HOW WE USE YOUR INFORMATION

Similar documents
Subject: Kier Group plc Data Protection Policy

UWTSD Group Data Protection Policy

DATA PROTECTION POLICY THE HOLST GROUP

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

Data Protection Policy

The British Museum. Data Protection Code of Practise. 1 Introduction

Motorola Mobility Binding Corporate Rules (BCRs)

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

UWC International Data Protection Policy

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Data Protection Policy

PRIVACY POLICY. 1. Introduction

DATA PROTECTION POLICY

Data Protection Policy

Islam21c.com Data Protection and Privacy Policy

Cognizant Careers Portal Privacy Policy ( Policy )

World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018

DATA PROTECTION POLICY

INNOVENT LEASING LIMITED. Privacy Notice

Privacy Notice. General Information Protection Regulation ( GDPR )

Website Privacy Statement

Privacy Policy GENERAL

DATA PROTECTION IN RESEARCH

Jefferies EMEA Privacy Notice

Privacy Policy Statement Last update 25 th May 2018.

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

About the information we collect We collect and process personal data including but not limited to:-

Vistra International Expansion Limited PRIVACY NOTICE

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Creative Funding Solutions Limited Data Protection Policy

PS Mailing Services Ltd Data Protection Policy May 2018

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

Privacy Notice - General Data Protection Regulation ( GDPR )

Brasenose College ICT Systems Privacy Notice (v1.2)

WEBSITE PRIVACY POLICY

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Element Finance Solutions Ltd Data Protection Policy

DLB Privacy Policy. Why we require your information

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

Policy on Privacy and Management of Personal Information

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Privacy Policy (with effect from 25 th May 2018)

We may change the privacy notice from time to time by amending this page.

Rights of Individuals under the General Data Protection Regulation

ADMA Briefing Summary March

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

We may change the privacy notice from time to time by amending this page.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

MOBILE.NET PRIVACY POLICY

Privacy Policy Wealth Elements Pty Ltd

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

Website privacy policy

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

Please note that throughout this Privacy Statement the word "website" refers to any web page hosted under the walkersglobal.com domain.

CEM Benchmarking Privacy Policy

Privacy notice. Last updated: 25 May 2018

1 Privacy Statement INDEX

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

GDPR Data Protection Policy

Contract Services Europe

Plus500UK Limited. Website and Platform Privacy Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

Introductory guide to data sharing. lewissilkin.com

Privacy and Data Protection Policy

Data Protection Policy

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

Cayman Islands Data Protection Law Guide Book

Graff Search Limited ( Graff Search ) is a recruitment agency and recruitment business.

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

NOTICE OF PERSONAL DATA PROCESSING

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

GLOBAL DATA PROTECTION POLICY

PRIVACY POLICY. 1. Scope of this Policy

TINOPOLIS PRIVACY NOTICE

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

VISTRA ZURICH AG - PRIVACY NOTICE

Motor Sports Association. Data Protection Policy

GLOBAL DATA PROTECTION POLICY

Our Data Protection Officer is Andrew Garrett, Operations Manager

Online Ad-hoc Privacy Notice

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Last updated 31 March 2016 This document is publically available at

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Transcription:

