→ 1. General Overview
The purpose of this document is to provide you with information on our use of your personal data in accordance with the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679, the “Data Protection Legislation”). In this document, “we”, “us” and “our” refer to Sourcing Change.
→ 2. Who this affects
If you are a media representative, an individual or client who works with Sourcing Change, this will affect you directly. If you are an institutional or corporate client that provides us with personal data on individuals connected to you for any reason in relation to your engagement with us, this will be relevant for those individuals and you should transmit this document to such individuals or otherwise advise them of its content.
→ 3. Your personal data
By virtue of your engagement or interactions with us or by virtue of you otherwise providing us with personal information on you or individuals connected with you (for example directors, trustees, employees, representatives, shareholders, clients, beneficial owners or agents), you will provide us with certain personal information which constitutes personal data within the meaning of the Data Protection Legislation. We may also obtain personal data on you from other public sources.
This includes the following information relating to you and/or any individuals connected with you: name, residential address, email address, contact details, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number and bank account details.
→ 4. How we may use your personal data
We, as the data controller, may collect, store and use your personal data for lawful purposes, disclosed below:
For direct marketing purposes (that is, providing you with information on products and services) or for quality control, business and statistical analysis or for tracking fees and costs or for customer service, training and related purposes (i.e. where this is necessary for the purposes of our legitimate interests and such legitimate interests are not overridden by your interests, fundamental rights or freedoms and provided that we are acting in a fair, transparent and accountable manner and have taken appropriate steps to prevent such activity having any unwarranted impact on you and also noting your right to object to such uses, as discussed below). Should we wish to use your personal data for other specific purposes (including, if applicable, any purpose that requires your consent), we will contact you.
→ 5. Our data protection measures we take
We shall apply appropriate information security measures designed to protect data in our possession from unauthorised access by third parties or any form of computer corruption.
We shall notify you of any personal data breach affecting you that is likely to result in a high risk to your rights and freedoms.
→ 6. Your data protection rights
You have certain rights regarding our use of your personal data such as:
- the right to access your data (in an easily readable form);
- the right to examine and correct your data;
- the right to data portability;
- the right to restrict the use of your data;
- the right to withdraw any consent given to the processing of your data (where applicable);
- the right to receive information regarding any entities we disclose your data to;
- the right to lodge a complaint with the Information Commissioner’s Office.
- You also have the right to object to the processing of your data where we have considered this to be necessary for the purposes of our legitimate interests.
Please note that the right for your data to be erased (the “right to be forgotten”) that applies in some contexts is not likely to be applicable to most, if not all, of the personal data we hold, given the specific nature of the purposes for which we use the data, as described above.
→ 7. Our retention of your personal data
We may retain your personal data for such a period as required by any applicable laws or regulations or for such as period as may be permitted in accordance with the lawful purposes or our legitimate interests outlined above. Thereafter, we will refrain from collecting any further personal data on you and shall take appropriate steps to dispose of any records containing your personal data, to the extent this is operationally feasible and proportionate.
→ 8. Getting in touch
We are not required to designate a data protection officer. However, should you have any queries or wish to discuss your data protection rights with us, please contact: firstname.lastname@example.org