This Privacy Statement of SDH Executive Search B.V., which has its registered office at Paijensweg 1, Nijmegen, the Netherlands, is in force from May 2018 onwards. Previous versions have ceased to have effect. 

SDH’s Data Protection Officer is Kasper Houben. He can be reached by email at

Your privacy is important to SDH!

This Privacy Statement sets out various aspects of our information policy, ranging from the type of information we collect and keep to the manner in which we use, exchange or otherwise process that information. 


  • Objective and lawfulness of the processing of personal data
  • Collection of personal data
  • Use of personal data
  • Exchange of personal data
  • Recording and protection of personal data
  • Protection of the rights and property of SDH and others
  • Data breach notification procedure 
  • Retention period
  • Questions about privacy and access to your data
  • Complaints 
  • Amendments

Objective and lawfulness of the processing of personal data

We are an executive search agency and look for suitable candidates for job vacancies with our clients. For this purpose we make use of our database containing the personal data we have collected about candidates and potential candidates. 

This database is used for the following objectives:

  • To locate and contact you quickly when a suitable job vacancy occurs.
  • After obtaining your consent, to recommend you to our clients on the basis of the data we have collected. 

The lawfulness of the collected data is based on the consent of the persons concerned.  If you, as data subject, do not consent to the processing of your personal data, SDH cannot enter you in the database and you will not be included in any selection procedures or informed about possible job vacancies in the future.  If you decide to revoke your consent, SDH will remove you from the database and you will once again no longer be eligible to take part in selection procedures or be notified of possible future vacancies. 

Collection of personal data

Data can be supplied by you to us directly, for example in the form of a CV. This may be provided specifically for a vacant job or in order to be eligible for future positions or open applications. The data listed in your CV, including your own amplification and additions as well as our notes on our contact with you and the result of taking up any references you have provided, are processed by us and entered in our database. In specific cases we may supplement the data we have collected on you with information obtained from public sources and social networks such as LinkedIn and Facebook. 

Use of personal data

Personal data in our database are used by SDH staff to determine whether a match may possibly exist with a job vacancy with one of our clients.  If a possible match exists, one of our staff will contact you as a potential candidate to exchange initial information. In the event of mutual interest, an appointment will be scheduled for a meeting by one of three methods (face to face, Skype or conference call). Following this contact, we may draw up a candidate profile setting out our findings from our talk with you and describing you as a candidate.

We also use your personal data to send you mailings if you have consented to this.

Exchange of personal data

If you decide to proceed with the follow-up procedure, your CV will be submitted to the client together with any candidate profile we have drawn up.

Each contract concluded between a client and SDH contains a provision requiring the client to handle your personal data carefully and confidentially in accordance with the provisions of the General Data Protection Regulation (GDPR). At a later stage of such a procedure, SDH may engage an assessment agency, whether at the request of the client or otherwise. Such assessment agencies too are reminded of their responsibilities under the GDPR.

If the client is located outside the European Economic Area (EEA), SDH will disclose your data only after establishing that Articles 44-48 of the GDPR have been complied with or in accordance with Article 49, if you, as data subject, have explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards.

Recording and protection of personal data

We regard the protection of your personal data as important! As SDH, we have implemented physical, administrative and technical security measures to protect your personal data from unauthorised access, unauthorised use and unauthorised disclosure. We have made agreements with our staff on how this is to be achieved.

In addition, we have concluded detailed processing contracts with both our database supplier and our IT supplier to guarantee the security of the personal data in accordance with the provisions of the GDPR. 

Businesses and clients with whom we work are also required to ensure that personal data supplied by us are protected from unauthorised access, unauthorised use and unauthorised disclosure. However, SDH is not responsible for the compliance by these third parties with the privacy legislation. SDH therefore accepts no liability whatever for any loss or damage resulting from the use of your personal data by parties to whom they have been supplied after you have given your explicit consent.

Protection of the rights and property of SDH and others

We reserve the right to disclose your personal data if we are required to do so by law, if we consider that disclosure is necessary to protect our rights or those of others, in order to comply with a judgement of a court or tribunal, a court order or legal proceedings involving our websites. 

Data breach notification procedure

A data breach occurs where the security of your personal data is infringed. 

This is the case, for example, if an organisation allows unauthorised access to personal data or destroys, alters or releases personal data. A data breach occurs not only where data leak or are released but also where data are processed unlawfully. Under the GDPR there is a duty of notification in the event of a data breach. This means that SDH’s Data Protection Officer must notify the Dutch Data Protection Authority as quickly as possible, but in any event within 72 hours, of every data breach that seriously jeopardises (or has a significant chance of jeopardising) the protection of personal data. The data subject too will be notified if the data breach seems likely to adversely affect his or her privacy. The Data Protection Officer keeps a record of incidents involving data breaches.

Retention period

Your personal data and any additions are kept in our database during a 15-year period to enable us to provide a service in future.

Questions about privacy and access to your data

If you have a question about this Privacy Statement and/or about how your data are handled by SDH, you may contact us as follows: 

by post: SDH Executive Search, Paijensweg 1, 6523 MB Nijmegen

or by email:

If you wish to inspect the data SDH holds on you, to obtain a copy of the data you have supplied to SDH or to alter your data or remove them from the database, you can also indicate this by email. Before we release data to you or alter or remove data, we may possibly request you to provide a proof of identity.  We will reply to your request within four weeks.


If you have a complaint about how SDH processes your personal data, you can notify SHD’s Data Protection Officer by email at

If this does not produce the desired result, you can also lodge a complaint with the national supervisory authority – the Data Protection Authority. You can do so by clicking on the following link:


SDH reserves the right to alter and/or supplement this Privacy Statement. Naturally this would be done in accordance with the provisions of the GDPR.