1. Purpose and Scope
Amistad Partners, its affiliates and subsidiaries place a priority on the Data Privacy of its employees, contractors, clients, prospective clients, service providers and other partners or third parties and on the importance of compliance with Data Protection and Privacy laws worldwide. Thus, Amistad Partners has developed this Policy that outlines and explains the appropriate principles concerning collecting, processing, transferring and using an individual’s Personal Data during everyday business.
In its collection, use and disclosure of Personal Data, Amistad Partners strives to balance the needs of managing its business effectively while minimizing intrusiveness and complying with local legal requirements. In some countries, additional requirements beyond this policy may be applied to comply with local legislation. Data Protection and Privacy has been and will continue to be an integral component of Amistad Partners’s business practices.
1. Data Protection or Data Privacy shall mean collection, processing, use, storage, security and transmission of Personal Data in compliance with applicable law and this Policy as outlined below.
2. Data Subject means the individual natural person associated with any Personal Data (i.e., employee, temporary employee, applicant, clients/client employees, contractors, service providers or potential clients/client employees or other partners to the extent that Personal Data is being collected).
3. Personal Data means any information relating to a natural person who is identified or is identifiable by some number or characteristic, including data on current, past and prospective employees, clients/client employees, prospective clients/client employees, agents, contractors, service providers and other partners or third parties. Examples may include: name, e-mail, postal address, personal telephone/fax number, employee number, Social Security/national ID number, birth date, salary, stock information, job level, benefits, family information, jobs history, training history, address details, telephone numbers, background checks and drug testing to the extent permitted by local law, details on business cards, etc.
4. Processing Personal Data (processing) means any operation or set of operations, which is performed upon Personal Data (whether or not by electronic or manual means). This includes collection, recording, copying, filing, organizing, storage, adaptation, alteration, retrieval, consultation, use and disclosure by transmission, dissemination, or otherwise making available Personal Data. It also includes the alignment or combination, blocking, erasure or destruction of Personal Data.
5. Sensitive Data is a subset of Personal Data and (subject to local requirements) may include but are not limited to race or ethnic origin, religious or philosophical beliefs, political affiliations/opinions, trade union membership, health information, sexual orientation, disabilities, certain types of personal financial data, etc.
6. Business Need for Personal Data means those functions or duties requiring access to Personal Data that are necessary to carry out AMISTAD PARTNERS business functions, to comply with local applicable laws, or to administer its Human Resources functions. Such business needs include:
Employment records maintenance
Employee performance reviews and ranking processes
Wage/stock option planning and administration
Performance reviews and disciplinary records
Headcount planning and reporting
Background checks and drug testing
Information on the Company group’s intranet that is needed to facilitate communication between employees within the Company’s group
Equal opportunities monitoring
Any requirement by law (statute, regulation or court ruling) or contract to which the individual is a party; a response to administrative or judicial process, including a subpoena, search warrant or garnishment of wages
Cooperation with governmental agencies or law enforcement, to the extent required by local law
An emergency, which is reasonably believed by Amistad Partners to pose a risk of harm to person or property or the business interest of Amistad Partners
Managing, maintaining and developing business relationships with clients, prospective clients, service providers and other partners or third parties, including but not limited to business development and marketing
Processing by Amistad Partners and its employees of Personal Data held on behalf of clients
Any additional functions or duties of Amistad Partners in connection with the proper conduct of Amistad Partners’s business
3. Data Protection and Privacy Principles
The Data Protection and Privacy principles below are the foundation of this Policy. As such, Amistad Partners will, through appropriate management and controls on an ongoing basis, monitor implementation of and compliance with these principles. It shall be a fundamental principle with Amistad Partners that any Personal Data shall be processed fairly, sensitively, respectfully and in accordance with this Policy and applicable local law.
Notice: Amistad Partners will inform individuals about the purpose for which it collects Personal Data, how to contact Amistad Partners with inquiries or complaints, and the administrative process by which the complaints will be resolved. Where appropriate, Amistad Partners will communicate the types of third parties to which Amistad Partners discloses Personal Data, and the choices, procedures and means Amistad Partners offers for limiting use and disclosure of personal information will also be provided.
Choice: Subject to applicable local law and Amistad Partners policies, general procedures and business requirements Amistad Partners will ensure that the rights of Data Subjects, about whom Personal Data is held, can be fully exercised. This includes the right of an individual to choose how their Personal Data provided is used, whether the use of such data is incompatible with the original purpose or authorizations, or is disclosed to third parties, subject to laws requiring disclosure and consent.
Onward Transfer: Amistad Partners will ensure that all transfers of Personal Data, whether within or outside of the Amistad Partners group, are protected by suitable safeguards and in accordance with applicable local law. Further, unless required by court or another legal mandate, or except as discussed below, Personal Data will only be transferred outside of Amistad Partners if the receiving party has entered into a Data Protection Agreement with AMISTAD PARTNERS or comparable safeguards are in place. Where Personal Data is transferred outside of Amistad Partners, Amistad Partners will ensure that any such transfer protects the legitimate interests of Data Subjects in line with this Policy and applicable local law.
Security: Amistad Partners is committed to protecting Personal Data against unauthorized use or disclosure. To ensure the appropriate use of Personal Data, and prevent unauthorized access to such Personal Data, as well as prevent loss, alteration or destruction of Personal Data. In adherence with Data Protection and Privacy laws worldwide and internal Amistad Partners policies, Amistad Partners will address security at all appropriate technology infrastructure points.
