Personal information we collect and process
The types of personal information that we collect from you and hold will vary depending on your dealings with us. This information may include any or all of the following:
- name, address(es), telephone number(s) and other contact details
- electronic address(es)
- payment information (such as credit card or bank details)
- job title, department, company and industry sector you work in
- financial and credit card information
- personal description and photograph
- other personal information required to provide our products and services; and
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
In some circumstances we may also collect information about your current and previous education and employment, student identification details.
Where specifically required under certain circumstances we may collect information such as:
- health information
- information about your criminal record, racial or ethnic origin, or religion
- information related to health and safety, workplace investigations or workplace environment, but only if you agree to provide it to us or authorise us to obtain it from a third party
- You do not have to provide us with any personal information, however if you do not do so we may not be able to provide you with the products, services or benefits you have requested.
- SAI360 does not collect sensitive Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or data concerning your sex life.
Our legal basis for collecting and processing your Personal Data
We will only collect, use or disclose your personal information where we have a legal basis for doing so. Typically, this will be:
- where you have provided your consent
- where we are legally obliged to do so
- where it is necessary as part of a contract or transaction between SAI360 and yourself, or between SAI360 and your employer
- where it is in our legitimate interest as a supplier of risk management solutions (for example providing you with customer service, or protecting the security of our systems)
We will only use personal information in accordance with applicable laws in the countries/states we operate in such as the 201 CMR 17.00 Standards for the protection of personal information of residents of the Commonwealth (Massachusetts), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (EU) 2016/679 (GDPR) and Regulation (EU) 216/679 of the European Parliament and of the Council, the Privacy Act 1988 (Australia), Data Protection Act 2018 (UK) and UK General Data Protection Regulation (UK GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), S.C. 2000, c. 5, The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, the Health Insurance Portability and Accountability Act passed by US Congress in 1996 (HIPAA), in addition to other obligations and applicable national/state laws.
How we collect personal information from you
Generally, we collect information directly from you, such as:
- when you submit information through our websites, for example by completing an online form
- by corresponding with us by phone, email or otherwise
- in person; or
- in the course of us providing you with a requested product, service or benefit
- when you have other dealings with us.
We also receive information about you from other sources such as:
- your use of any other websites we operate or the other services we provide
- our related bodies corporate; and
- third party service providers we work closely with including, for example, business partners, market research organisations, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies
How we use the personal information we collect
We will use information collected directly from you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
- to notify you about changes to our service; and
- to ensure that content from our websites is presented in the most effective manner for you and your computer.
We will use personal information collected about you in the following ways:
- to administer our websites and for internal operation, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- to improve our websites to ensure that content is presented in the most effective manner for you and for your computer
- to allow you to participate in interactive features of our service, when you choose to do so or are required to do so by your employer
- as part of our efforts to keep our websites safe and secure
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our websites about goods or services that may interest you or them.
How we store and protect your information
We store personal information in a combination of computer storage facilities and other records. In so doing, we have taken numerous steps to protect your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure.
Where we provide personal information to third parties, we use contractual measures to protect this information.
Additionally, we take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.
The internet is not a secure method of transmitting information. Accordingly, other than where we use secure socket layer technology (SSL) to ensure information is securely transmitted and processed, we cannot and do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information.
We will ask you for your explicit consent before capturing and processing your Personal Data, in the limited circumstances for which consent is appropriate or required by applicable law. By providing consent you are giving us permission to process your Personal Data specifically for the purposes identified.
You may withdraw consent at any time by using the form available via the Data Subject Request page on this website (https://www.sai360.com/data-subject-requests), or contacting our Data Protection Officer using the contact details below:
In other cases, our interfaces (e.g., an email footer) will provide an option for withdrawing consent.
Disclosure of your Personal Data to third-parties
We may also disclose all of the categories of personal information that we collect to third parties who work with us in our business to provide, promote or improve the products or services you have requested or are interested in, such as:
- our related bodies corporate.
