(A) This Policy
The present Policy is promulgated by the organizations denoted in Section M herein (collectively referred to as “DataNumen”, “we”, “us”, or “our”). The Policy is intended for individuals outside our entity with whom we engage, encompassing visitors to our websites (referred to as “Websites”), our clientele, and all other users of our Services (herein collectively referred to as “you”). Terms explicitly defined in this Policy are further elucidated in Section (N) herein.
As per the context and requirements of this Policy, DataNumen is designated as the Controller of your Personal Data. The relevant contact information is furnished in Section (M) herein for the pertinent DataNumen entity capable of addressing inquiries concerning the use and processing of your Personal Data.
This Policy is subject to modifications or updates occasionally, in order to accommodate changes in our practices pertaining to the Processing of Personal Data, or shifts in applicable laws. We strongly recommend a thorough reading of this Policy and regular visits to this page to keep abreast of any revisions we may implement in line with the stipulations of this Policy.
DataNumen conducts its operations under the following brand: DataNumen.
(B) Processing your Personal Data
Collection of Personal Data: We may gather Personal Data about you in the following instances:
- When you reach out to us through email, telephone, or other communication channels.
- During the normal course of our interaction with you (for example, Personal Data we acquire while managing your payments).
- In the process of providing Services.
- When we obtain your Personal Data from third-party sources, such as credit reference agencies or law enforcement bodies.
- When you access any of our Websites or utilize any resources or functionalities available on or through our Websites. In such instances, your device and browser may automatically reveal certain information (including device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to a Website, and other technical communications information), some of which might be considered Personal Data.
- When you submit your resume or CV to us for employment consideration.
Creation of Personal Data: In the course of delivering our Services, we might also generate Personal Data pertaining to you, including records documenting your engagements with us and specifics of your transaction history.
Relevant Personal Data: The categories of Personal Data pertaining to you that we may process encompass:
- Personal identifiers: encompassing name(s); gender; date of birth or age; nationality; and photographic representation.
- Communication details: such as return shipping address (for instance, for the return of original media and/or storage devices); mailing address; telephone number; email address; and details of your social media profiles.
- Financial details: including billing address; bank account or credit card number; name of the cardholder or account holder; security details of the card or account; card’s ‘valid from’ date; and card’s expiration date.
- Perceptions and viewpoints: any opinions and views that you elect to share with us, or choose to publicly post about us on social media platforms.
- Kindly note that the Personal Data relating to you that we process may also incorporate Sensitive Personal Data, as defined further below.
Lawful basis for Processing Personal Data: In connection with the objectives stated in this Policy, we may depend on one or more of the following legal bases for Processing your Personal Data, contingent upon the circumstances:
- We have procured your explicit prior consent to the Processing (this legal basis is solely utilized in association with Processing that is entirely voluntary – it is not employed for Processing that is necessary or mandatory in any manner);
- The Processing is requisite in relation to any contract that you may establish with us;
- The Processing is mandated by the prevailing law;
- The Processing is essential to safeguard the vital interests of any individual; or
- We possess a legitimate interest in executing the Processing with the aim of managing, operating, or advancing our business, and that legitimate interest is not superseded by your interests, fundamental rights, or freedoms.
Processing your Sensitive Personal Data: We do not intend to gather or otherwise Process your Sensitive Personal Data, except in cases where:
- The Processing is mandated or allowed by the applicable law (e.g., to adhere to our diversity reporting obligations);
- The Processing is crucial for detecting or preventing criminal activities (including the prevention of fraud, money laundering, and terrorist financing);
- The Processing is necessary for establishing, exercising, or defending legal rights; or
- In accordance with the applicable law, we have obtained your explicit prior consent for Processing your Sensitive Personal Data (as mentioned earlier, this legal basis is solely employed in connection with Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any manner).
If you furnish us with Sensitive Personal Data (e.g., if you provide us with hardware from which you desire us to retrieve data), you must ascertain that it is lawful for you to disclose such information to us, including ensuring that one of the legal bases outlined above is applicable to us concerning the Processing of that Sensitive Personal Data.
Purposes for which we may Process your Personal Data: Subject to applicable law, we may Process Personal Data for the following purposes:
- Website Operations: managing and operating our Websites; delivering content to you; presenting advertisements and other relevant information to you during your visit to our Websites; and communicating and interacting with you through our Websites.
- Service Provision: offering our Websites and other Services; providing Services in response to orders; and maintaining communications related to those Services.
