1. Introduction
At <Client>, we take the protection of personal data relating to our customers, employees, independent contractors, and service providers very seriously. This Privacy Notice sets out the data protection standards that <Client> applies to the processing of personal data received from its customers, suppliers, employees, workers, and other third parties wherever it operates.
2. About <Client>
<Client> is made up of a number of different operating entities. Depending on where you are located and the location from which services are provided, the data controller of your personal data processed by us under this Privacy Notice will be different. Please [click here] for details of which <Client> entities will be data controllers in which countries.
3. Compliance with GDPR
3.1 We adhere to the principles relating to processing of personal data set out in the General Data Protection Regulation of the European Union ((EU) 2016/679), which requires personal data to be:
Processed lawfully, fairly, and in a transparent manner;
Collected only for specified, explicit, and legitimate purposes;
Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
Accurate and, where necessary, kept up to date;
Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed;
Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage;
Not transferred to another country without appropriate safeguards being in place; and
Made available to Data Subjects, who should be allowed to exercise certain rights in relation to their personal data.
4. Collection of Personal Data
4.1 We will only collect and use your personal data in the following circumstances:
Where it is necessary to perform our obligations under any contract that we may have with you (for example, we will use your contact details to deliver you our services);
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, it is within our legitimate interests to use your personal data to prevent or detect fraud);
Where we need to use your information to comply with our legal obligations;
Where your information is necessary for us to defend, prosecute, or make a claim against you, us, or a third party; and
Where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe or similar facility).
4.2 The type of personal data that we may need to collect and use for this purpose may include some or all of the following:
Basic personal details such as your name and job title;
Contact data such as your telephone number and postal or email address;
Financial data such as payment-related information or bank account details;
Demographic data such as your address, preferences, or interests;
Website usage and other technical data such as details of your visits to our websites or information collected through cookies and other tracking technologies;
Personal data provided to us by or on behalf of our customers or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data;
Identification and other background verification data such as copies of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with legal obligations;
Recruitment-related data such as your curriculum vitae, your education and employment history, and other information relevant to potential recruitment to <Client>;
Data that you may provide to us in the course of registering for and attending events or meetings, including access and dietary requirements; and
Any other personal data relating to you that you may provide.
4.3 We may collect or receive your personal data in several ways:
Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions such as completing a form on our website or registering for and using one of our online portals;
Where we monitor use of, or interactions with, our websites, any marketing we may send to you, or other email communications sent from or received by <Client>;
Third-party sources, for example, where we collect information about you to assist with our customer acceptance procedures or where we receive information about you from recruitment agencies for recruitment purposes; or
Publicly available sources - for example, to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes.
4.4 The following table describes the ways in which we may use your personal data, together in each case with the legal basis we rely on to do so:
| Purpose/Activity | Lawful basis for Processing including basis of legitimate interest |
|---|---|
| To provide our services to you and conduct our business | Contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you), consent |
| To fulfil our legal, regulatory or risk management obligations | Legal obligations, legal claims, legitimate interests (cooperate with law enforcement, risk profiling, prevent fraud) |
| To facilitate use of our websites and ensure content is relevant | Legitimate interests, consent, contract performance |
| For recruitment purposes | Legitimate interests, contract performance (in order for us to take steps at your request to enter a contract with you) |
| For marketing and business development purposes | Legitimate interests, consent |
| To recover payments due to us | Contract performance, legal claims, legitimate interests (to ensure payment for services) |
| To re-organize or make changes to our business | Legitimate interests (to allow us to change our business) |
4.5 We will only use your personal data where we are permitted to do so by applicable law and for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
5. Information for Marketing Purposes
5.1 Where you have consented to us using your personal data for marketing purposes, we may use your information as follows:
To provide you with information, products, or services that you request from us or which we feel may interest you;
For market research purposes, where we may contact you to ask for your feedback.
5.2 If, at any time after you have consented to us using your information for marketing purposes, you wish us to stop using your information for these purposes, please email us at [privacy@client.com] or opt out of any further marketing communications by clicking on the unsubscribe link or by following the opt-out instructions in our marketing communications.
6. Disclosure to Third Parties
6.1 We will not share, sell, or otherwise disclose your personal data for purposes other than those outlined in this notice. Examples include:
Compliance with laws - where <Client> considers such disclosure necessary or required by law to comply with government/legal process and/or to protect the safety of our employees, customers, business partners, or third parties.
Vendors and other service providers - to third-party vendors and service providers for IT, support services, infrastructure, application services, marketing, data analytics, background screening, payroll processing, etc.
Consultants - to auditors, advisors, legal representatives, and similar agents in connection with advisory services.
Business transfers - to another legal entity due to a merger, collaboration, sale, reorganisation, or similar event. In the case of a sale, your data will be transferred to the successor company.
<Client> group companies - <Client> is a global company and any personal data collected may be shared within <Client>'s group entities. Please [click here] for a full list of entities and locations.
6.2 We restrict access to personal data to employees and third parties who have a legitimate business need for access.
7. International Transfers
7.1 As a global company, <Client> may need to process personal data outside your country.
7.2 We will impose appropriate safeguards to ensure that your personal data is protected per relevant data protection laws.
7.3 Similarly, where a third-party provider processes personal data on behalf of <Client>, we will ensure required safeguards are in place.
8. Data Monitoring
We may monitor all IT systems, business areas, and/or work-related activities to protect the company and ensure appropriate use of resources in compliance with laws and policies.
9. Data Security
We implement commercially reasonable physical, technical, and procedural security measures to protect personal data from unauthorized access or incidents. Procedures are in place to address suspected data security breaches, with notifications made if required by law.
10. Data Retention
Personal data will be retained only as long as necessary to fulfil its collected purpose, linked purposes, and as required for compliance or claims.
11. Your Rights
11.1 If you have questions about our use of your personal data, contact us as detailed below.
11.2 Under certain circumstances per applicable laws, you may have the right to:
Get further details on our use of your data;
Get a copy of your data;
Update any inaccuracies;
Delete data we no longer have grounds to use;
Withdraw consent for specific uses;
Object to processing based on legitimate interests (subject to balancing tests);
Restrict our use of your data during a complaint investigation.
11.3 You may also ask not to receive marketing; see opt-out instructions (section 5).
11.4 Requests will be checked; we typically respond within a month. Fees are only charged in excessive/unfounded cases. You also have the right to complain to a data protection authority.
12. Website & Cookie Policy
12.1 When you visit <Client>'s websites, we may send cookies to improve site functionality and tailor experiences.
12.2 See our Website Privacy Policy for cookie details; we may analyze website traffic to improve our sites.
13. Contact Us
If you have questions or concerns about this Privacy Notice or data processing:
Data Protection Officer
<Client>
[Insert address details]
Email: [privacy@client.com]
14. Changes to this Privacy Notice
<Client> reserves the right to amend this notice as required by applicable law and regulations.
This Notice does not override national data privacy laws where <Client> operates.
Effective Date: [Insert Date]
Last modified: [Insert Date]
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article