Jump to policies for: Residents of California, Residents of the European Economic Area (“EEA”) and The United Kingdom, and Residents of Australia
What is personal information?
Personal information we collect and process
We collect personal information from a variety of sources, including information that you provide directly and information that we automatically collect when you access and use the Services. The types of personal information that we collect will vary depending on your dealings with us.
Personal information you provide
You may provide personal information to us and our third-party service providers through the Services, when you submit information through our websites, for example by completing an online form, when you apply for or inquire about employment with us, in the course of us providing you with a requested product, service or benefit, or when you e-mail, call, or otherwise communicate with us, including in person. The types of personal information you provide differ depending on how you choose to interact with us, but may include your name, email, phone number, address, and payment card or bank account information, or any other personal information you choose to provide to us.
Information collected automatically
We and our third-party service providers may collect information automatically from you when you access and use the Services. Such information may include personal information and includes the following:
We may collect information about how you interact with the Services. This may include information such as the dates and time you visit the Services, the page you view, referring / exit URLS, your browser type, and the domain name of your internet service provider. In some cases, we may collect this information through cookies and similar technologies. To learn more about these technologies, please see the “Device Information, Cookies and Google Analytics” sections below.
We may collect information about the devices you use to access the Services, including your device make and model, IP address, inferred geolocation information, operating system, and unique device identifiers.
Information is also generated whenever a page is accessed on our website that records information such as the time, date, and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate our website performance. Cookie use will vary between our sites, and products, please review the cookie statement on the site of product you use.
SAI360 appreciates your questions and comments about the Services and welcome your messages through our or “Contact Us / Feedback” page. If you correspond with SAI360, we may collect personal information, including the content of, and metadata regarding, any correspondence you may provide us. We may share your messages with those within our organization who are most capable of addressing the issues contained in your message. We may archive your message for a certain period of time or discard it.
How can you ‘Opt-Out’ of promotional correspondence?
To the extent permitted by applicable law, SAI360 or our third party service providers may send you e-mails with promotional offers. If you would no longer like to receive this information from us, please click the unsubscribe link at the bottom of any such e-mail you receive from us and follow the instructions. Your e-mail address will be removed from our marketing list. Please allow us a reasonable amount of time in order to satisfy your request, as some communications may already be in process. You do not have to provide us with any personal information, however if you do not do so we may not be able to provide you with the products, services or benefits you have requested.
Our legal basis for collecting and processing your personal data
We will only collect, use, or disclose your personal information where we have a legal basis for doing so. Typically, this will be:
- where you have provided your consent;
- where we are legally obliged to do so; and
- where it is necessary as part of a contract or transaction between SAI360 and yourself, or between SAI360 and your employer; where it is in our legitimate interest as a supplier of risk management solutions (for example providing you with customer service or protecting the security of our systems).
We use personal information in accordance with applicable laws in the countries/states in which we operate.
How we use the personal information we collect
We will use information collected directly from you for purposes that include:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us;
- to the extent permitted, to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- sending information that you request from us, including responding to inquiries or requests for information about or from SAI360;
- evaluating your qualifications for career positions at SAI360;
- other business purposes, including, without limitation, verifying your identity, age, and/or payment details, investigating complaints about the Services, research and analysis, marketing, advertising, and dispute resolution;
- in connection with a merger or similar consolidation of SAI360 into or with another entity;
- complying with law enforcement, government agencies, or a governmental mandate;
- complying with or as permitted by any SAI360 policies and any applicable legal requirements;
- to notify you about changes to our service;
- to ensure that content from our websites is presented in the most effective manner for you and your computer; and
In addition, we will use personal information collected about you for purposes that include:
- to administer our websites and for internal operation, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our websites to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so or are required to do so by your employer;
- as part of our efforts to keep our websites safe and secure;
- security purposes, including monitoring, risk assessment, addressing integrity and security issues related to the Services, and fraud and crime prevention/detection;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.
How we store and protect your personal information
We store personal information in a combination of computer storage facilities and other records. We take reasonable measures to secure and protect your personal information from misuse, interference, and loss, and unauthorised access, modification, or disclosure on the Services. Nevertheless, no security system is impenetrable. We cannot guarantee that personal information that users of the Services transmit or otherwise supply will be secure.
Where we provide personal information to third parties, we use contractual measures to protect this information.
Additionally, we take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.
We will ask you for your explicit consent before capturing and processing your personal data, in the limited circumstances for which consent is appropriate or required by applicable law. By providing consent you are giving us permission to process your personal data specifically for the purposes identified.
You may withdraw consent at any time by contacting our Data Protection Officer via email: [email protected]
In other cases, our interfaces (e.g., an email footer) will provide an option for withdrawing consent.
