These measures are regularly evaluated and, where necessary, adapted to the state of the art and the risks of the processing.
Some of the measures we take:
- Encrypted connection (SSL/TLS): all data sent via our website or the platform runs over a secure HTTPS connection.
- Access management: access to personal data is limited to authorised employees or processors, and is protected with user roles, passwords and, where possible, two-factor authentication (2FA).
- Encrypted storage of passwords: passwords are not stored in readable form but encrypted (hashing).
- Logging and monitoring: we monitor the systems for suspicious activity and keep log files for security analysis.
- Data minimisation and rights management: we limit access to personal data to what is necessary for the intended purpose.
- Back-ups: back-ups of essential systems and data are made regularly, so that recovery is possible in the event of incidents.
Although we do everything we can to keep your data secure, no method of transmission or storage is 100% secure. Do you suspect that there is a security incident or data breach? Then contact us immediately using the contact details at the bottom of this policy.
Changes to this privacy policy
We reserve the right to amend or supplement this privacy policy from time to time. This may be necessary due to changes in laws or regulations, adjustments to our services, or technical developments on our platform.
We therefore advise you to consult this policy regularly, so that you stay informed of any changes. In the event of significant changes, we will – where possible – actively inform you, for example by e-mail or a notification on the platform.
This privacy policy was last amended on 26 November 2025.
Possibility to complain to the Dutch Data Protection Authority
If you have questions or complaints about the way we handle your personal data, we kindly ask you to contact us first. We do our best to address your concerns as quickly and carefully as possible.
If you believe that we are not acting correctly or are processing personal data in violation of the GDPR, you also have the right to file a complaint with the supervisory authority:
Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
Website: www.autoriteitpersoonsgegevens.nl
Telephone: +31 (0)88 – 1805 250
Contact details of the data controller
For questions about this privacy policy or about the processing of your personal data, you can contact us using the details below:
RecruitTogether
Registered address: Heumensebaan 33, (6561 CJ) Groesbeek, the Netherlands
E-mail: Robin@recruittogether.ai
Telephone: +31 6 2229 6123
Chamber of Commerce number: 96014083
Website: www.recruittogether.ai