Purpose of This Notice

The purpose of the Privacy Notice is to provide mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing. In the UK the 2018 General Data Protection Act (DPA2018) applies to the processing of personal data. The DPA2018 Part 2 recognises and aligns to the GDPR. In this document the requirements of the GDPR will therefore be deemed to include the processing of data in the EU, EEA, and the UK unless otherwise specified.

This privacy notice, together with any other notices provided at the time of data collection, explain what personal data SIS Global collects about you, how we use this personal data, and your rights to this personal data.

Please note that this privacy notice applies to the handling of your personal data as an employee, former employee, customer, guest, or as external staff. SIS Global has additional governance and privacy requirements concerning the collection and uses of personal data.

Definition

Definitions of certain terms within this notice are explained below:

Company Refers to any subsidiary and associate company within the SIS Global Group structure.
Data Protection Laws Any laws under applicable privacy laws, rules or regulations.
Data Subject Any information relating to an identified or identifiable natural person.
External Staff Workers who are not employed by SIS Global but who have access to SIS Global’s corporate network. This could include agency temporary workers, outsourced staff, contractors, and business guests.
GDPR General Data Protection Regulation.
Personal Data Any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.
Processing Any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.

Your Rights

You have the right to request access to, a copy of, rectification of, restriction in the use of, or erasure of your data in accordance with all applicable laws. The erasure of your data shall be subject to the retention periods of applicable law. If you have provided consent to the use of your data, you have the right to withdraw consent without affecting the lawfulness of the Company’s use of the data prior to receipt of your request.

This section sets out the rights that you have as a Data Subject, by reason of the General Data Protection Regulation.

You have the following rights:

  • The right to access– You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification– You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
  • The right to erasure– You have the right to request that Our Company erase your personal data, under certain conditions.
  • The right to restrict processing– You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
  • The right to object to processing– You have the right to object to Our Company’s processing of your personal data, under certain conditions.
  • The right to data portability– You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Contact Details

If you have any questions about our processing of your personal data, you are always welcome to contact our data protection officer.

You can contact our data protection officer in the following ways:

  • By e-mail: compliance@sisglobal.com
  • On the telephone: +44 115 857 3762
  • By letter: SIS Global Group, 41 Clarence Road, Chesterfield, Derbyshire, S40 1LH, for the attention of “Data Protection Officer”.

Sources of Personal Data

We collect and process some or all of the following types of information from you:

  • Information that you provide by filling in forms on the sisglobal.com website (“Website”). This includes information provided at the time of registering to use the Website, subscribing to our Services, posting material or requesting further information or services. We may also ask you for information when you report a problem with the Website.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of all actions that you carry out through the Website and of the provision of services to you.
  • Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to our site and the resources that you access.
  • The provision of your full name and e-mail address, your employer and/or your place of work and the url of the business that you work for is required from you when you register to use our Services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

Data Protection Principles

SIS Global has adopted the following principles to govern its collection and processing of Personal Data:

Personal Data shall be processed lawfully, fairly, and in a transparent manner. The Personal Data collected will only be specifically in the following circumstances:

  • Where you have given consent to the processing of your personal information for one or more specific purposes.
  • Where the processing of your personal data is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Where we need to comply with a legal or regulatory obligation. This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure and we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  • We may also use your personal information in the following situations, which are likely to be rare:
  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest [or for official purposes].

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at compliance@sisglobal.com

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Transfer to Third Parties

We may disclose your sensitive data and other data as follows:

  • Consent: We may disclose sensitive data and other data if we have your consent to do so.
  • Emergency Circumstances: We may share your data, and sensitive data when necessary to protect your interests and you are physically or legally incapable of providing consent.
  • Employment Necessity: We may share your sensitive data when necessary for administering employment or social security benefits in accordance with applicable law or any applicable collective bargaining agreement, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
  • Legitimate Interest: We may hold and process data if there is legitimate interest in doing so, provided this interest is balanced against an individual.
  • Public Information: We may share your data and sensitive data if you have manifestly made it public.
  • Archiving: We may share your data and sensitive data for archiving purposes in the public interest, and for historical research, and statistical purposes.
  • Performance of a Contract: We may share your data when necessary to administer a contract you have with the Company.
  • Legal Obligation: We may share your data when the disclosure is required or permitted by international, federal, and state laws and regulations.
  • Service Providers: We use third parties who have entered into a contract with the Company to support the administration of Company operations and policies. In such cases, we share your data with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
  • De-Identified and Aggregate Information: We may use and disclose data in de-identified or aggregate form without limitation.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Data Security

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Updates to This Policy

We may update or change this policy at any time. Your continued use of the Company’s website after any such change indicates your acceptance to these changes.