Disclosure of your personal data to third parties
We may also disclose all of the categories of personal information that we collect to third parties who work with us in our business to provide, promote or improve the products or services you have requested or are interested in, process payments, perform statistical analysis, protect against potential fraud, or perform any other functions consistent with the operation of the Services, such as:
- our related bodies corporate;
- our affiliated organizations in the countries set out below;
- third-party service providers (such as trainers, auditors, banks, and mortgage rooms);
- national regulators and accreditation bodies;
- marketing agencies;
- consultants and professional advisers in the course of the professional services they render to us;
- analytics and search engine providers that assist us in the improvement and optimization of our websites; or
- service providers who help us manage our relationships with our customers and our marketing channels (such as Salesforce, Adobe, Salesloft and ZoomInfo).
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; or if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.
We do not, and do not intend to, sell your personal data.
Do we send your information overseas?
Depending on your relationship with us or the type of service we provide to you we may disclose some of your personal information, for the purposes described above, to our international offices. We may also disclose your personal information to other countries specified by you from time to time in order to provide services to you.
Retention of your personal data
Where SAI360 holds and processes your personal information for contractual purposes (e.g. if you have purchased something from us), we will hold and process this data for as long as we are legally obliged to do so. Where you have provided your consent for us to hold and process your personal information (for example to provide you with updates on relevant products and services we may offer), to the extent permitted by applicable law, we will do so until you ask us not to.
Social media platforms
The Services are intended for a general audience and are not intended for use by children under 13 years of age. We do not knowingly collect information about children or sell products to children. Consistent with the Children’s Online Privacy Protection Act, we will not knowingly collect any information from children under the age of 13.
Your rights as a Data Subject
Depending on your jurisdiction, and subject to applicable data protection laws, you, the Data Subject, may have a number of data protection rights such as: the right of access to your information; the right to delete, restrict/block, object to, amend/update or correct or port your personal information and the right to withdraw your consent for processing. More details regarding these rights are available on any form on this website where you are asked to enter any personal data. If you are using one of our products or services contracted by your employer, please contact your customer representative.
Exercising rights as a Data Subject
If you elect to exercise any of the rights listed above, including access, consent, or withdrawal of your consent for us to process your data, you can do so by contacting our Data Protection Officer using the contact details under Data Subject Requests below. If you are using one of SAI360 Products or Services contracted by your employer, please contact your customer representative. If a third party is involved in the processing of your personal data, we will pass on to them your request arising from the rights listed above, as applicable. Certain data protection laws (like those in Europe and California) make the distinction between those who act as “controllers” or “businesses” and those who act as “processors” or “service providers” of personal data. A controller determines how and why your personal information is to be used. A processor or service provider only processes personal data on behalf of the controller under the controller’s instruction.
For many of our services, our customers are the controller, and we are acting as their processor. It may be up to the controller to make sure you can exercise your rights over your personal data. If you have questions about how personal data is handled by our customers, you will need to review their privacy notices and, if necessary, contact them directly.
Residents of the European Economic Area (“EEA”) and The United Kingdom
We will make it clear if we rely on your consent to process your personal data and you are free to withdraw your consent at any time. If you wish to do so, Please contact us as described below in the section titled Data Subject Requests.
Another reason we might use your personal data is because we have, or a third party has a legitimate interest in doing so. We do so when responding to your inquiries about our products and services; to provide services and technical support to you; and to enable internal administrative processes, such as account administration.
Providing your data
One reason we might use your personal data is because you’ve inquired into entering into a contract with us or you’ve entered into a contract with us, and we need to provide services under that contract. We may not be able to fulfill that contract if you choose not to provide us with your personal data.
Purpose of processing
Automated decision making
We do not engage in any automated decision making as a part of our Services.
Your right to rectification
We want our records to be as accurate as possible, so please advise us of any errors and we will make corrections accordingly. Although a difference of opinion or view does not necessarily mean that personal data is inaccurate. If you have a difference of opinion, we will do our best to add that opinion to our records.
Erasure and your right to be forgotten
Please contact us as described below in the section titled Data Subject Requests if you want us to delete your personal data. We will do our best to honor your request, but we may have an obligation to keep records for audit and legal purposes. We may also be able to “Restrict Processing” or delete specific information or a document, which we will do without undue delay, for example, where it has been sent to us in error.
Your right to object to processing
In certain circumstances, you have the right to object to our use of your personal data, such as if we are using your personal data for direct marketing; for our or a third party’s legitimate interests or the public’s interest; or for scientific or historical research and statistics. Please contact us as described below in the section titled Data Subject Requests if you would like us to do so.
Right to restrict processing
Under some circumstances, you may request that we limit how we use your data or “Restrict Processing”. Simply a difference of opinion or view does not necessarily justify a restriction, but we will always consider your opinion. We will always inform you before we lift any restriction.
Your right to access data
You have a right to receive a copy of your personal data from us. If you would like to do so, please contact us as described below in the section titled Data Subject Request and we will advise you of the next steps as soon as possible, and in no more than one month.
Right to data portability
At your request, we are happy to provide your personal data in a machine-readable or “portable” format so you can move it or store it wherever you want, subject to certain limitations. We can also send it to another controller where technically feasible. If you would like to do so, please contact us as described below in the section titled Data Subject Requests and we will advise you of the next steps.