- Communications: interacting with you through various mediums (including via email, telephone, text message, social media, post or in person), while ensuring compliance with applicable laws.
- Communications and IT Management: overseeing our communication systems; implementing IT security measures; and conducting IT security audits.
- Health and Safety: conducting health and safety evaluations and maintaining records; and complying with related legal obligations.
- Financial Administration: managing sales; finance; corporate auditing; and vendor management.
- Surveys: interacting with you to gather your opinions on our Services.
- Service Improvement: identifying issues with current Services; planning enhancements to existing Services; and devising new Services.
- Human Resource Management: managing applications for job vacancies within our organization.
Voluntary provision of Personal Data and consequences of non-provision: The sharing of your Personal Data with us is a voluntary act and is typically a prerequisite to initiate a contractual agreement with us and to allow us to fulfill our contractual commitments to you. There is no legal compulsion for you to furnish us with your Personal Data; however, if you opt not to provide your Personal Data, we will be unable to establish a contractual relationship with you and fulfill our contractual obligations towards you.
(C) Disclosure of Personal Data to third parties
We might disclose your Personal Data to other entities within DataNumen to fulfill our contractual duties towards you or for legitimate business reasons (including the provision of Services to you and the operation of our Websites), in compliance with the applicable law. Furthermore, we may disclose your Personal Data to:
- Legal and regulatory authorities, upon their request, or for reporting any actual or suspected violation of applicable law or regulation;
- External professional advisors to DataNumen, such as accountants, auditors, lawyers, subject to binding confidentiality obligations either contractually or as per law;
- Third-party Processors (like payment service providers; delivery/courier companies; technology providers, customer satisfaction survey providers, operators of “live-chat” services, and processors who provide compliance services like checking government-issued prohibited lists, for example, the US Office for Foreign Asset Control), situated anywhere globally, in accordance with the requirements stated below in this Section (C);
- Any pertinent party, law enforcement body, or court, as necessary for the establishment, exercise or defense of legal rights, or any relevant party for the purposes of preventing, investigating, detecting, or prosecuting criminal offenses or executing criminal penalties;
- Any relevant third-party acquirer(s), in case we sell or transfer all or any relevant part of our business or assets (including in the event of a reorganization, dissolution, or liquidation), but strictly in accordance with the applicable law; and
If we appoint a third-party Processor to Process your Personal Data, we will establish a data processing agreement as mandated by the applicable laws with such third-party Processor. Consequently, the Processor will be subject to binding contractual obligations to: (i) Process the Personal Data only as per our prior written directives; and (ii) employ measures to protect the confidentiality and security of the Personal Data, along with any additional requirements under applicable law.
We may anonymize Personal Data regarding the use of the Websites (for instance, by documenting such data in a consolidated format) and share such anonymized data with our business partners (including third-party business partners).
D) International transfer of Personal Data
Due to the global scope of our operations, it may become necessary to transfer your Personal Data within the DataNumen Group, and to third parties as mentioned in Section (C) above, in line with the purposes outlined in this Policy. Consequently, your Personal Data might be transferred to other countries that may have different data protection standards than the EU due to varying laws and data protection compliance requirements than those that apply in the country where you reside.
Whenever we transfer your Personal Data to other countries, we do so, when required (excluding transfers from the EEA or Switzerland to the U.S.), based on Standard Contractual Clauses. You can request a copy of our Standard Contractual Clauses by using the contact information provided in Section (M) below.
(E) Data Security
We have put in place suitable technical and organizational security measures intended to safeguard your Personal Data from accidental or unlawful destruction, loss, modification, unauthorized disclosure, unauthorized access, and other illicit or unauthorized forms of Processing, in compliance with relevant laws.
It is your responsibility to ensure that any Personal Data that you transmit to us is done so securely.
(F) Data Accuracy
We undertake all reasonable measures to ensure that:
- your Personal Data that we Process are precise and, when required, maintained up to date; and
- any of your Personal Data that we Process that are found to be inaccurate (considering the purposes for which they are Processed) are promptly deleted or corrected.
Occasionally, we may request you to verify the accuracy of your Personal Data.
(G) Data Minimisation
We undertake all prudent measures to ensure that the Personal Data we Process are confined to the data reasonably necessary in line with the purposes outlined in this Policy, including the delivery of Services to you.
