Personal information we collect and process
The types of personal information that we collect from you and hold will vary depending on your dealings with us. This information may include any or all of the following:
- name, address(es), telephone number(s) and other contact details
- electronic address(es)
- payment information (such as credit card or bank details)
- job title, department, company and industry sector you work in
- financial and credit card information
- personal description and photograph
- other personal information required to provide our products and services; and
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
In some circumstances we may also collect information about your current and previous education and employment, student identification details.
Where specifically required under certain circumstances we may collect information such as:
- health information
- information about your criminal record, racial or ethnic origin, or religion
- information related to health and safety, workplace investigations or workplace environment, but only if you agree to provide it to us or authorise us to obtain it from a third party
- You do not have to provide us with any personal information, however if you do not do so we may not be able to provide you with the products, services or benefits you have requested.
- SAI360 does not collect sensitive Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or data concerning your sex life.
Our legal basis for collecting and processing your Personal Data
We will only collect, use or disclose your personal information where we have a legal basis for doing so. Typically, this will be:
- where you have provided your consent
- where we are legally obliged to do so
- where it is necessary as part of a contract or transaction between SAI360 and yourself, or between SAI360 and your employer
- where it is in our legitimate interest as a supplier of risk management solutions (for example providing you with customer service, or protecting the security of our systems)
We will only use personal information in accordance with applicable laws in the countries/states we operate in such as the 201 CMR 17.00 Standards for the protection of personal information of residents of the Commonwealth (Massachusetts), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (EU) 2016/679 (GDPR), the Privacy Act 1988 (Australia), Data Protection Act 2018 (UK), the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), S.C. 2000, c. 5, The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, the Health Insurance Portability and Accountability Act passed by US Congress in 1996 (HIPAA), in addition to other obligations and applicable national laws.
How we collect personal information from you
Generally, we collect information directly from you, such as:
- when you submit information through our websites, for example by completing an online form
- by corresponding with us by phone, email or otherwise
- in person; or
- in the course of us providing you with a requested product, service or benefit
- when you have other dealings with us.
We also receive information about you from other sources such as:
- your use of any other websites we operate or the other services we provide
- our related bodies corporate; and
- third party service providers we work closely with including, for example, business partners, market research organisations, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies
How we use the personal information we collect
We will use information collected directly from you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
- to notify you about changes to our service; and
- to ensure that content from our websites is presented in the most effective manner for you and your computer.
We will use personal information collected about you in the following ways:
- to administer our websites and for internal operation, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- to improve our websites to ensure that content is presented in the most effective manner for you and for your computer
- to allow you to participate in interactive features of our service, when you choose to do so or are required to do so by your employer
- as part of our efforts to keep our websites safe and secure
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.
How we store and protect your information
We store personal information in a combination of computer storage facilities and other records. In so doing, we have taken numerous steps to protect your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure.
Where we provide personal information to third parties, we use contractual measures to protect this information.
Additionally, we take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.
The internet is not a secure method of transmitting information. Accordingly, other than where we use secure socket layer technology (SSL) to ensure information is securely transmitted and processed, we cannot and do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information.
We will ask you for your explicit consent before capturing and processing your Personal Data, wherever we need to. By providing consent you are giving us permission to process your Personal Data specifically for the purposes identified.
You may withdraw consent at any time by using the form available via the Data Subject Request page on this website (https://www.sai360.com/data-subject-requests), or contacting our Data Protection Officer using the contact details below:
680 George St
Sydney, NSW, 2000
Disclosure of your Personal Data to third-parties
We may also disclose your personal information to third parties who work with us in our business to provide, promote or improve the products or services you have requested or are interested in, such as:
- our related bodies corporate.
- our affiliated organisations in the countries set out below.
- third-party service providers (such as trainers, auditors, banks, and mortgage rooms).
- national regulators and accreditation bodies.
- marketing agencies
- consultants and professional advisers
- analytics and search engine providers that assist us in the improvement and optimisation of our websites; or
- Service providers who help us manage our relationships with our customers and our marketing channels (such as Salesforce, Adobe, , Exact Target and Intershop).
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.
Do we send your information overseas?
Depending on your relationship with us or the type of service we provide to you we may disclose some of your personal information, for the purposes described above, to our international offices. We may also disclose your personal information to other countries specified by you from time to time in order to provide services to you.
By providing your personal information to us, you consent to our disclosure of your personal information to organisations in those countries (where relevant or necessary) even though it may not receive the same protections that it would in your own country. You may request us not to transfer your personal information to the countries listed above, but if you do so we may not be able to provide the services or products you have requested from us.
Retention of your Personal Data
Where SAI360 holds and processes your Personal Data for contractual purposes (e.g. if you have purchased something from us), we will hold and process this data for as long as we are legally obliged to do so. Where you have provided your consent for us to hold and process your Personal Data (for example to provide you with updates on relevant products and services we may offer), we will do so until you ask us not to.
Your rights as a Data Subject
At any point while we are in possession of or processing your Personal Data, you, the Data Subject, have a number of rights such as the right of access to your information; the right to amend or correct your personal information and the right to withdraw your consent for processing. More details regarding these rights are available on any form on this Web site where are asked to enter any Personal Data If you are using one of our Products or Services contracted by your employer please contact your customer representative.
Exercising rights as a Data Subject
If you elect to exercise any of the rights listed above, including withdrawal of your consent for us to process your data, you can do so using the forms available via the Data Subject Request page on this website (https://www.sai360.com/data-subject-requests) or by contacting our Data Protection Officer using the contact details below. If you are using one of SAI360 Products or Services contracted by your employer, please contact your customer representative .
If a third party is involved in the processing of your Personal Data, we will pass on to them any of your requests arising from the rights listed above.
In the event that you wish to make a complaint about how your Personal Data is being processed by SAI360 (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with SAI360’s Data Protection Officer:
You can also lodge a complaint with the Supervisory Authority listed below:
Information Commissioner’s Office
Water Lane Wilmslow, Cheshire, SK8 5AF
+44 303 123 1113
Information is also generated whenever a page is accessed on our website that records information such as the time, date and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate our website performance. Cookie use will vary between our sites, and products, please review the cookie statement on the site of product you use.
“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.
“Personal Data” (Personal Information) means any information relating to an identified or identifiable natural person (Data Subject).