Right to complain
If you have a complaint about how SAI360 uses your personal data, we hope that in the first instance you will contact us, and we will promptly address your concern. However, you can always file a complaint with the supervisory authority in your jurisdiction. For more information, please contact your local data protection authority (contact details for data protection authorities in the EEA are available at https://edpb.europa.eu/about-edpb/board/members_en; and contact details for the data protection authority in the UK are available at https://ico.org.uk/.
We do not charge you a fee for exercising any of your rights described above.
Data Subject Requests
In the event that you wish to make a complaint about how your personal data is being processed by SAI360 (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly our Data Protection Officer via email: [email protected]
You can also lodge a complaint with a Supervisory Authority or other applicable regulator, depending in your jurisdiction. A list of EU competent national supervisory authorities is available from: https://edpb.europa.eu/about-edpb/about-edpb/members_en
SAI360’s lead authorities are listed below:
Data Protection Commission
21 Fitzwilliam Square
D02 RD28 Dublin 2
Email: [email protected]
Tel. +353 76 110 4800
Information Commissioner’s Office
Water Lane Wilmslow, Cheshire, SK8 5AF
Tel: +44 303 123 1113
“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
“Personal Data” (Personal Information) means any information relating to an identified or identifiable natural person (Data Subject).
California residents’ privacy rights
If you are a California resident, you may request certain information from or certain action by us, such as exercising the access and deletion rights described below, or you may authorize an agent to make such a request on your behalf. We will seek to verify your identity and your agent’s authority when we receive an individual rights request from you or on your behalf to ensure the security of your personal information and may need to collect additional personal information to do so.
California residents have the right to request the deletion of personal information, but we may not delete some or all personal information, as required or permitted by applicable law, such as if the requested information is necessary to:
- complete your transaction;
- provide you with a good or service;
- perform a contract between us and you;
- protect your security and prosecute those responsible for breaching it;
- fix our Services in the case of a bug;
- protect the free speech rights of you or other users;
- protect the free speech rights of you or other users;
- comply with a legal obligation; or
- make other internal and lawful uses of the information that are compatible with the context in which you provided it.
If you are a California resident, you may also request to receive details about how we collect, use, and share your personal information. You may also request to receive the specific pieces of personal information that we have collected about you.
If a business sells personal information, you have a right to opt-out of that sale. We do not, and do not intend to, sell the personal information of California residents and, furthermore, do not have actual knowledge that we sell the personal information of consumers under 16 years old.
Businesses may not, and we do not, discriminate against you for exercising your CCPA (CPRA) rights, such as the access and deletion rights described above.
Residents of Australia
This section explains how we handle personal information relating to individuals who are Australian customers, so as to ensure we meet any obligations under the Australian Privacy Act.
In this section, “personal information”, is defined in the Australian Privacy Act, and means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, or recorded in a material form or not. Personal information includes a person’s name, address, contact details, date of birth, gender, sexuality, and race.
We retain the personal information that we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Services you requested or to comply with an applicable legal requirement).
We will not use or disclose personal information for the purposes of direct marketing to you unless:
- you have consented to receive direct marketing materials; or
- you would reasonably expect us to use your personal details for this purpose; or
- we believe you may be interested in the material, but it is impractical for us to obtain your consent.
In every instance, we will ensure that our direct marketing material incorporates an option for you to elect to receive no further such communications.
Please note also that even if you have requested not to receive further direct marketing communications, we may nevertheless continue to provide you with information about changes to our terms and conditions for the supply of goods or services, questionnaires, and other factual information. This form of communication is not regarded as “direct marketing” under the Australian Privacy Act.
Personal information may be sent outside of Australia to our related bodies corporate, as permitted by the Australian Privacy Act, which are located in the United States of America. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach our privacy obligations relating to your personal information. However, you should note that United States jurisdictions may not offer the same level of statutory privacy protection for personal information as Australia does. By providing your personal information to us, you consent to our disclosure of your personal information to these entities.
Access, correction, and further Information
We will take such steps as are reasonable to ensure that the personal information which we collect remains accurate, up to date and complete.
You may request access to any personal information we hold about you at any time by contacting to our Data Protection Officer via email: [email protected]
Upon such request we will endeavor to provide you with access to your personal information held by us unless we are permitted under the Australian Privacy Act to refuse to provide you with such access. Please contact us if you:
- wish to have access to the personal information which we hold about you;
- consider that the personal information which we hold about you is not accurate, complete, or up to date; or
- require further information on our personal information handling practices.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in actually providing you with access.
If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information if you so request.
We will respond to all requests for access and/or correction within a reasonable time.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should send to our Data Protection Officer via email: [email protected]
If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the Office of the Australian Information Commissioner for guidance on alternative courses of action which may be available. We will provide our full cooperation in the event that you elect to pursue this course of action.