(H) Data Retention
We take every reasonable step to ensure that your Personal Data is processed only for the minimum duration necessary for the objectives set forth in this Policy. We will retain copies of your Personal Data in a form that allows identification only for as long as:
- We maintain a continuous relationship with you (for example, where you utilize our services, or you are legally part of our mailing list and have not unsubscribed); or
- Your Personal Data are necessary in relation to the lawful purposes set forth in this Policy, for which we have a valid legal basis (e.g., where your personal data are included in an order placed by your employer, and we have a legitimate interest in processing those data for the purposes of running our business and meeting our obligations under that contract).
Furthermore, we will retain Personal Data for the duration of:
- Any applicable limitation period under applicable law (i.e., any period during which any individual could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data may be pertinent); and
- An additional two (2) month period following the end of such applicable limitation period (thus, if an individual brings a claim at the end of the limitation period, we are still provided a reasonable amount of time to identify any Personal Data that are relevant to that claim),
In the event any relevant legal claims are initiated, we may continue to Process your Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted above in relation to legal claims, we will limit our Processing of your Personal Data to storage of, and maintaining the security of, the Personal Data, except to the extent that the Personal Data needs to be examined in connection with any legal claim, or any obligation under applicable law.
Upon conclusion of the periods above, each as applicable, we will permanently delete or destroy the relevant Personal Data.
(I) Your legal rights
Under applicable law, you may have several rights related to the Processing of your Personal Data, including:
- The right to request access to, or copies of, your Personal Data that we Process or control, along with information concerning the type, processing, and disclosure of those Personal Data.
- The right to request correction of any inaccuracies in your Personal Data that we Process or control.
- The right to request, on valid grounds:
- Deletion of your Personal Data that we Process or control;
- Or limitation of Processing of your Personal Data that we Process or control.
- The right to object, on valid grounds, to the Processing of your Personal Data by us or on our behalf.
- The right to have your Personal Data that we Process or control transferred to another Controller, as far as applicable.
- The right to withdraw your consent to Processing, where the legality of processing is based on consent.
- The right to lodge complaints with a Data Protection Authority concerning the Processing of your Personal Data by us or on our behalf.
This does not impact your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (M) below.
If we are providing you with Services based on orders, such provision of Services is governed by contractual terms provided to you. In case of discrepancies between such terms and this Policy, this Policy serves as a supplement.
(L) Direct Marketing
In compliance with applicable law, and contingent upon your explicit consent as required by the law or when sharing advertising and marketing communications about our similar products and services, we may process your Personal Data to reach out to you through email, phone, direct mail, or other communication methods to offer information or services that might be of interest to you. If we provide services to you, we might send information about our services, upcoming promotions, and other relevant content using the contact information you have supplied to us, always adhering to the applicable law.
You have the option to unsubscribe from our promotional emails or newsletters at any time by simply clicking the unsubscribe link present in every email or newsletter we send. After unsubscribing, we will cease sending you additional emails, although we may continue to communicate with you as needed for the purposes of any services you have requested.
(M) Contact details
Should you have any remarks, inquiries, or worries pertaining to the information in this Policy, or any other matters related to DataNumen’s handling of Personal Data, we kindly request you to get in touch with us.
The following definitions provide clarification for certain terms used in this policy:
- ‘Controller’ refers to the entity that determines the manner and purpose of Personal Data Processing. In numerous jurisdictions, the Controller is primarily responsible for adherence to applicable data protection regulations.
- ‘Data Protection Authority’ denotes an autonomous public agency that is legally assigned with the duty of supervising compliance with relevant data protection laws.
- ‘EEA’ signifies the European Economic Area.
- ‘Personal Data’ represents information that pertains to any individual or from which any individual can be identified. Examples of Personal Data that we might Process are given in Section (B) above.
- ‘Process’, ‘Processing’ or ‘Processed’ encapsulates any action performed on any Personal Data, whether automated or not, such as gathering, recording, organising, structuring, storing, modifying or adjusting, retrieving, consulting, utilising, disclosing by transmission, disseminating or making available in any other way, aligning or combining, restricting, erasing or destroying.
- ‘Processor’ characterises any individual or entity that Processes Personal Data on behalf of the Controller, excluding the employees of the Controller.
- ‘Services’ signifies any services delivered by DataNumen.
- ‘Sensitive Personal Data’ denotes Personal Data concerning racial or ethnic origin, political viewpoints, religious or philosophical beliefs, trade union membership, physical or mental health, sexual preferences, any actual or alleged criminal offences or penalties, national identification number, or any other data that may be classified as sensitive under relevant law.