logo
  • Home
  • About Us
  • Case studies
  • Services
    • IT Project Management
    • IT Program Management
    • Cloud Cost Management (FinOps)
  • Blog
  • Contact

Quilyx B.V. Privacy Policy

Effective Date: 2023-05-11 Last updated: 2026-05-28

This Privacy Policy explains how Quilyx B.V. (“Quilyx”) collects, uses, shares, and protects personal data in connection with its IT staffing and intermediary services, its website, and its candidate and freelancer placement activities. Quilyx is committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Dutch law.

1. Data Controller Contact

Quilyx B.V. is the data controller responsible for the personal data described in this policy.

  • Quilyx B.V.
  • Rijnzathe 12, 3454 PV De Meern, Utrecht, The Netherlands
  • General email: info@quilyx.com
  • Data rights and privacy queries: gdpr@quilyx.com
  • Telephone: +31 30 401 0422

Quilyx is an SNA-certified intermediary and operates in compliance with the Wet Toelating Terbeschikkingstelling Arbeidskrachten (WTTA).

2. Personal Data Collected

Depending on your relationship with Quilyx, Quilyx may process the following categories of personal data:

  • Identity and contact data: name, email address, telephone number, and professional location.
  • Professional data: curriculum vitae, work history, education, skills, certifications, hourly or salary expectations, and availability.
  • Assignment and engagement data: details of the roles, projects, and assignments you are matched to or placed in.
  • Correspondence data: the content of emails and other communications exchanged with Quilyx.
  • Website and technical data: IP address, device and browser information, and cookie data (see Section 11).

Quilyx does not routinely process special-category data (such as data revealing health, racial or ethnic origin, religious beliefs, or trade union membership). You are asked not to include such information in your CV or other documents you provide.

3. How Data Is Collected

Quilyx collects personal data in the following ways:

  • Directly from you, for example when you contact Quilyx, submit a CV, or respond to an opportunity.
  • Via assignment and vendor emails sent to a shared Quilyx mailbox, hosted on Microsoft 365, which may contain candidate and assignment details.
  • From publicly available professional sources, such as LinkedIn and other professional networking platforms.
  • Automatically through your use of the Quilyx website, by means of cookies and similar technologies.

4. Purpose of Processing

Quilyx processes personal data for the following purposes:

  • To provide IT staffing and intermediary services, including matching candidates and freelancers to assignments.
  • To read and structure inbound assignment information and to assess the suitability of candidates for available roles.
  • To communicate with you about opportunities, applications, and engagements.
  • To manage contractual relationships with candidates, freelancers, and clients.
  • To comply with legal and regulatory obligations.
  • To maintain, secure, and improve the Quilyx website and services.

5. Legal Basis

Quilyx relies on the following legal bases under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR): where you have given consent, for example to be contacted about opportunities or to have your profile processed for matching. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Legitimate interest (Art. 6(1)(f) GDPR): where you proactively seek placement, Quilyx has a legitimate interest in processing your data to identify and present suitable assignments, balanced against your rights and freedoms.
  • Performance of a contract (Art. 6(1)(b) GDPR): where processing is necessary to enter into or perform a contract with you or with a client.
  • Legal obligation (Art. 6(1)(c) GDPR): where Quilyx must process data to comply with a legal duty, including obligations arising under the WTTA and tax law.

Where consent is relied on for certain processing, declining or withdrawing consent is likely to reduce the likelihood of a successful referral.

6. Sharing and Disclosure

Quilyx shares personal data only where necessary and on an appropriate legal basis. Quilyx may share personal data with:

  • Potential clients, in order to present candidates for suitable positions.
  • Clients with whom candidates are placed.
  • Other recruitment agencies and intermediaries, where relevant to a placement.
  • Reference holders named by the candidate.
  • Service providers, such as IT support and hosting providers, who act on Quilyx instructions.
  • Email and productivity providers, in particular Microsoft (Microsoft 365), which hosts the Quilyx mailbox within the EEA and acts as a processor under a data-processing agreement.
  • Professional advisers, such as legal and accounting advisers.
  • A purchaser or successor, in the event of a sale or transfer of business or assets.
  • Public authorities, where required by law.

Service providers and other processors are required to take appropriate security measures and generally may not use the data for their own purposes.

7. International Transfers

Quilyx stores candidate personal data and performs all AI and language-model inference locally on Quilyx infrastructure within the Netherlands and the European Economic Area (EEA). No candidate data is sent to third-party cloud AI services. Where any transfer of personal data outside the EEA were to occur, Quilyx would ensure that an appropriate safeguard under Chapter V GDPR (such as an adequacy decision or standard contractual clauses) is in place.

8. Data Security

Quilyx implements appropriate technical and organisational measures to protect personal data, including:

  • Encryption of personal data at rest.
  • Access controls limiting access to personal data to authorised personnel.
  • Logging and audit of access to and processing of personal data.
  • Regular backups of data.
  • A documented data-breach procedure, including notification to the affected data subject and to the Autoriteit Persoonsgegevens where legally required.

Candidate data received by email is initially received and held in the Quilyx mailbox on Microsoft 365, a cloud email service hosted within the EEA and operated by Microsoft as a processor under a data-processing agreement. Once ingested into Quilyx systems, all candidate personal data is stored, and all AI and language-model inference is performed, locally on Quilyx infrastructure within the Netherlands and the EEA. No candidate data is sent to third-party cloud AI services.

