GSAAG PRIVACY POLICY

Advertising

Advertising allows us to provide, support and improve some of our services. GSAAG does not use what you say in email, chat, video calls or voicemail, or your documents, photos or other personal files to do this. We use other data, detailed below, for advertising our services. For example:

  • GSAAG may use data we collect to select and deliver some of the information you see on the GSAAG website.

Information about our use of cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use Google Analytical/performance cookies; these allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it.

This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Google Analytical/performance cookies enables us to:

  • Determine which domain to measure
  • Recognise you when you return to our site
  • Remember the number and time of previous visits
  • Remember traffic source information
  • Determine the start and end of a session
  • Remember the value of visitor-level custom variables

Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Personal data

GSAAG may collect data from you, through our interactions with you for a variety of purposes described below, including to operate effectively. You provide this data directly, such as when joining the company as an employee or consultant or when we contract with you as a business partner.

We rely on a variety of legal reasons and permissions to process data, including with your consent, necessity to enter into contracts and compliance with legal obligations, for a variety of purposes described below.

We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time and include:

  • Suppliers of products and services to GSAAG;
  • Communication services, including email providers and social networks like LinkedIn, when you give us permission to access your data on such third-party services or networks.
  •  Developers who create new GSAAG software and databases.

When you are asked to provide personal data, you can decline. Where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract.

The data we collect can include the following:

  • Name and contact data. Your first and surname, email address, postal address, phone number and other similar contact data.
  • Credentials. Passwords, password hints and similar security information used for authentication and account access to GSAAG systems.

How we use personal data

GSAAG uses data to:

  • Provide our business services.
  • Improve and develop our services.
  • Recruit appropriately qualified and experienced personnel.
  • Advertise and market positions within the Group.
  • To use data to operate our business, which includes analysing our performance, meeting our legal obligations, developing our workforce and doing research.

Our processing of personal data for these purposes includes both automated and manual (human) methods of processing. When we process personal data about you, we do so with your consent and/or as required to provide services to you (for example, when recruiting we check previous work history or experience on social networking sites), or to operate our business, meet our contractual and legal obligations, protect the security of our systems and our clients or fulfil other legitimate interests of GSAAG as described in this section and in the Reasons we share personal data section of this privacy statement. When we transfer personal data from the European Economic Area, we do so based on a variety of legal mechanisms, as described in the Where we store and process personal data section of this privacy statement.

Purposes of processing:

  • Recruitment. We use personal information including: – name, DOB, photograph, qualifications, previous work experience, historic visa and work permits, references and expert skills and knowledge.
  • HR. In addition to information used during recruitment above, we use employee personal information including bank details.
  • Product development. We use data to develop new services.
  • Staff support. We use data to troubleshoot and diagnose IT problems, repair devices and provide IT support services.
  • Help secure and troubleshoot. We use data to help secure and troubleshoot our software.
  • Promotional communications. We use data we collect to deliver internal promotional communications and news updates.
  • Protecting rights and property. We use data to detect and prevent fraud, resolve disputes, enforce agreements and protect our security. We may use automated processes to detect and prevent activities that violate our rights and the rights of others, such as fraud.
  • Research. With appropriate technical and organisational measures to safeguard individuals’ rights and freedoms, we use data to conduct market research.

Sharing of personal data

We share your personal data with your consent or as required by law to complete any transaction you have requested or authorised. For example, we share bank details to enable payments to be made to you with our global bankers.

In addition, we share personal data among GSAAG-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide IT support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.

Finally, we will retain, access, transfer, disclose and preserve personal data, including your content (such as the content of your emails in Outlook.com, or files in private folders), when we have a good faith belief that doing so is necessary to do any of the following:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
  • Protect our clients, for example, to prevent spam.
  • Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks.
  • Protect the rights or property of GSAAG, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of GSAAG, we will not inspect a client’s private content ourselves, but we may refer the matter to law enforcement.

How to access and control your personal data

You can access and control your personal data that GSAAG has obtained with tools GSAAG provides to you, which are described below, or by contacting GSAAG. For instance:

  • If GSAAG obtained your consent to use your personal data, you can withdraw that consent at any time.
  • You can request access to, erasure of and updates to your personal data.

You can also object to or restrict the use of your personal data by GSAAG. For example, you can object at any time to our use of your personal data:

  • For direct marketing purposes.
  • Where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.

You may have these rights under applicable laws, including the EU General Data Protection Regulation (GDPR), but we offer them regardless of your location. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.

Security of personal data

GSAAG is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit confidential data (such as a bank account information) over the Internet, we protect it through the use of encryption or directly to the bank via secure interface. GSAAG complies with applicable data protection laws, including applicable security breach notification laws.

Where we store and process personal data

Personal data collected by GSAAG may be stored and processed in your region and in any other country where GSAAG or its subsidiaries operate. The storage location(s) are chosen in order to operate efficiently. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.

We transfer personal data from the European Economic Area, and the United Kingdom to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.

Retention of personal data

GSAAG retains personal data for as long as necessary to provide the services and fulfil the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types, the context of our interactions with you or your use of services, actual retention periods can vary significantly.

Changes to this privacy statement

We will update this privacy statement when necessary to provide greater transparency or in response to:

  • Feedback from business partners, regulators, industry or other stakeholder.
  • Changes in our services and operations.
  • Changes in our data processing activities or policies.

If there are material changes to the statement, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how GSAAG is protecting your information.

How to contact us

If you have a privacy concern, complaint or question for Data Protection to GSAAG please contact us by using our web form. We will respond to questions or concerns within 30 days. You can also raise a concern or lodge a complaint with a data protection authority or other official with jurisdiction