1.1. To run our business, we collect and use personal data or individually identifiable information (also referred to as “personal data”) from employees, customers, suppliers or other third party stakeholders (such as agents, consultants, visitors of our website).
1.2. We are committed to safeguarding these personal data and handle it in compliance with applicable data protection and privacy laws applicable from time to time, including, where applicable as from 25 May 2018, compliance in the European Union with the General Data Protection Regulation (or “GDPR”).
1.3. The purpose of this policy is to further explain why and how we will handle personal data, in light of new requirements under GDPR.
1.4. The legal entity which is responsible for the processing (also known as the “controller”) will depend on the circumstances. It will be either the entity which is the employer (for employees), the entity with which you or your employer have a commercial and/or contractual relationship (for representatives/contact persons of prospects, customers and suppliers) or the entity in charge of the website you are visiting (for website visitors).
This policy does not apply to any information processed about legal entities.
2.1. We collect basic identification information about individuals with whom we interact, such as the name, title, position, company name, email and/or postal address and the professional fixed and/or mobile phone number. This information may either be directly provided by you or provided by the legal entity for whom you work (e.g. if you are the contact person designated by your employer to manage your relationship with us).
2.2. For employees, candidates, former employees, contingent workers and as the case may be temporary workers and consultants (“Staff”), we collect additional personal data for identification purposes, in order to perform our contractual obligations or because required by legal requirements.
Examples of the types of personal data that we may process about our Staff include:
If and when national registry number, social security number or local equivalent is collected, stored and processed such processing is only done when legally required and for no longer than required.
For prospective employees, personal data is either obtained directly from you or from recruitment agencies to which you would have provided or otherwise made available those data.
2.3. In case of website visitors, our web server automatically collects non-personally-identifiable information. Typical information collected includes the domain name of your Internet access provider, the Internet protocol (IP) address used to connect the visitor's computer to the Internet, the visitor's browser type and version, operating system and platform, the average time spent on our site, pages viewed, information searched for, access times and other relevant statistics. We only use this information in the aggregate to measure the use of its sites and to administer and improve them. Some of the pages of the web site may also deposit certain bits of information called "cookies" in a visitor’s computer. See further under Section 8 to learn more on the “cookies” we generally use.
3.1. We will only process personal data for a specific purpose and to the extent relevant to achieve that purpose.
3.2. Personal data will only be processed based on one of the following legal grounds:
Examples of such ‘legitimate interests’ are:
4.1. Access to personal data is only granted to members of our personnel who need it in order to perform their tasks. All such members of personnel must comply with the internal rules and processes in relation to the processing of personal data to protect them and ensure their confidentiality. They are also required to follow all technical and organisational security measures put in place to protect the personal data.
4.2. We have also implemented technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures are being implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, with particular care for sensitive data.
5.1. Within our Group we may transfer personal data to our members of personnel (within the limits indicated in Section 4 above) and other companies of the group to which we belong. Such other companies will either act as another controller or will only process personal data on behalf and upon request of the controller (thereby acting as a so-called “processor”). In all cases, the personal data will continue to be processed only for the originated purposes and insofar as reasonably necessary.
5.2. We may also transfer personal data to third parties outside our Group to complete a legitimate purpose, to the extent they need it to carry out the instructions we have given to them. Such third parties may include:
When use of third parties providers, thereby acting as “data processors”, we will enter into an agreement to process this information in accordance with applicable data protection and privacy laws, including GDPR where applicable.
5.3. The personal data transferred within or outside our Group may also in certain instances be processed in a country outside the European Economic Area ("EEA"), which covers the EU Member States, Iceland, Liechtenstein and Norway. Non-EEA countries may not offer the same level of personal data protection as EEA countries. If your personal data are transferred outside the EEA, we will therefore put in place suitable safeguards to ensure such transfer is carried out in compliance with the applicable data protection rules.
6.1. We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
6.2. Request to have personal data removed from our databases, can be made by following the procedure described in Section 7 below, which we will review and address as set out therein.
7.1. You have a right of access to your personal data as processed by us. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction thereof. We will promptly correct any such information.
You also have the right to:
You also have the right to lodge a complaint with a supervisory authority responsible for data protection.
7.2. To exercise the above rights, you may send an email to firstname.lastname@example.org, with a recto-verso scan/copy of your identity card or passport for identification purpose.
We will address such requests, withdrawal or objection as required under the applicable data protection rules.
If you are not satisfied with how we process your personal data, please let us know and we will investigate your concern.
7.3. In the interests of keeping personal data properly up to date and accurate, we may ask you periodically to review and confirm the personal data we hold about you and/or to inform us of any change in relation to your personal data (such as a change of address or, for employees, a change in family composition or marital status).
8.1. A cookie is a text file which may be placed on your device when visiting our website. It contains information that is collected from your device and sent back to the website on each subsequent visit so as to remember your actions and preferences over time.
8.2. Generally, a cookie assigns a unique number to the visitor that has no meaning outside the assigning site. This technology does not collect an individual visitor’s identifying information; rather, this information is also in an aggregate form. The purpose of this technology and the information it provides is again to help us improve the web site and your use of it. Most web browsers allow the user to deny or accept the cookie feature. However, please note that cookies may be necessary to provide you with certain features (e.g. customized delivery of information) available on the web site. At any moment you can change the settings applicable to the cookies (i.e. a message that alerts you of the sending of cookies on your computer) by modifying the navigation parameters of your internet browser (Internet Explorer, Firefox, Chrome, Safari or Opera). In this case, be aware that it is possible that you cannot subscribe to our website anymore or use other functions that need the subscription or the collection of information.
This policy may be subject to amendments. Any future changes or additions to the processing of personal data as described in this policy affecting you will be communicated through an appropriate channel, depending on how we normally communicate on our policies and their amendments.