- our affiliated organisations in the countries set out below.
- third-party service providers (such as trainers, auditors, banks, and mortgage rooms).
- national regulators and accreditation bodies.
- marketing agencies
- consultants and professional advisers
- analytics and search engine providers that assist us in the improvement and optimisation of our websites; or
- Service providers who help us manage our relationships with our customers and our marketing channels (such as Salesforce, Adobe, Salesloft and ZoomInfo).
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets; or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.
We do not, and do not intend to, sell your Personal Data.
Do we send your information overseas?
Depending on your relationship with us or the type of service we provide to you we may disclose some of your personal information, for the purposes described above, to our international offices. We may also disclose your personal information to other countries specified by you from time to time in order to provide services to you.
By providing your personal information to us, you consent to our disclosure of your personal information to organisations in those countries (where relevant or necessary) even though it may not receive the same protections that it would in your own country. You may request us not to transfer your personal information to the countries listed above, but if you do so we may not be able to provide the services or products you have requested from us.
Retention of your Personal Data
Where SAI360 holds and processes your Personal Data for contractual purposes (e.g. if you have purchased something from us), we will hold and process this data for as long as we are legally obliged to do so. Where you have provided your consent for us to hold and process your Personal Data (for example to provide you with updates on relevant products and services we may offer), we will do so until you ask us not to.
Your rights as a Data Subject
At any point while we are in possession of or processing your Personal Data and depending on your jurisdiction, you, the Data Subject, have a number of rights such as the right of access to your information; the right to amend or correct your personal information and the right to withdraw your consent for processing. More details regarding these rights are available on any form on this Web site where are asked to enter any Personal Data If you are using one of our Products or Services contracted by your employer please contact your customer representative.
Exercising rights as a Data Subject
If you elect to exercise any of the rights listed above, including withdrawal of your consent for us to process your data, you can do so using the forms available via the Data Subject Request page on this website (https://www.sai360.com/data-subject-requests) or by contacting our Data Protection Officer using the contact details below. We take reasonable steps to verify your identity, such as by asking you to complete the form available here. Your agent may also make a request on your behalf, and must use the appropriate section of the same form. If you are using one of SAI360 Products or Services contracted by your employer, please contact your customer representative .
If a third party is involved in the processing of your Personal Data, we will pass on to them any of your requests arising from the rights listed above.
Certain data protection laws (like those in Europe and California) make the distinction between those who act as “controllers” or “businesses” and those who act as “processors” or “service providers” of Personal Data. A controller determines how and why your personal information is to be used. A processor or service provider only processes Personal Data on behalf of the controller under the controller’s instruction.
For many of our services, our customers are the controller, and we are acting as their processor. It may be up to the controller to make sure you can exercise your rights over your Personal Data. If you have questions about how Personal Data is handled by our customers, you will need to review their privacy notices and, if necessary, contact them directly.
In the event that you wish to make a complaint about how your Personal Data is being processed by SAI360 (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with SAI360’s Data Protection Officer:
You can also lodge a complaint with a Supervisory Authority or other applicable regulator, depending in your jurisdiction. A list of EU competent national supervisory authorities is available from https://edpb.europa.eu/about-edpb/about-edpb/members_en SAI360’s lead authorities are listed below:
Data Protection Commission
21 Fitzwilliam Square
D02 RD28 Dublin 2
Email: [email protected]
Tel. +353 76 110 4800
Information Commissioner’s Office
Water Lane Wilmslow, Cheshire, SK8 5AF
Email: c[email protected]
Tel: +44 303 123 1113
Information is also generated whenever a page is accessed on our website that records information such as the time, date and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate our website performance. Cookie use will vary between our sites, and products, please review the cookie statement on the site of product you use.
“Data Subject” refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.
“Personal Data” (Personal Information) means any information relating to an identified or identifiable natural person (Data Subject).