HOW WE USE YOUR INFORMATION Herold Mediatel Ltd compiles the Gibraltar Telephone Directory on behalf of Gibtelecom. Every care is taken to render this Directory as accurate as possible but neither Herold Mediatel nor Gibtelecom accept any responsibility for loss or damage which may arise from errors or omissions. Privacy Policy and Fair Processing Notices are available on www.gibtele.com and www.gibyellow.gi. How we use your data for marketing? At Gibyellow (Herold Mediatel Ltd) we believe in being upfront and open with our customers. We have recently updated our Privacy Hub to include all details regarding our Data Protection and Privacy Policy and Fair Processing Notice. This explains why we hold information about you, how we use it and look after it, making sure we store your data safely. Why do we store your details? Herold Mediatel Ltd has collected data from our Business to Business and Business to Consumer networking, our business relationship whilst conducting our directory sales, newsletters, Facebook campaigns and/or surveys we have carried out on behalf of ourselves or Business customers. We use this information to contact you, via our connections newsletters which may include information that may be of interested to you from our business customers looking to engage with other business or consumers. In the course of this we collect personal data about you, but it is limited in nature to your name, contact information and an email address. We do not sell or give your data to any third party. If you wish to review the information we hold about you please email info@gibyellow.gi. Data Protection and Privacy Policy 1. Policy Statement a. Everyone has rights with regard to the way in which their personal data is handled. During our business activities, we will collect, store and process personal data about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations. b. Data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action. 2. About this Policy a. The types of personal data that Herold Mediatel Limited ( we, our ) may be required to handle include information about current, past and prospective [advertisers, clients, customers, users, suppliers, employees] and others that we communicate with. b. The personal data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 2004-01( DPA ) and other regulations. c. This policy and any other documents referred to in it sets out the basis on which we will process any personal data we collect from data subjects, or that is provided to us by data subjects or other sources. d. This policy does not form part of any employee s contract of employment and may be amended at any time. e. This policy sets out rules on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data. f. Our Fair Processing Notice is located below ( FPN ). 3. Data Protection Terms a. data means information stored electronically or in certain paper-based filing systems. b. data controller means the organisation that determines the purposes for which, and the manner in which any personal data are, or are to be, processed. They are responsible for

establishing practices and policies in line with the DPA. We are the data controller of all personal data used in our business for our own commercial purposes. c. data processor means a third party (such as a supplier or contractor) that acts on the instructions of the data controller. We, as the data controller, remain legally responsible for processing performed by a data processor. Employees are not data processors. d. data subject means a person who is identified or identifiable from data that is in our possession or is likely to come into our possession in the future. e. data users mean those of our employees and contractors whose work involves processing personal data. Data users must protect the personal data they handle in accordance with this policy and any applicable data security procedures at all times. f. personal data means data relating to a living data subject. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour. g. processing means everything that can be done with data during its lifecycle from collection to destruction. h. sensitive personal data means information about a person s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive personal data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned. 4. Data Protection Principles a. Anyone processing personal data must comply with the eight enforceable data protection principles. These provide that personal data must be: i. Processed fairly and lawfully; ii. Processed only for a specified and lawful purpose; iii. Adequate, relevant and not excessive for the purpose; iv. Accurate and up to date; v. Not kept longer than necessary for the purpose; vi. Processed in accordance with Data Subjects rights; vii. Kept secure; and viii. Not transferred to people or organisations situated in countries without adequate protection. 5. Fair and Lawful Processing Data controller s identity and contact details; a. In the course of our business, we may collect, and process personal data received directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and received from other sources (including, for example, business partners, sub-contractors in technical, and others). b. For personal data to be processed fairly the data subject must have been provided with the FPN and the data collection cannot deceive or mislead as to the purpose of the processing. c. If we receive personal data about a data subject from other sources, we will provide the data subject with the FPN as soon as possible thereafter. d. The FPN will inform the data subject about the: e. Purpose(s) of the processing and lawful basis relied upon for storing personal data; f. Period for which data will be stored; g. Existence of rights to request access, rectification, erasure or to object to processing; h. Right to lodge a complaint with the Gibraltar Regulatory Authority ( GRA ), and GRA s contact details; T: 20074636 Email info@gra.gi i. Recipients or categories of recipients of the Personal Data; j. Intention to transfer data to another country and the level of protection in the destination country; k. Whether provision of data is voluntary or mandatory, and consequences of failing to provide the data; l. Existence of any profiling; and

