SGS Data Privacy Policy
When collecting Personal Data, SGS informs clearly, honestly and transparently about the nature of the Personal Data it collects and what it intends to do with it. The use of Personal Data by SGS for a different purpose than initially communicated is not authorised, unless adequate
information is provided to the concerned individuals, and where applicable, consent for the intended use is given to SGS. In general, SGS is authorised to use Personal Data for secondary purposes when implementing internal controls and audits and complying with its statutory and regulatory obligations.
SGS collects and processes Personal Data only to the extent that either
(i)
a valid
and informed consent was given or
(ii) (ii) if it is required by SGS legitimate business interests, such as entering into or performing contracts, processing and receiving payments, carrying out contractual obligations and complying with statutory or regulatory commitments.
Any consent given by individuals to the collection and use of their Personal Data must be given freely and in response to a clear information by SGS about the intended use of the data. Such consent can be withdrawn anytime by the individual without undue complications. The date, content and validity of such consent must always be documented.
When processing Personal Data on behalf of a client or another third party (a Data Controller), SGS will comply with the guidelines and instructions
of the Data Controller in addition with this policy.
SGS collects and stores the minimum amount of Personal Data required for the intended initial purpose for which the data is used and ensures that, at all times, Personal Data in its possession remains relevant and adequate for its intended purpose.
SGS will keep all data stored up to date and accurate and will ensure it is corrected when required.
SGS will not use Personal Data for any other purpose unless the new purpose is compatible with the original purpose and providing SGS obtains a new consent or a new legal basis if required.
Personal Data is kept by SGS only for the period of time required by its intended purpose. Specific
retention policies will define the time after
which such data will need
to be either deleted, destroyed or de-identified.
SGS recognises the rights of individuals to:
(i)
Request access
to the Personal Data
collected on them by SGS and the reason for SGS having such data
(ii)
Obtain a copy of the Personal
Data held on them
(iii)
Request the rectification or deletion of inaccurate or incomplete Personal
Data
(iv)
Withdraw consent
given to SGS for
the
collection of their Personal Data at
any time, including the right to
unsubscribe or to opt out of marketing communications and commercial publications of SGS
SGS will respond to requests made by individuals exercising their rights within a reasonable period of time after the individuals request or within any specific period that may be required by applicable local laws.
SGS will handle and investigate complaints made by individuals about any breach of these rules or data privacy laws and will respond to such complaints in a timely manner.
When using Personal Data for marketing purposes, SGS will inform individualsin a clear and plain language about the use of their data for marketing purposes.
SGS respects the right of its existing and prospective customers to:
(i)
only receive
marketing communications from SGS if an explicit
and specific prior consent has been provided,
when required by applicable laws, or if SGS can demonstrate that it is authorised to send such communications for its legitimate
business purposes
(ii)
no longer receive any marketing
communications if a specific preference
setting, an opt-out or an objection to use such data
for marketing purposes has been received by SGS
SGS recognises that some categories of Personal Data are particularly sensitive and require a higher level of protection. Sensitive Personal Data includes information regarding a persons health, biometric and genetic data, religion
and political opinions, racial or ethnic origin, criminal records and any other information protected specifically by the relevant applicable privacy laws.
SGS collects and processes such sensitive Personal Data only when this is absolutely necessary under one of the following circumstances:
(i)
Explicit consent was
given by the individual
(ii)
The use is necessary
for SGS to comply with employment laws or other statutory obligations or to protect the health
of the specific individual (such as
in a medical emergency)
SGS implements adequate procedures and safeguards to restrict access to sensitive data only by appropriate persons and prevent its unauthorised access, use and dissemination.
SGS implements adequate security measures to ensure the confidentiality, integrity and availability of Personal Data and to prevent the risk of unauthorised or unlawful access, alteration,
destruction or disclosure of such data. The measures for protection are based on impact assessments taking into account the risk to the individual related to the specific Personal Data stored by SGS. These measures include security and organisational measures adapted to the type of processing and the nature of the data to be protected.
SGS will inform individuals promptly of any privacy breach that has compromised their Personal Data and will report such incident to the relevant authorities as required by applicable laws.
SGS requires from its suppliers or sub- contractors that they fully comply with SGS Data Privacy Policies, with any applicable data protection and privacy legislation and maintain adequate technical and organisational security arrangements to protect Personal Data.
SGS limits access to Personal Data to those of its employees or suppliers who need to perform specific tasks in relation with such Data. Adequate
awareness, training, and confidentiality undertakings are in place to ensure that Personal Data is not shared or disclosed to unauthorised persons, including any other SGS employees who do not need to access such Personal Data.
SGS transfers Personal Data across national boundaries within the SGS Group or outside the SGS Group only when (i) this is justified for business purposes and (ii) safeguards exist to ensure that Personal Data will continue to be protected at a minimum with the same level of protection required in the jurisdiction of origin.
SGS conducts Personal Data Impact Assessments to identify risks that the processing of Personal Data by SGS may cause to the privacy rights of individuals in order to eliminate or reduce such risks.
Such prior Personal Data Impact Assessments will be part of any development of new services or business opportunities and acquisitions by SGS.
USE
OF LOCATION DATA
Within the SmartFleet application it
is possible to set individual settings with regard to
data protection. We would like to point out that your
computer/tablet/smartphone may also run other apps or establish network
connections that collect, transmit or store information about you or your
position. SmartFleet explicitly has no
influence on this and refers to the respective device manufacturers and mobile
phone providers.