This Privacy Notice sets out the basis on which we will process the personally identifying information (‘Personal Data’) that we collect and receive from and about users of our websites (www.onigroup.eu, www.onigroup.com.au, www.onigroup.com.sg, ), (together “the Sites”) and customers who utilise our services or subscribe to our newsletters.
Our privacy commitments.
OniGroup is committed to respecting your privacy and ensuring the personal information you have entrusted to us is processed in accordance with the General Data Protection Regulation (GDPR) during and after your working relationship with us.
We are committed to holding your personal information in accordance with data protection law which ensures that the data we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purpose we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
We will only collect, keep, use and share Personal Data for legitimate business purposes that we explain here below, or if we’re legally required to do so.
We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed.
For as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safety measures.
We collect personal information directly from you when you contact us in relation to the delivery of our services/the purchase of goods and as necessary to allow us to provide our services and fulfil our obligations pursuant to our Terms of Business. We also collect personal information from information generated about you when you use our products and services.
We collect the following Personal data from or about you as a OniGroup customer:
- Personal Data Collected Directly from you through the booking process: your name, phone number, office postal address, email address and salutation.
Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.
Personal Data Collected Automatically from the use by you of the Sites. The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed, the access status/HTTP status code, your browser, your operating system and interface, as well as the language and version of the browser software.
The legal basis for collecting and processing this personal data is to be able to operate the Sites and provide you with access to the pages you wish to access.
Personal Data received Indirectly through our suppliers which enables us to create and store a record you data for the purpose of discussing required technology.
The legal basis for collecting and processing this personal data is our legitimate interests in knowing more about our customers.
Why we collect Data
We collect your personal information for:
Processing an order for a product or service, including considering the price and terms.
Managing any aspect of the product or service.
To perform and/or test the performance of our products, services and internal processes
To improve the operation of our business and that of our business partners.
For management and auditing of our business operations including accounting.
To monitor and keep records of our communication with you and our staff.
To develop new products and services and to review and improve current products and services.
To keep you informed about our products and services.
To comply with legal and regulatory obligations, requirements, and guidance.
To facilitate the sale of one or more parts of our business.
We rely on the following legal bases to use your personal data:
Where it is needed to provide you with our products or services, such as:
Assessing an order or enquiry or request for a quotation for a product or service including considering the price, the payment methods available and any conditions attached.
Managing products and services you purchase from us.
Updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate)
Sharing your personal information with business partners and services providers where necessary to deliver the service or to help manage your product
All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, specifications, warranties and guarantees.
Where it is in our legitimate interests to do so, such as:
Managing your products and services, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate).
To perform and/or test the performance of our products, services and internal processes.
To follow guidance and recommended best practice of government and regulatory bodies
For management and audit of our business operations including accounting.
To carry out monitoring and to keep records of our communications with you and our staff.
To administer our good governance requirements such as internal reporting and compliance obligations or administration required.
For market research and analysis and developing statistics.
For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by email, phone, social media and digital channels.
Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses.
Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.
- To comply with our legal obligations
- With your consent or explicit consent:
- For some direct marketing communications.
Google Analytics, a web analytics service provided by Google, Inc. (“Google”) also places cookies on your computer, to enable Google to provide us with activity reports relating to the Sites. Google uses this data only to provide us with information on how users use the Sites and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Your personal information may be shared with our business partners (such as Google) and any group business. It may also be shared with Governmental and regulatory bodies.
We ensure that a third party has adequate levels of data protection safeguards when processing your personal information.
We may also share your personal information with trusted third parties where it is necessary to provide products you have requested from us or where they are contracted to develop or maintain our systems.
We monitor information security compliance and have written contracts which obligate our partners or third party providers to process your personal information only on our instructions and in accordance with applicable data protection laws.
In the event we transfer your data outside of the EU, we will ensure we put in place adequate levels of data protection safeguards.
We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following:
- Payment Processor: Paypal, https://www.paypal.com/ee/webapps/mpp/ua/privacy-full
- CRM Tool: SurgarCRM: https://www.sugarcrm.com/legal/privacy-policy
- Cloud Storage: Google Drive and GSuite, https://cloud.google.com/security/compliance/eu-data-protection/
- Communication tool: Mailchimp,. https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr
- Drupal located in the U.S. Privacy Shield Certified. https://www.drupal.org/privacy
- Google Analytics, located in the U.S. Privacy Shield Certified. https://www.google.com/policies/privacy/
- Google Cloud located in the U.S. Privacy Shield Certified .https://cloud.google.com/security/compliance/eu-data-protection/
International Data Transfers
OniGroup EMEA Limited is within the OniGroup Group, which includes OniGroup Pte Ltd and OniGroup Pty Limited. As a part of the larger OniGroup when required, data will be passed between the organisations within a secure manner.
We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us.
We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.
Where we keep Personal Data files on local devices these devices are protected and accessible only to authorised OniGroup employees.
We regularly review our security systems to ensure that your Personal Data remains safe and secure.
How Long We Keep Your Data
OniGroup will only retain your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Information Rights and Choices
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
Changes to our Privacy Notice
We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be posted to the Sites and if we consider it to be appropriate we will notify subscribers of any material changes by e-mail.
Your Right to Object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the details below to exercise these rights.
OniGroup EMEA Limited is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. We are a limited company registered in England and Wales (registered no.08834334) with registered offices at 50 Liverpool Street, London, EC2M 7PY.
If you would like to know what information we hold about you or if you have any other queries or complaints in relation to this Privacy Notice, or our Sites, our contact details are as follows:
OniGroup EMEA Limited, 50 Liverpool Street, London, EC2M 7PY.
0203 713 7477