9. Data Retention

Quilyx retains personal data only for as long as necessary for the purposes for which it was collected, or as required by law. As a general principle, data is deleted or anonymised once it is no longer needed.

For candidates and freelancers, Quilyx retains personal data for 12 months from the date of last contact, after which it is deleted or anonymised, unless a longer period is required by law or a separate agreement is in place.

10. Your Rights under GDPR

Subject to the conditions set out in the GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data (the right to be forgotten).
  • Restrict processing.
  • Object to processing, including processing based on legitimate interest.
  • Data portability.
  • Withdraw consent at any time, where processing is based on consent.

To exercise these rights, contact gdpr@quilyx.com. Quilyx will verify your identity before fulfilling a request, in order to protect your data. Quilyx aims to respond to requests within 30 days.

You also have the right to lodge a complaint with the supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

11. Automated Processing and AI-Assisted Matching

Quilyx uses automated techniques, including locally-run AI and language-model processing, to support its recruitment activities. In particular, Quilyx uses these techniques to read inbound assignment emails, to extract structured details from them, and to score and explain how well a candidate profile matches an assignment.

These automated outputs assist human recruiter judgment. They do not produce decisions with legal or similarly significant effects about a candidate without human involvement. A human recruiter reviews and decides on candidate matching and referral, in line with the safeguard in Article 22 GDPR.

Where automated processing is used in this way, you have the right to:

  • Obtain human intervention in the processing.
  • Express your point of view.
  • Contest an outcome.

Where consent is relied on for some of this processing, declining is likely to reduce the likelihood of a successful referral.

All such AI and language-model inference is performed locally on Quilyx infrastructure within the Netherlands and the EEA, and no candidate data is sent to third-party cloud AI services.

12. Cookies

The Quilyx website uses cookies, managed through a consent banner. These include necessary cookies, functional cookies, analytics cookies, and advertising or targeting cookies. You can manage your preferences through the consent banner and your browser settings. Necessary cookies are required for the website to function.

13. Changes to Policy

Quilyx may update this Privacy Policy from time to time to reflect changes in its practices or legal requirements. The “Last updated” date above indicates when the policy was last revised. Material changes will be communicated where appropriate.

14. Processing of Candidate and Freelancer Data

This section provides additional detail on how Quilyx processes the personal data of candidates and freelancers.

14.1 Scope

This section applies to individuals whose data Quilyx processes for the purpose of matching and placing them in IT assignments, whether they applied directly, were identified through public professional sources, or appeared in assignment correspondence.

14.2 Data Collected

Quilyx may collect identity and contact data, professional data (CV, work history, skills, certifications, availability, and rate expectations), and assignment-related data. This data is collected directly from the candidate, via assignment and vendor emails sent to a shared Quilyx mailbox, and from publicly available professional sources such as LinkedIn.

To apply the principle of data minimisation, uploaded documents are redacted so that identifiers not needed for matching (such as home address, private telephone number, date of birth, and BSN) are stripped. Original uploaded files are not retained after processing.

14.3 Purpose

Quilyx processes candidate and freelancer data to assess suitability for assignments, to match and present candidates to clients, and to manage the placement relationship.

14.4 Legal Basis

Quilyx relies on consent, legitimate interest, performance of a contract, and legal obligation, as described in Section 5. You may withdraw consent at any time.

14.5 Sharing

Quilyx shares candidate and freelancer data with potential clients and other recipients as described in Section 6, only where necessary for the purpose of a placement.

14.6 Retention

Quilyx retains candidate and freelancer data for 12 months from the date of last contact, after which it is deleted or anonymised. Original uploaded files are not retained, and redaction is applied as described in Section 14.2.

14.7 Candidate Rights

Candidates have all the rights set out in Section 10. The right to erasure also removes the candidate’s data from Quilyx internal processing logs. Quilyx will verify identity before fulfilling a request and aims to respond within 30 days.

14.8 Planned Developments

Quilyx is planning an anonymised public job board, which will not contain client or broker identifiers, and a candidate self-upload facility. These features are planned and will be subject to this policy and applicable law when introduced.

    Share

    Contact us

    Do you have questions or would you like to learn more about our services? We are happy to assist you. Feel free to contact us via our phone number or send us an email. We are here to answer all your inquiries. Whether it’s for advice, a quote, or just some additional information, we look forward to hearing from you.

    • +31 30 401 0422
    • info@quilyx.com
    Jeffry Turfboer - IT Programme Manager

    Let’s connect

    Would you like us to reach out to you? Send us your details and we’ll get back to you as soon as possible. Click the button below to go to our contact form. We look forward to connecting with you.

    Contact form

    Quilyx

    Pages
    • Home
    • About us
    • Services
    • Case studies
    • Blog
    • Contact
    • Privacy policy
    Services
    • Home
    • About us
    • Services
    Social media
    Contact Quilyx

    Address
    Rijnzathe 12
    3454 PV Utrecht
    Phone number
    +31 30 401 0422
    E-mail
    info@quilyx.com

    Copyright © Quilyx B.V. 2026. All Rights Reserved.

    Quilyx® is a registered trademark with EUIPO certificate number 018894588