SUB-TI ACCESS respects your privacy.
Any personal information you provide to us including and similar to your name, address, telephone number and e-mail address will not be released, sold, or rented to any entities or individuals outside of SUB-TI ACCESS.
Remember The Risks Whenever You Use The Internet
While we do our best to protect your personal information, we cannot guarantee the security of any information that you transmit to SUB-TI ACCESS and you are solely responsible for maintaining the secrecy of any passwords or other account information. In addition other Internet sites or services that may be accessible through SUB-TI ACCESS have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their policies or actions. Please contact them directly if you have any questions about their privacy policies.
SUB-TI ACCESS SRL
1 – Introduction
SUB-TI ACCESS holds information which has to be managed in accordance with the General Data Protection Regulation (GDPR). This policy describes the actions we take to ensure compliance with the policy.
We recognize that it is not our data to use as we wish, but it is data that we are merely custodians of.
This policy ensures we:
• Comply with data protection law and follow sound practice
• Ensure the rights of employees, clients, and business partners are adhered to
• Are open about the way we process and manage information
• Reduce the risk of a data breach
• Are able to respond quickly in the event of a breach
2 – Why we hold data?
We hold personal data and sensitive personal data to enable us to:
• Fulfill our contractual obligations to employees and clients
• Manage the health and safety of our employees and clients
• To comply with a legal obligations
3 – Types of Data We Collect
Online Enquiry Forms
• Any collection of personal data arising from your submission of enquiry forms on this website will only be used for the purpose stated on the form e.g. employment enquiries. It is stored for a short time on our secure website content management system. Once contact with enquirer has been initiated, the completed form and any information contained on the form will be permanently deleted. Your data will only be passed securely to the relevant internal team. We are happy to provide upon request information on how your data is processed and stored once forwarded internally.
• Information collected via our online enquiry forms are not retained or used for mailing / newsletter purposes.
4 – What basis do we hold and process data?
We will only use personal data for lawful business purposes set out under the GDPR (Article 6 Paragraph.1).
It will not always be necessary to obtain consent to hold and process data when it is required for contractual purposes.
We will only hold and process data on the basis that we have explained; we will not seek to process data in a way which is different from the original intent.
5 – Individuals Rights
To request to review data that we hold (Article 15 GDPR), to change data that we hold (Article 16 GDPR), to request deletion of data that we hold (Article 17 GDPR), to request the restriction of the data that we hold (Article 18 GDPR), to object to wrong data usage (Article 21 GDPR) or to request a transfer of data that we hold (Article 20 GDPR), or to reclaim the authorisation of data usage, you have the right to contact firstname.lastname@example.org. We aim to acknowledge receipt of all requests for data within 24 hours and to fulfil the request according to standards out under the GDPR.
You have the right to report complaints to the local authorities (Article 77 GDPR) if the usage of the personal data is not of originally authorized use.
6 – Data Management
6.1 Minimization of Data
We will hold the minimum amount of data that is necessary for the function of our business.
We will keep information up to date to the best of our knowledge and correct any inaccurate data that is identified.
6.3 Retention of Data
We will only retain personal data for as long as reasonably necessary in accordance with to local laws to fulfill the purposes we collected it for, including for the purposes of satisfying any job applications, legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with the data subject.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
6.4 Transferring Data Overseas
We will not export data overseas without ensuring appropriate data protection arrangements are in place.
7 – Protective Measures
7.1 Security of Data
We will ensure that we apply appropriate industry standard security measures when securing and handling personal data.
We will take specialist advice, where necessary, to ensure our security measures are providing the expected level of protection.
7.2 Incident Reporting
We will treat all security incidents as a serious matter and provide appropriate resources to their investigation.
We will report security incidents as required under GDPR and the relevant Data Protection Authority Employees and direct contractors are required to report any incidents or breaches of this policy as soon as possible.
Any findings as a result of a security incident will be used to improve our systems, processes, and training.
7.3 New Systems and Processes
We will ensure privacy is considered at the outset of any new information processing systems and business processes.
7.4 Third Parties We Work With
Depending on the type of supplier, we undertake one of the following:
• We will review their terms and conditions to ensure they protect data in accordance with GDPR requirements, or
• We will provide details of the information we hold and process, ensure they understand their responsibilities in helping us secure it and formally agree the arrangements.
We will investigate complaints or disputes concerning the holding or processing of personal data promptly. Contact email@example.com
Failure to comply with this policy by employees will be dealt with under our disciplinary procedures.
Failure to comply with this policy by direct contractors will be dealt with under the terms of the contract between us, which could include termination.