Employee privacy statement — template (monitoring, screening, retention)

Employee privacy statement is different from customer privacy statement. Employees have Bărbulescu protection + works council rights alongside GDPR. Mandatory sections: (1) Application phase: which data collected (CV, motivation, references), retention for rejected (4 weeks NVP), screening procedure (Google + social media + work-relevant + transparent). (2) Onboarding: BSN for payroll admin, ID copy for identification (KopieID app), bank account, contract-duration data. (3) During employment: monitoring aspects (email, location, camera) with works council consent + prior announcement + proportionality (see monitoring rules). Personnel file access. Performance review notes. (4) Occupational physician/Arbo: separated from employer, professional secrecy, only "fit/unfit" passed on. (5) On exit: retention periods (payroll file 7 years, personnel file 2 years). Reference procedure. Account handover/closure. (6) Employee rights: all 8 GDPR rights + works council complaint route. Update on monitoring change: works council consent + new statement. Fine precedent 2024: multiple businesses fined for monitoring expansions without employee information.