This privacy policy seeks to tell you everything you need to know about how Compliplus Limited (“Compliplus”, “we”) protect the personal data we process and control relating to you (“your personal data”; “your data”) and what rights you have in relation to the processing of your personal data.
1. HOW DOES COMPLIPLUS PROTECT YOUR PERSONAL DATA?
Compliplus attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with Compliplus, your personal data is in good hands.
Compliplus protects your personal data in accordance with applicable laws and our data privacy policies. In addition, Compliplus maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
Which categories of personal data do we collect and how do we process such personal data?
We collect personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If the data we collect is not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how it will be used.
Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
If you provide us with personal data of another person (for instance, a potential employee/referral), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with Compliplus.
The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
For which purposes and on which legal basis do we use your personal data?
Compliplus uses your personal data only where required for specific purposes as outlined in the table below;
Legal Basis for Using Personal Data | |
Managing our contractual and/or employment relationship with you. | Necessary for the performance of a contract to which you are a party. |
Recruitment. | Justified on the basis of our legitimate interests for ensuring that we recruit the appropriate employees |
Facilitating communication with you (including in case of emergencies, and to provide you with requested information). | Justified on the basis of our legitimate interests for ensuring proper communication and emergency handling within the organization |
Operating and managing our business operations. | Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations |
Complying with legal requirements. | Necessary for the compliance with a legal obligation to which we are subject. |
Conducting accident or incident investigations | Necessary for the performance of a contract or business arrangement |
Representing you or your company when dealing with your client or regulatory authorities | Necessary for the performance of a contract or business arrangement |
Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use). | Justified on the basis of our legitimate interests of avoiding non-compliance and protecting our reputation. |
Improving the security and functioning of our website, networks and information | Justified on the basis of our legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure. |
Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within Compliplus and/or to provide a better user experience. (more details on how we run analytics on our website can be found in our cookies policy). | Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations. |
Marketing our products and services to you (unless you objected against such processing, as further described in the section “How do we use personal data for marketing purposes?” below. | Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business. |
Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity. Please contact us if you wish to obtain further information on this balancing test approach.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
Who has access to your personal data?
Access to your personal data within Compliplus will be limited to those employees who have a need to know the information for the purposes described in this global privacy statement, which may include personnel in HR, IT, Compliance, Safety, Quality, Training, Legal, Finance and Accounting. All employees within Compliplus will generally have access to your business contact information (e.g. name, position, telephone number and e-mail address).
Furthermore, where there is a need, Compliplus may share your personal data with third parties, such as service providers and public authorities. Before doing so, Compliplus takes steps to protect your personal data. Any third-party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws.
Will we share your personal data with third parties?
We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Compliplus’ internal policies.
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.
What about sensitive data?
We do not generally seek to collect sensitive data (also known as special categories) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.
The term “sensitive data” refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
What about data security?
We maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
We adopt security measures to protect your personal data.
Regarding your use of our websites, you should understand that the open nature of the internet is such that information and personal data flows over networks connecting you to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
Where will your personal data be processed?
We process the majority of data at our office and at client sites.
How long will your personal data be retained by us?
We will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
Which rights do you have with respect to the processing of your personal data?
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by cont