Our Privacy Principles
· Lawfulness, fairness & transparency
We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) subject to your consent; 2) in order to fulfill our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; or 4) otherwise in accordance with the law.
· Notice & choice of data use
We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these principles, our Policy or specific notices associated with our services.
· Data access
We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.
· Data integrity & purpose limitation
We only use personal data for the purposes described at the time of collection, or for additional compatible purposes in accordance with the law. We take reasonable steps to ensure that personal data is accurate, complete and current and we only collect personal data which is relevant and limited to what is necessary for the purposes, for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected (e.g. if you register to our websites we shall retain your personal data for as long as your account is active or as long as needed to provide services to you and then we will securely delete or destroy it).
· Data security
To protect personal data against unauthorised use or disclosure, we implement strong information security controls in our own operations and offer products with high levels of data security protection.
· Accountability for onward transfer
We acknowledge our potential liability for transfers of personal data among HRS entities or to third parties. Personal data will only be shared when third parties are obliged by contract to provide equivalent levels of protection.
What is personal data
According to art. 4, par. 1 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (”GDPR”) personal data (”personal data” or ”personal information”) is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Scope of the Policy
This Policy applies to the processing of personal data by HRS of:
· visitors and registered users of the HRS web services, including our social media pages that link to this Policy;
· attendees of HRS Academy;
· customers and prospective customers and their representatives;
· subscribers to our newsletter;
· suppliers and business partners and their representatives.
When interacting with our web services, you also have the ability to link or connect with non-HRS websites, social networks, applications, services or other features. Enabling these features will lead to other parties than HRS processing personal information about you. We do not have any control over these features of other parties. We encourage you to review the privacy policies of these parties before using these features.
Who is responsible for your personal data?
HRS is responsible for processing your personal data described in this Policy. You may select a country to view the registered address and contact details of the HRS entity or entities located in each country.
How do we use your personal data and what is the legal basis for it?
We collect and use personal data to manage your relationship with HRS and better serve you when you are using HRS websites and services by personalizing and improving your experience. Examples of how we use personal data include:
· To communicate with you
If you contact us (e.g. by submitting contact forms on our websites, attending HRS events or other occasions, sending an email, answering your questions), we process personal information about you to communicate with you and to respond to your requests or other questions you may have. In such cases, we shall process your personal data on the ground of our legitimate interest.
· Tailored content
We may use your personal data to make our experience more customer friendly. In such cases we shall process your personal data on the ground of our legitimate interest.
· To deliver functionality on our web services
When you choose to register using our web services, we are obliged to process the personal data provided by you, so that we can create and manage a personal account for you. As creating your account, we shall send you your personal login information. This personal information enables us to administer your account, for example by changing your password for you. In such cases we shall process your personal data on a contractual legal ground as necessary to enter into or perform a contract with you.
· Marketing and sale activities
We may use your personal data to notify you about our new products, service developments, events, updates, prices, terms, tailored-made offers and diffrent campaigns and promotions, newsletters. We shall process your personal data for that purpose on your explicit consent.
· To manage your participation in HRS Academy
If you subsribe for HRS Academy, we shall process your personal data to manage all activities, related to the HRS Academy, including participation in the webinars, leaving comments etc. In such cases we shall process your personal data based on our legitimate interest / as necessary to enter into or perform a contract with you.
· Manage the security of our web services and systems
Maintaining the integrity and security of websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your personal information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. In such cases we shall process your personal data on the ground of our legitimate interest.
· Compliance with law
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes. We process your personal data on this ground in order to comply with applicable laws and regulations.
Personal data we collect using our web services
When you use our web services, your browser or device will transfer certain personal data to our web servers. This is done for technical reasons and required to make available for you the requested information. To facilitate your access to the web services, HRS collects personal data. We obtain personal information in a variety of ways: directly from users when they provide it, indirectly from their devices and online use and from other third parties. We describe these ways in more details below.
From users: We may collect personal data when users provide their personal information to us directly, such as when they contact us, or when they enter their personal information on our websites.
· We may collect and use the personal information that such users provide to us via their account (e.g. user name, email address, country of residence, password and other registration information and similar information).
· Information about the product with which the customer is associated.
· Information about your company such as the name, size and location of your company and your role within the company.
From user devices: We collect personal data from our users’ devices, including:
· Through our digital services, including our websites, our software or mobile applications, social media pages, and in e-mail or text messages.
· Automatically when a user uses a browser or their device. This personal information may include without limitation: geographical location and IDs of your computer, mobile or other device; bandwidth used; system and connection performance; browser type and version; operating system; referral source; length of visit; page views; IP address or other unique identifier for your computer, mobile phone or other device; your mobile carrier.
· Automatically when a user visits our websites, via cookies.
How long do we store your personal data?
We store your personal data only as long as required for the intended purpose. If personal data is processed for multiple purposes, it will be deleted, or only stored in a form that cannot be directly traced back to you, as soon as no longer needed for the final specified purpose.
How do we store your personal data?