Data Integrity: Amistad Partners will collect and process appropriate Personal Data only to the extent that there is a Business Need for Personal Data, to fulfill operational needs, and/or to comply with legal requirements, including those legal requirements of the countries in which the Personal Data was collected, as applicable. Amistad Partners will take reasonable steps to ensure that all Personal Data is relevant, accurate, complete, current, and reliable for its intended use. All Data Subjects have a responsibility to assist Amistad Partners in this effort.
Data Retention: Amistad Partners will not keep Personal Data for longer than is necessary for the purpose or purposes, for which it was intended, or as required by contractual agreement, by law or regulation, by other Amistad Partners policies or, where applicable, for the appropriate statute of limitations period.
Access: Upon request, Amistad Partners will provide individuals with access to their Personal Data and, when appropriate, allow the individuals to request that their Personal Data be corrected or updated by Amistad Partners, as required by law or Amistad Partners policies.
Enforcement and Oversight: Amistad Partners will address complaints or disputes regarding Personal Data promptly, in an orderly fashion and courteously. Amistad Partners will provide or, where appropriate, endeavor to provide notification to Data Subjects about how to file a complaint or inquiry and the administrative process to follow. Amistad Partners will perform a self-assessment on a regular basis to verify that this Policy is communicated, prominently displayed, implemented, and accessible. Amistad Partners will cooperate with the relevant Data Protection Authorities in the investigation and resolution of complaints relating to this Policy. Amistad Partners will seek, in a timely manner as practicable, to comply in good faith with the advice of these authorities.
Training and Audit: Amistad Partners will provide appropriate training to all relevant staff handling and dealing with the Processing of Personal Data so that any such processing will be carried out in accordance with this Policy and applicable law. Amistad Partners will further ensure that Data Protection and Privacy is subject to periodic audit.
4. Transferring your data outside the “EEA”
We may transfer your data outside the European Economic Area (the “EEA“).
Some of those countries have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection.
Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, ensuring that the organisation receiving the data is registered with the EU-US Privacy Shield (in the case of transfers to the USA), or that we use the EU’s model contractual clauses.
5. Covered Entities
Amistad Partners entities and all non- Amistad Partners entities (e.g., agents, contractors, outsource service providers and processors) accessing or processing Personal Data are required to comply with this Policy with respect to such Personal Data.
The Data Officer is primarily responsible for adopting, implementing, and maintaining this Policy.
The responsibility for the implementation of the Policy lies with every employee and manager, whether the Personal Data is in the form of manual records, computer data or arises from communication with employees and Data Subjects both online (electronic) or off line (manual records). Implementation requirements will include the development of notice and consent forms to provide to managers and Data Subjects where required by applicable laws.
Employees, agents, contractors and their employees are individually responsible for providing/maintaining accurate information and for protecting the personal information that Amistad Partners has about any individual in support of the implementation of this Policy. Employees who violate this Policy or applicable legal requirements are subject to discipline, up to and including termination of employment, dependent on the severity of the violation. Agents or contractors or their employees who violate this Policy or applicable legal requirements are subject to termination and/or other contractual penalties. Employees, agents and contractors should also be aware that if they knowingly or recklessly obtain or divulge Personal Data without Amistad Partners’ consent, they may be committing a criminal offence.
7. Data Privacy Investigation and Dispute Resolution
Human Resources will address any complaints or disputes regarding Personal Data promptly and courteously, and will follow all applicable laws to respond to the complaint. This includes inquiries from Data Subjects, employee councils, management sponsors, or regulatory authorities.
A responsible person designated by management will handle investigations regarding non-compliance with this Policy. All investigations will be handled under the legal requirements of the geographic area where the investigation is taking place.
8. Access to Personal Data
The Data Officer is responsible for maintaining and safeguarding Personal Data, and for ensuring that access to such Personal Data is restricted to persons who have a job-related "need to know" or who have documented access rights. Covered entities may have access to Personal Data on a business related need to know for purposes generally compatible with the collection of the Personal Data.
Data Subjects may review the contents of any files as requested pursuant to the access principles detailed above and subject to other Amistad Partners policies. All Data Subjects must authenticate themselves based on online or offline standards (i.e., pass codes) set by Amistad Partners before gaining access. Data Subject may request a copy of documents, but under no circumstances will an individual be allowed to remove any documents from the file or be allowed to remove the original file from Amistad Partners. Certain confidential files, such as investigative files, will not be accessible to Data Subjects, in particular employees.
9. Verification of Employment
Regarding any requests for information concerning an Amistad Partners employee’s status which may be received from non- Amistad Partners entities, only members of the human resources department are authorized to release any information and this will be restricted to confirmation of current employment including the employee’s name, the most recent job title and the dates of Amistad Partners employment. Additional information will not be provided without the employee’s authorization.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We have included below a table, setting out what cookies we use, and the purposes for which we use them.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Use of Universal Analytics (Google)
_gat_ UA 112356073-1
These cookies collect information about how visitors use our website. We use the information to compile reports and to make improvements. The cookies collect information in an anonymous form, including where visitors have come to the website from and the pages they visited.
To opt-out: https://tools.google.com/dlpage/gaoptout
Use of Inspectlet
Inspectlet stores this information in a pseudonymised user profile. Neither Inspectlet nor we will ever use this information to identify individual users or to match it with further data on an individual user.
To opt out:
11. Contacting us
If you have any questions regarding this notice, or any questions relating to data protection or privacy, you can contact us at firstname.lastname@example.org.
12. Changes to Policy
Amistad Partners may from time to time amend this Policy to reflect changes in any applicable legislation. Amistad Partners will notify Data Subjects of such amendments as soon as reasonably practicable.
Last reviewed: 24 May 2018