OUR PRIVACY STATEMENT
We process this personal data in accordance with the applicable EU and Member State regulations on data protection in particular, the General Data Protection Regulation No 2016/679 (the “GDPR”).
HOW DO WE USE YOUR PERSONAL DATA?
We will always process your personal data based on one of the legal basis provided for in the GDPR Articles 6 and 7). In addition, we will always process any sensitive personal data, in accordance with the special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate services and products and/or comprehensive terms and conditions of employment:
- · to inform you about our purchasing policies and business terms;
- · to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;
- · to manage our contractual relationship with you;
- · to uphold our legal and employment responsibilities to you;
- · to ensure business continuity;
- · to notify you about changes to our service(s);
- · to notify you about changes to your terms and conditions of employment;
- · We will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this and that your consent is sought. We will keep your personal data only as long as it is necessary for us to comply with our legal and employment obligations, to ensure that we provide an adequate service, and to support the business activities of Caulmert Ltd. (Article 5 and 25(2) GDPR).
WHAT TYPES OF PERSONAL DATA DO WE USE?
HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 ff. GDPR).
We share the personal data of employees with companies which provide services on our behalf, including such financial services as life assurance, pension and private health care companies. We also share the personal data of clients with companies which provide sub-contracting services on our behalf.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Such disclosures may involve transferring your personal data out of the European Union. Such transfer may take place for employee or business management purposes by the Company. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.
OUR RECORDS OF DATA PROCESSES
We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
We will retain your personal information for as long as it is necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY AUTHORITIES
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
PROCESSING LIKELY TO RESULT IN HIGH RISK TO YOUR RIGHTS AND FREEDOMS
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organisational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
YOUR RIGHTS REGARDING YOUR PERSONAL DATA WE HOLD
Access – to the personal data we hold on you. You have the right to request a copy of any information that the company holds on you. You may make a request to the admin department for the information held on you, and the admin department can only provide you with that information. We have one month to respond to that request. If requests are excessive, we reserve the right to charge a reasonable fee.
Rectification – the correction of personal data e.g. when the data held is incorrect, incomplete or out of date.
Erasure – you can request the deletion or removal of personal data in specific circumstances e.g. where you have withdrawn consent to hold data.
Restriction – you can request that data can only be processed in certain circumstances.
Data Portability – you can request to obtain and re-use your personal data for your own purposes across different services.
Objection – you have a right to object to the processing of personal data concerning you based on legitimate interests or on grounds relating to your particular circumstances, when certain legal conditions apply.
Profiling – you have a right not to be subject to automated decision making, including profiling based on the processing of your personal data.
If you intend to exercise such rights, please refer to the contact section below.
LINKS TO OTHER SITES
We may propose links from our Website or emails to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.