We utilise state-of-the-art technology to store your personal data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorised processing:
- Access to personal data is restricted to a limited number of authorized persons for the stated purposes;
- The personal data collected is only transmitted in encrypted form;
- The IT systems used for processing personal data are technically isolated from other systems to prevent unauthorised access and hacking;
· Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
Whom do we share personal data with and how do we protect you
HRS is a global company. If necessary, to process your request, your personal information will be forwarded to the company in your home country. Your data will in part also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may have a lower data protection level than EU and EEA countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners, or we will ask for your explicit consent to such processing.
We do not sell or otherwise disclose your personal data to any other commercial entities. We may share your personal data with third parties, if:
(i) You have consented to such disclosure
(ii) We are under a legal or professional obligation to do so (e.g. under anti-money laundering legislation);
(iii) it is necessary for the purpose of legal proceedings or in relation thereto, or to exercise or protect our rights;
(iv) We are required to disclose your personal data to new entities or third parties due to organizational changes within HRS, or in connection with the transfer of our business or any part thereof;
(v) We disclose anonymous statistical data about our web services users' browsing actions and related user; information to reliable third parties, including browser providers and analysts.
We may share your personal data with some reliable third parties in accordance with contracts entered into with them. They include for example:
(i) our professional advisors and auditors;
(ii) IT technology providers;
(iii) Third parties involved in hosting or organizing HRS events or seminars.
On rare occasions, we may disclose your personal data without user knowledge or consent where we are required or permitted by law to do so. When we are required or permitted by law to provide such personal information, we take reasonable steps to verify the lawful authority (where applicable) for the collection and we disclose only the personal information that is legally required or otherwise permitted to be disclosed.
As the party affected by the processing of your personal data, you may claim certain rights under GDPR and other relevant data protection regulations. Under GDPR, you are entitled to claim the following specific rights as a data subject:
· Right of access
You have the right to request information on the personal data we hold about you from us at any time. This information includes, but is not limited to, the categories of personal data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your personal data from us free of charge. If you require additional copies, we reserve the right to charge you for these copies.
· Right to rectification
You have the right to request that we rectify inaccurate personal data relating to you. We will take appropriate steps to keep the personal data we store and process on an ongoing basis accurate, complete and current, based on the most up-to-date information available.
· Right to withdraw your consent
You have the right to withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal
· Right to object
You have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation, as long as personal data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will cease to process your personal data. This does not apply if we can show that there are compelling legitimate grounds for processing that outweight your interests, or if we need your data for the establishment, exercise or defence of legal claims.
· Right to erasure
You have the right to request that we erase your personal data, as long as the legal requirements for this are satisfied. This may be the case under Art. 17 GDPR if:
(i) the personal data is no longer required for the purposes for which it was collected or otherwise processed;
(ii) you withdraw the consent on which personal data processing is based, and there is no other legal basis for processing;
(iii) you lodge an objection to the processing of your personal data and there are no legitimate reasons for processing, or you object to personal data processing for direct marketing purposes;
(iv) the personal data was processed unlawfully
and provided that processing is not required:
(i) to ensure compliance with a legal obligation that requires us to process your personal data;
(ii) especially with regard to statutory retention periods;
(iii) to establish, exercise or defend legal claims.
· Right to restriction of processing
You have the right to request that we restrict processing of your personal data if:
(i) you dispute the accuracy of the personal data – in which case processing may be restricted during the time it takes to verify the accuracy of the personal data;
(ii) processing is unlawful, and you reject erasure of your personal data, requesting that its usage be restricted instead;
(iii) we no longer need your personal data, but you need it to establish, exercise or defend your rights;
(iv) you have lodged an objection to its processing, as long as it is not certain that our legitimate reasons outweigh yours.
· Right to data portability
You have the right to request that we transfer your personal data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your personal data, you may also ask us to submit the personal data directly to another responsible party specified by you.
Your login ID(s) & password(s) are unique to you as a user of one or more HRS Web Services. Your Login ID and Password must be kept confidential at all times. Passwords should never be shared or exposed to any third parties. You will not let anyone else access your account, or do anything else that might jeopardize the security of your account. You are responsible for the confidentiality and use of all IDs, passwords and other security data, methods and devices furnished in connection with the Web Site.
HRS bears no responcibility for disclosure of your personal data or any other personal data breach if it is caused due to third party’s access to your account with your consent.
Time limits for compliance
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request. In certain situations, we may be unable to provide you with information about all your data, due to legal requirements. If we are unable to fulfil your request for information in such a case, we will notify you of the reasons.
· Right to complain to supervisory authorities
HRS takes your concerns and rights very seriously. However, if you believe that we have not responded in an appropriate manner to your complaints or concerns, you have the right to lodge a complaint with your local data protection authority.
If you have any questions relating to our use of your personal data, we recommend that you contact our HRS entity located in your country.
You may also contact our Data Protection Officer: firstname.lastname@example.org
Amendments to our Policy
We reserve the right to change this Policy from time to time and provide notice of any significant changes, and the proposed effect, on the HRS websites or other HRS resources. In addition, we include a revision date on each version of our Policy. By providing personal information to us, or continuing to use our products or services after that date, the user consents to the collection, use and disclosure of the personal information as set out in the Policy.