m. Existence of processing activities with a high risk. n. For personal data to be processed lawfully, it must be processed on the basis of one of the legal grounds set out in the DPA. These include, among other things, the data subject s consent, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the data controller is subject, or for the legitimate interest of the data controller or the party to whom the data is disclosed. o. When sensitive personal data is being processed, additional conditions must be met. 6. Specified and Lawful Purpose a. We will ensure our GRA notification is accurate and up-to-day. b. We will only process personal data for the specific purpose(s), or in a manner compatible with the purpose(s), notified to the data subject when we first collect the personal data or as soon as possible thereafter (i.e. in accordance with the FPN provided to the data subject). c. We will only process personal data in a manner compatible with the purpose for which it was obtained. 7. Adequate, Relevant and Not Excessive a. We will ensure that adequate personal data is collected to satisfy the purpose(s) notified to the data subject, especially where the purpose(s) have an impact upon the data subject. b. We will only collect personal data to the extent that it is required for the specific purpose(s) notified to the data subject. 8. Accurate and Up-to-date a. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data. b. We will provide data subjects with the means to obtain a copy of, and correct any inaccuracies in, their personal data. 9. Timely Processing a. We will not keep personal data longer than is necessary for the purpose(s) for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required. 9. Data Subject's Rights a. We will process all personal data in line with data subjects rights, in particular their rights to i. Access to a copy of the information comprising their personal data; ii.object to processing that is likely to cause or is causing damage or distress; iii. Prevent processing for direct marketing; iv. Object to decisions being taken by automated means; and v. Have inaccurate personal data rectified, blocked, erased or destroyed. vi. We will put in place means and procedures to enable data subjects to exercise their rights without excessive delay or expense. 11. Data Security a. We will take appropriate technical and organisational security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. b. Personal data will only be transferred to a data processor if they agree in a written contract to maintain appropriate security measures. 12. External Transfers

a. We may transfer any personal data to a State (country) outside the European Economic Area ( EEA ), provided that one or more of the following conditions applies: i. The country to which personal data is transferred ensures an adequate level of protection for the data subjects rights and freedoms; ii. The data subject has given consent; iii. The transfer is necessary for one of the reasons set out in the DPA, including the performance of a contract with the data subject, or to protect the vital interests of the data subject; iv. The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims; and/or v. Adequate safeguards have been put in place to protect the rights of data subjects. vi. Subject to the requirements in this clause, personal data we hold may also be processed by staff operating outside the EEA who work for us or our suppliers and contractors. 13. Disclosure and Sharing a. We will not share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. b. We may disclose personal data we hold to third parties: i. In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets; ii. If we or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets; iii. In order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject; or to protect our rights, property, or safety of our employees, customers, or others; iv. For the purposes of fraud protection and credit risk reduction; and v. In accordance with the FPN. Direct Marketing a. We will only send direct marketing materials consistent with the recipient s consent. b. We will only make marketing lists available to third parties for direct marketing purposes within the scope of the recipient s consent. c. All direct marketing materials will include relevant particulars of the business and any promotional offer, be clearly identifiable as a commercial communication, and will provide the recipient the ability to withdraw or modify their consent. 14. Data Subject Access Requests a. Data subjects must make a formal request for information we hold about them. This must be made in writing. Employees who receive a written request should forward it to their manager immediately. b. When receiving telephone enquiries, we will only disclose personal data if the following conditions are met: i. We will check the caller s identity to make sure that information is only given to the data subject or their authorised representative. ii. We will suggest that the caller put their request in writing together with proof of identification if we are not sure about the caller s identity and where their identity cannot be checked. 15. Compliance and Disciplinary Action a. Compliance with this policy is mandatory for all our employees who process personal data. Failure to comply may result in disciplinary action up to and including termination of employment. 16. Changes to this Policy

a. We reserve the right to change this policy at any time without notice. Fair Processing Notice (Privacy Policy) 1. The following fair processing notice ( Notice ) is a broad description of the way this organisation /data controller processes personal data. 2. The Data Control Centre means: www.gibyellow.gi/contact-us 3. Consent a. You consent to the processing of your personal data in accordance with this Notice, as updated from time to time. b. You consent to your personal data being disclosed to third parties, including by sale or trade, in accordance with this Notice, as updated from time to time. c. You consent to your personal data being disclosed to third parties, including by sale or trade, in accordance with this Notice, as updated from time to time. d. You may withdraw consent at any time at the Data Control Centre. 4. Data Protection and Privacy Policy Processing is conducted in accordance with the Data Protection and Privacy Policy located at Data Control Centre. 5. Data controller Data controller ( we our us ) means: Name: Herold Mediatel Limited Registered in: Gibraltar Registration number: 89448 Registered address: 2 Irish Place, Irish Town, Gibraltar, GX11 1AA Data protection contact mail: info@gibyellow.gi 6. Data processors We use the following data processors: Serial Data processor Contact details State/ Jurisdiction Legal basis for external transfer Processing activity 1 Xcel Media Ltd www.xcel.gi Gibraltar Contract Operations including customer service, data operations, product support and account management 2. UkFast.Net Ltd http://www.ukfast.co.uk 3 4 LSC Communications Europe Sp. z o.o http://www.lsccom.eu United Kingdom Contract Data hosting Poland Contract Printing The Rocket Science https://mailchimp.com USA Contract E-Marketing Group 7. Purposes of data processing a. We, our data processors, and the recipients of the personal data identified in this Notice, process personal information to enable us to: i. Promote goods and services, including by direct marketing; ii. Exchange datasets and marketing lists; iii. Undertake research, modelling and analysis; iv. Maintain our accounts and records; v. Support and manage our employees; vi. Enhancing existing datasets with new information; vii. Creating and processing credit risk assessments; viii. Display of business identity and locations on third-party platforms; ix. Exchanging such data with our contracted partners for similar purposes.

