We also process personal information as data processor on behalf of our customers (please see “Ascertra as Data Processor” below).
The Site is not intended for or directed at children under the age of 16 years and we do not knowingly collect information relating to children under this age.
Ascertra adheres to EU and Canadian statutes and regulations which govern the protection of personal data, including the Canadian Personal Data and Protection of Electronic Documents Act (“PIPEDA”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
PERSONAL INFORMATION WE COLLECT ABOUT YOU
We collect personal information that you voluntarily submit to us, such as your name and contact details, when you register with us, use our Site, or otherwise interact with us in the course of our business activities.
The categories of personal data you may provide includes:
- first and last name;
- job title and company name;
- email address;
- phone number;
- mailing address;
- password to register with us;
- your personal or professional interests;
- any other identifier that permits us to make contact with you.
We may also collect certain personal information automatically, including in relation to how you access and use the Site, technical information regarding the device you use to access the Site and the way in which you interact with our newsletters (such as whether you open these). We also automatically record telephone calls when you contact our customer services team by phone.
We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.
We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.
We do not collect any “special categories” of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
HOW WE USE YOUR PERSONAL INFORMATION
Under data protection law, we can only use your personal information if we have a proper reason, eg:
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal information for and why.
What we use your personal information for
Customise our Site and its content to your preferences based on your selected preferences or on your use of our website
—your consent as gathered for our cookies ‘Cookies and similar technologies]’ below
To send you marketing and promotional content
For our legitimate interests to promote our business to prospective, existing and former customers. This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
To send you information regarding changes to our policies, other terms and other administrative information such as reminders, technical notices, updates and security alerts.
Depending on the circumstances:
To enable you to register on the Site and access restricted areas, and sign up to our newsletters.
It is in our legitimate interest to provide our services to you and to register you at your request.
Protecting the security of systems and data used to provide the services
To comply with our legal and regulatory obligations
To respond to queries and provide you with information and materials that you request from us.
It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to maintain good customer relations.
To occasionally monitor emails which you send to us or which we send to you.
It is in our legitimate interest to carry out occasional spot checks or audits of such emails to ensure compliance with applicable law and regulation, professional standards and our internal compliance policies.
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant.
To comply with our legal and regulatory obligations
To share your personal information with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency
Depending on the circumstances:
To enforce legal rights or defend or undertake legal proceedings
Depending on the circumstances:
ASCERTRA AS DATA PROCESSOR
We collect and process personal information on behalf of our customers in the provision of our services. In these circumstances, Ascertra is acting as a data processor and our customer remains the data controller in respect of personal information they provide to us.
To the extent that we are acting as data processor, we will process such personal information in accordance with our customer’s instructions and any agreement in place with our customer. Ascertra will only use such personal information for the purposes of providing the services for which our customer has engaged us.
Our customer is responsible for ensuring that the privacy of individuals whose personal information they are processing is respected, including communicating to these individuals in their own privacy policies with whom the individual’s personal information is being shared and by whom it is being processed.
As a data processor, Ascertra may share personal information where instructed by our customers (the data controller). We will refer any request from an individual for access to personal information which we hold about them to our customer. Ascertra will not respond directly to the request.
Ascertra will retain personal information which we process on behalf of our customers for as long as needed to provide services to our customer and in accordance with any agreement in place with our customer.
We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving our Site and developing new products and features. We may also share such anonymised information with others.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
We will store the personal information we collect about you for no longer than necessary for the purposes set out above in accordance with our legal and contractual obligations and legitimate business interests.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.
We retain personal information for up to six (6) years after we cease providing services to you where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.
SHARING YOUR PERSONAL INFORMATION
We share your personal information with the following categories of recipients (as required in accordance with the uses set out above):
- Service providers: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, CRM, web hosting, or website analytics services.
- Professional advisors: we may share your personal information with our lawyers, accountants, insurers and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
- Business partners: we may share your personal information (such as contact details) with our business partners where this is necessary in the normal course of our business.
- Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
- Law enforcement agencies: including courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
- Other members of our group: we may share your personal information with our affiliates (for example, where they provide services on our behalf) or where such sharing is otherwise necessary in accordance with the uses set out above.
We will take steps to protect your personal information where we need to share it with others. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
MARKETING AND ADVERTISING
From time to time we may contact you with information about our products and services, including sending you marketing messages and asking for your feedback on our products and services.
Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
You can opt-out of receiving marketing communications at any time by clicking on the unsubscribe link at the bottom of our marketing emails.
We also participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your online browsing history and your interests. To do this, we or our advertising partners may collect information about how you use or connect to the Site, or the types of other websites, social media services, content and ads that you (or others using your device) visit or view or connect to our Site so that we or our advertising partners may play or display ads on the Site, on other websites, apps or services you may use, and on other devices you may use.
To learn about interest-based advertising and how you may be able to opt-out of some of this advertising and to limit some third party advertising cookies, you may wish to visit:
- Your Online Choices (http://www.youronlinechoices.com/)
- Network Advertising Initiative (http://www.networkadvertising.org/)
- Digital Advertising Alliance (http://www.aboutads.info/consumers)
KEEPING YOUR PERSONAL INFORMATION SECURE
We implement appropriate technical and organisational measures, including encryption, to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers. We will never send you unsolicited emails or contact you by phone requesting your account ID or password.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION
Where we share your personal information with our group companies, your personal information will be transferred to and stored in countries outside of the European Economic Area (“EEA”) where our group members are located, such as Canada and the United states.
Many of our external third party service providers and business partners are based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data (such as Canada);
- entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under the GDPR;
- under the EU-U.S. Privacy Shield Framework which enables U.S. business to self-certify as a means of complying with EU data protection laws;
- use of international data transfer agreements approved for use in the UK which give personal data the same protection it has in the UK.
In the absence of appropriate safeguards as referenced above, we will only transfer personal data to a third country if (as permitted under Article 49 GDPR)) you have provided explicit consent to the transfer, or the transfer is necessary for (i) the performance of our contractual engagement with you, or (ii) the establishment, exercise or defence of legal claims.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
- Right of access. You have the right to obtain access to your personal information.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
- Right to object. You have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.
- Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
COOKIES AND SIMILAR TECHNOLOGIES
LINKS TO THIRD PARTY SITES
Our Site may, from time to time, contain links to and from third party websites, including those of our business partners, advertisers, news publications and affiliates. If you follow a link to any of these websites, please note that these websites have their own terms and conditions and privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
Please contact us if you have any queries or concerns about our use of your personal information (see below ‘Contacting us’). We hope we will be able to resolve any issues you may have.
CHANGES TO THIS POLICY
NOTICE TO YOU
By email: firstname.lastname@example.org