Data Protection Policy
1. General information
This data protection policy explains how Fairsystems LTD and/or its affiliates, subsidiaries, and newly acquired companies (“fairsystems”; “we”) protect the personal data fairsystems processes and controls relating to you (“your personal data”), why fairsystems processes your personal data, who has access to your personal data and how you can exercise your rights in relation to the processing of your personal data.
This data protection policy provides an overview of fairsystems’ most common processing activities of your personal data. Please note that certain specific processing activities may be subject to a separate and tailored data protection policy.
In the event any translation of this data protection policy is prepared, the English version of this data protection policy shall prevail in case of conflicts between the different language versions.
Which categories of personal data does fairsystems process?
fairsystems will collect personal data about you to achieve the purposes set out in this data protection policy.
For further information on the specific categories of personal data fairsystems is processing, please see section 2. For further information on the sources from which fairsystems has obtained your personal data, please see section 3.
If you provide fairsystems with any personal data of another person (for instance, a potential employee/referral), you are responsible for ensuring that such person is made aware of the information contained in this data protection policy and that the person has given you his/her consent for sharing the information with fairsystems.
Except for certain information that is required by law, your decision to provide any personal data to fairsystems is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide fairsystems with your personal data. However, please note that if you do not provide certain information, fairsystems may not be able to accomplish some or all of the purposes outlined in this data protection policy, and you may not be able to use certain tools and systems which require the use of such personal data.
Why does fairsystems process your personal data?
fairsystems may collect, use, transfer, disclose and otherwise process your personal data in the context of facilitating communication with you (including in case of emergencies), operating and managing fairsystems’ business operations, complying with legal requirements, monitoring your use of fairsystems’ systems, undertaking data analytics and recruitment. For a more detailed list of the purposes, please see section 4.
fairsystems will not use your personal data for purposes that are incompatible with the purposes listed in this data protection policy unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
On which legal basis does fairsystems process your personal data?
fairsystems processes your personal data as permitted by applicable data privacy laws and its internal policies.
fairsystems processes your personal data for the purposes set out in this data protection policy for one or more of the following reasons: (i) because fairsystems is required to do so for compliance with a legal obligation to which it is subject, (ii) because such information is necessary for the performance of a contract to which you are a party, (iii) because the processing is necessary for the purposes of the legitimate interests pursued by fairsystems or by a third party (as described in the last sentence of this paragraph), or (iv) where necessary in order to protect the vital interests of any person. fairsystems has legitimate interests in collecting and processing personal data, for example: (1) to ensure that fairsystems’ networks and information are secure, (2) to administer and generally conduct business and (3) to prevent fraud.
In addition, fairsystems may process your sensitive data and/or make automated decisions concerning you where permitted by applicable law and/or with your prior consent and for the purposes mentioned in this data protection policy.
Please see section 5 for further information on the legal basis on which fairsystems bases the processing of your personal data for each processing activity.
Who has access to your personal data?
Access to your personal data within fairsystems will be limited to those employees who have a need to know the information for the purposes described in this data protection policy, which may include personnel in Security, HR, IT, Compliance, Legal, Finance and Accounting, Corporate Investigations and Internal Audit. All employees within fairsystems will generally have access to your business contact information (e.g. name, position, telephone number, and e-mail address).
Furthermore, your personal data may be transferred to other fairsystems offices and third parties, which may involve transferring your personal data to other countries.
As a global organization with offices and operations in many countries, your personal data may be transferred or be accessible internationally throughout fairsystems’ business and between its entities and affiliates. Any transfers of your personal data to other fairsystems’ offices will be governed by fairsystems’ corporate rules.
Furthermore, where there is a need, fairsystems may share your personal data with third parties, such as service providers and public authorities. Before doing so, fairsystems takes steps to protect your personal data. Any third-party service providers and professional advisors to whom your personal data are disclosed, are expected and required to protect the confidentiality and security of your personal data and may only use your personal data in compliance with applicable data privacy laws. For the categories of third parties with which fairsystems may share your personal data, please see section 6.
How does fairsystems protect your personal data?
fairsystems maintains organizational, physical and technical security arrangements for all the personal data it holds. fairsystems has protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing fairsystems undertakes.
fairsystems adopts market leading security measures to protect your personal data
How long does fairsystems retain your personal data?
fairsystems retains your personal data only for as long as is necessary. fairsystems maintains specific records management and retention policies and procedures so that personal data are deleted after a reasonable time according to the following retention criteria:
- fairsystems retains your personal data as long as it has an ongoing relationship with you.
- fairsystems retains your personal data for as long as needed in order to comply with a legal obligation to which it is subject.
- fairsystems retains your personal data where this is advisable to safeguard or improve fairsystems’ legal position (for instance in relation to statutes of limitations, litigation, or regulatory investigations).
Please keep your personal data at all times up to date and inform fairsystems of any material changes to your personal data.
Which rights do you have concerning your personal data?
Please contact fairsystems’ Data Privacy Officer if you (i) have any questions or concerns about how fairsystems processes your personal data or (ii) want to exercise any of your rights in relation to your personal data.
You have the right (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law to:
- Request access to the personal data we process about you: This right entitles you to know whether fairsystems holds personal data of you and, if so, obtain information on and a copy of those personal data.
- Request rectification of your personal data: This right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: This right entitles you to request that fairsystems no longer processes your personal data.
- Request the erasure of your personal data: This right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: This right entitles you to request that fairsystems only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: This right entitles you to receive a copy (in a structured, commonly used, and machine-readable format) of personal data that you have provided to fairsystems, or request fairsystems to transmit such personal data to another data controller.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting fairsystems’ Data Privacy Officer. Please note that this will not affect fairsystems’ right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.
Please note, however, that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.
If despite fairsystems’ commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome you to come to fairsystems first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against fairsystems with a competent court (either in the country where you live, the country where you work, or the country where you deem that data privacy law has been infringed).
What if you have questions or want further information?
This data protection policy, and the web pages referred to therein, aims to give you complete and transparent information on how fairsystems processes your personal data.
If you have any further questions or concerns regarding how fairsystems processes your personal data, or if you wish to exercise any of your foregoing rights, please contact the Data Privacy Officer.
2. Further information on categories of personal data
The below table sets out the categories of personal data that fairsystems processes or may process in the context of the processing activities described in the data protection policy.
| Category of personal data | Explanation |
|---|---|
| Personal details. | Name, preferred pronoun, all types of contact details (such as e-mail, phone numbers, physical address), gender, date of birth, age, place of birth. |
| Sensitive data. | fairsystems may also collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status and dietary requirements/allergies in the framework of the events we organize/sponsor). fairsystems will only use such sensitive information for the purposes described in section 4. |
| Audiovisual materials. | Photograph, and images/footage captured on CCTV or other video and related security/monitoring systems. |
| Position. | Description of the current position, job title, employer, location, fairsystems contact(s). |
| System and application access data. | Where you are provided with access to fairsystems’ systems, fairsystems may collect information required to access such fairsystems systems and applications such as System ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, access logs, activity logs, and electronic content produced using fairsystems’ systems. |
In addition, for recruitment purposes, fairsystems may process the personal data set out in the below table.
| Personal details. | In addition to the personal details listed above, fairsystems may collect additional personal details for recruitment purposes, such as national identification number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents, emergency contact information, military history. |
| Sensitive data. | fairsystems may collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag, and (where authorized by law) information on criminal convictions and offenses. fairsystems collects this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; background checks; and diversity-related personal data (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination. |
| Documentation required under immigration laws. | fairsystems may collect data on citizenship, passport data, details of residency, or work permit (a physical copy and/or an electronic copy). |
| Talent management information. | Information necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, e-learning/training programs, performance and development reviews (including information you provide when asking for/providing feedback, creating priorities, updating your input in relevant tools), driver’s license and car ownership information, and information used to populate biographies. |
3. Further information on sources of personal data
Your personal data have been obtained by fairsystems from the sources set out in the below table.
| Source from which fairsystems obtains the personal data |
|---|
| Yourself. |
| fairsystems’ employees. |
| fairsystems’ affiliates. |
| Employers of the visitors and contractors. |
| Public authorities. |
| Public websites and social media. |
| Suppliers and vendors. |
In addition, for recruitment purposes, fairsystems may obtain personal data from the sources set out in the below table.
| Previous employers. |
| Educational institutions. |
| Background check providers. |
| Talent management providers. |
The above sources are private sources, unless where the source is expressly stated to be “public”.
4. Further information on the purposes
As set out in the data protection policy, fairsystems processes your personal data for multiple purposes. The below table sets out each of the purposes for which fairsystems processes your personal data.
| Purpose | Explanation |
|---|---|
| Facilitating communication with you (including in case of emergencies). | Facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others, safeguarding IT infrastructure, office equipment and other property, facilitating communication with you and your nominated contacts in an emergency. |
| Operating and managing fairsystems’ business operations (including security). | Operating and managing the IT and communications systems, IT security operations, security access control to facilities, managing fairsystems’ assets, business continuity and disaster recovery, compilation of audit trails and other reporting tools, maintaining records relating to business activities and organizing fairsystems’ events/seminars. |
| Complying with legal requirements. | Complying with legal requirements, such as mandatory filings, record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures, protecting, enforcing or defending the legal rights, privacy, safety, or property of fairsystems, fairsystems’ affiliates or their employees, agents and contractors (including enforcement of relevant agreements and terms of use), protecting the safety, privacy, and security of users of fairsystems’ products or services or members of the public, or protecting against fraud or for risk management purposes. |
| Monitoring your use of fairsystems’ assets | Monitoring activities as permitted by local law and/or in accordance with applicable fairsystems’ policies (including monitoring the use of fairsystems’ resources). |
| Undertaking data analytics. | Applying analytics to business operations and data to describe, predict and improve business performance within fairsystems and/or to provide a better user experience. Specifically, areas within analytics include descriptive analytics, predictive analytics, analytics involving individuals (clients, business contacts) use personal data, analytics driven by marketing, single customer view and customer journey and workplace analytics. |
| Recruitment. | Managing job applications, including conducting interviews, undertaking appraisals, assessing performance, financial planning, undertaking payment administration, managing inclusion and diversity programs, performing background checks, planning and monitoring training requirements. |
5. Further information on the legal basis
fairsystems processes your personal data based on the legal bases set out in the below table.
| Purpose | Legal basis |
|---|---|
| Facilitating communication with you (including in case of emergencies). | Justified on the basis of fairsystems’ legitimate interests for ensuring proper communication and emergency handling within the organization. |
| Operating and managing fairsystems’ business operations (including security). | Justified on the basis of fairsystems’ legitimate interests for ensuring the proper functioning of its business operations. |
| Complying with legal requirements. | Necessary for compliance with a legal obligation to which fairsystems is subject. |
| Monitoring your use of fairsystems’ systems. | Justified on the basis of fairsystems’ legitimate interests of avoiding non-compliance and protecting its reputation. |
| Undertaking data analytics. | Justified on the basis of fairsystems’ legitimate interests of analyzing and improving the proper functioning of its business operations. |
| Recruitment. | Justified on the basis of fairsystems’ legitimate interests for ensuring that it recruits the appropriate employees. |
Please note that:
- Where the above table states that fairsystems relies on its legitimate interests for a given purpose, fairsystems is of the opinion that its legitimate interests are not overridden by your interests, rights, or freedoms given (i) the transparency fairsystems provides on the processing activity, (ii) fairsystems’ privacy by design approach, (iii) fairsystems’ regular privacy review and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact fairsystems’ Data Privacy Officer.
- Where any of the above purposes require the processing of sensitive data, fairsystems will only do so where permitted under applicable law, or with your prior consent.
- Where any of the above purposes involve an automated decision, fairsystems will only make such automated decision with your prior consent and after having informed you of meaningful information about the logic involved in the automated decision, as well as the significance and the envisaged consequences of such automated decision for you.
- fairsystems will process your personal data based on your prior consent to the extent such consent is required by mandatory law.
6. Further information on categories of third party recipients
In addition to transferring personal data to its affiliates and relevant internal staff, fairsystems may also transfer your personal data to the categories of unaffiliated third parties set out in the below table.
| Category of third party | Explanation |
|---|---|
| Professional advisors. | Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in all of the countries in which fairsystems operates. |
| Service providers. | Companies that provide products and services to fairsystems such as IT systems suppliers and support, trade bodies and associations, and other service providers. For recruitment purposes, fairsystems may also transfer your personal data to companies that provide products and services to fairsystems in relation to performance, training, expense management, and background searches. |
| Public and governmental authorities. | Entities that regulate or have jurisdiction over fairsystems such as regulatory authorities, law enforcement, public bodies, and judicial bodies. |
| Corporate / commercial transaction. | A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of fairsystems’ business, assets, or stock (including in connection with any bankruptcy or similar proceedings). A third party in connection with any proposed or actual client project. |
7. Contact us
You can contact fairsystems as data controller of your personal data via our Data Privacy Officer.