b. Other purposes from time to time, which may be updated to this Notice. c. Processing for the above purposes is conducted on the following conditions for legitimate processing: i. Consent of the data subject; ii. Contractual necessity; and/or iii. Legitimate interests of the data controller or third party. 8. Data subjects a. We process personal data about: i. Our advertisers, customers and clients; ii. Employees; iii. Professional advisers and consultants; iv. Suppliers and service providers; v. Complainants and enquirers; vi. Users of the website at www.gibyellow.gi; and/or vii. Persons involved in businesses throughout Gibraltar. 9. Categories of personal data a. We process personal data including: i. Personal details; ii. Contact details; iii. Education and employment details; iv. Financial details; v. Goods or services provided; and/or vi. Internet browsing habits and interests. b. We do not process sensitive classes of information. 10. Recipients of personal data a. We will not share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries b. We do or may share information, including personal data, with the following third-party recipients (in addition to the data processors identified above): Serial Recipient Contact State/jurisdiction 1. Gibtelecom www.gibtele.com Gibraltar c. Where necessary or required we share information, including personal data, with the following categories of third party recipients: i. Business associates; ii. Third party contractors as data processors; iii. Debt collection and tracing agencies; and/or d. We may also disclose personal data to third parties: e. In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets; i. If we or substantially all of our assets are acquired by a third party, in which case personal data we hold will be one of the transferred assets; ii. In order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject; or to protect our rights, property, or safety of our employees, customers, or others; and/or iii. For the purposes of fraud protection and credit risk reduction. f. We may also disclose personal data to other third parties from time to time, which may be updated to this Notice. 11. Transferring information outside the EEA

a. We regularly transfer personal information overseas. Where this is necessary this may be to countries or territories around the world. We are required to ensure that when we need to do this we comply with the Data Protection Act 2004. b. We currently transfer personal data outside of the European Economic Area: United States of America c. We may transfer personal data to other jurisdictions external to the European Economic Area from time to time, which may be updated to this Notice. 12. Provision of personal data a. Provision of personal data is voluntary. b. If you choose not to provide your personal data and consent to this Notice, we may be unable to publish your business record on the directory of businesses hosted at https://www.gibyellow.gi and within datasets shared with third parties. 13. Data subject rights a. As the data subject, you have the right to access a copy of the information comprising your personal data, such access requests can be lodged via the contact us page, Data Control Centre; info@gibyellow.gi. b. As the data subject, you have rights to: i. Object to processing that is likely to cause or is causing damage or distress, such request can be made here; ii. Prevent processing for direct marketing; iii. Object to decisions being taken by automated means; and iv. Have inaccurate personal data rectified, blocked, erased or destroyed. v. Such rights may be exercised via the Data Control Centre at www.gibyellow.gi contact us. c. You have the right to lodge a complaint concerning our compliance with the data protection principles with the Information Commissioner here: https://gra.gi T: 20074636 E; info@gra.gi. 14. Data retention period a. We retain personal data indefinitely, until it is identified as no longer correct, or until it is no longer required. 15. Data protection compliance measures a. We complete a data protection impact assessment prior to any significant change to our processing activities or data recipients. We complete periodic data protection audits, at least once per year to ensure ongoing compliance with the data protection legislation. b. This Notice does not form part of any employee's contract of employment, any supplier terms of contract, any user or consumer terms ofcontract, unless expressly stated to the contrary and we may amend it at any time.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback