Efficio Privacy Statement
This privacy statement is effective as of May 21, 2019. Please note that this privacy statement will be regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable law.
Efficio Global Limited and its subsidiaries (“Efficio”;”We”) is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this fundamental obligation, Efficio is committed to the appropriate protection and use of personal information (sometimes referred to as "personal data”, personally identifiable information" or "PII") that has been collected by or provided to us through our clients, websites and other online and mobile services that link to or post this Privacy Statement.
Please review this Privacy Statement to learn more about how we collect, use, share and protect the Personal Data that we have obtained.
1. HOW DOES EFFICIO PROTECT YOUR PERSONAL DATA?
Efficio attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with Efficio, your personal data are in good hands.
Efficio protects your personal data in accordance with applicable laws and our data privacy policies. In addition, Efficio maintains the appropriate technical and organisational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
The following sections provide further details as to how Efficio processes your personal data:
Which categories of personal data do we collect and how do we process such personal data?
We collect personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems (eFlow) which require the use of such personal data.
If you provide us with personal data of another person (for instance, a potential employee/referral), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with Efficio.
The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
For which purposes and on which legal basis do we use your personal data?
Efficio uses your personal data only where required for specific purposes.
Managing our contractual and/or employment relationship with you.
Necessary for the performance of a contract to which you are a party.
The data subject has given consent to the processing of his or her personal data on the basis that we recruit the appropriate employees.
Operating and managing our business operations.
Justified for the performance of a contract for ensuring the proper functioning of our business operations. To manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, and maintaining internal operating processes.
Complying with legal requirements.
Necessary for the compliance with a legal obligation to which we are subject.
Monitoring your use of our eFlow systems including and any apps and tools you use.
Processing is necessary for the performance of a contract, avoiding non-compliance and protecting our reputation.
Improving the security and functioning of our eFlow, networks and information.
Processing is necessary for the performance of a contract, for ensuring that you receive an excellent user experience and our networks and information are secure.
Marketing our products and services to you, including in case of emergencies, and to provide you with requested information (unless you objected against such processing).
Justified on the basis of Consent for ensuring that we can conduct and increase our business.
Monitoring, improving the security and functioning of our website including data analytics.
Justified on the basis of our legitimate interests avoiding non-compliance and protecting our reputation for ensuring that you receive an excellent user experience and that our networks and information are secure. We do not collect or record information on users’ name, address or other contact details. Any information collected is used to monitor individual user browsing and purchasing behaviour.
Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
Will we share your personal data with third parties?
We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Efficio’s internal policies.
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and standards.
What about sensitive data?
We do not generally seek to collect sensitive data (also known as special categories) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.
The term "sensitive data" refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
What about data security?
We maintain organisational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
We adopt market leading security measures to protect your personal data. This includes (without limitation):
- We hold ISO27001 certification, which indicates that we adhere to the highest and strictest information security standards. This is a security standard awarded by United Kingdom Accreditation Service (UKAS) that serves as sole national accreditation body for the United Kingdom, recognised to assess against internationally agreed standards. This certification is the only auditable international standard that defines the requirements for an Information Security Management System (“ISMS”) and confirms that Efficio’s processes and security controls provide an effective framework for protecting our clients’ and our own information.
- We have regular penetration testing performed by a third-party provider, which continues to show the strength of our technical defences.
Regarding your use of our websites, you should understand that the open nature of the internet is such that information and personal data flows over networks connecting you to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
Where will your personal data be processed?
As a global organization with offices and operations throughout the world, personal data we collect may be transferred or be accessible internationally throughout Efficio's global business and between its entities and affiliates.
Any such transfers throughout Efficio’s global business take place in accordance with the applicable data privacy laws including European data privacy laws (including the General Data Protection Regulation).
How long will your personal data be retained by us?
- We will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
- We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us).
- We will only keep the data while your account is active or for as long as needed to provide services to you.
- We retain your data for as long as needed, to comply with our global legal and contractual obligations.
- We will keep personal data until you request us to stop processing it
Which rights do you have with respect to the processing of your personal data or the data protection rights of EU data subjects?
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: this right entitles you to request that Efficio no longer processes your personal data.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: this right entitles you to request that Efficio only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to Efficio, or request Efficio to transmit such personal data to another data controller.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting Efficio’s Data Protection Officer ( firstname.lastname@example.org ). Please note that this will not affect Efficio’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to Efficio first to seek resolution of any complaint. You always have the right to register a complaint directly with the relevant supervisory authority or to make a claim against Efficio with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
Contact Us ( email@example.com ) exercise any of your rights.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks?
Efficio participates in the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding certain personal information received by Efficio in the U.S. from European Union member countries and Switzerland. Please see our Efficio LLP Privacy Shield for information about Efficio’s data practices regarding personal information it receives from European Union member countries and Switzerland pursuant to the respective Privacy Shield frameworks. To learn more about the Privacy Shield program generally, and to view Efficio’s certification, please visit https://www.privacyshield.gov/ .
Additional EU Notices – Notice of Processing
Efficio provides services, marketing and offerings in the U.S. and does not direct such activities to data subjects that are located in the EU. However, in certain circumstances, such interactions occur. To know more about it, please also note the additional EU Specific notices.
2. HOW DO WE USE PERSONAL DATA WHEN YOU VISIT EFFICIO’S WEBSITE?
Which personal data do we gather?
Efficio collects personal data at its websites in two ways: (1) directly (for example, when you provide personal data to sign up for a newsletter or register to comment on a forum website); and (2) indirectly (for example, through our website's technology).
We may collect and process the following personal data:
- Personal data that you provide by filling in forms on our website. This includes registering to use the website, subscribing to services, newsletters and alerts, registering for a conference or requesting a white paper or further information. Pages that collect this type of personal data may provide further information as to why your personal data are needed and how it will be used. It is completely up to you whether you want to provide it.
- If you contact us, we may keep a record of that correspondence.
- We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Any postings, comments or other content that you upload or post to an Efficio website.
- Our website collects personal data about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics. This information is used for statistical purposes only; it is not used to contact you and is not sold to a third party.
- Details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. We use this information to track the behaviour of visitors to the Efficio website. We do this to receive information on activity such as the number of visitors to our site. This information is collected in a way which does not identify individuals. We make no attempt to find out the identities of those visiting our website and we do not associate any data gathered from the site with any personally identifying information from any source. Please see the Cookies section for more information.
How do we use personal data that we collect from our websites?
We use personal data for the purposes described in the section “For which purposes and on which legal basis do we use your personal data?”
ANY Questions and comments
Efficio is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your Personal Data, please contact us at firstname.lastname@example.org . You may also use this address to communicate any concerns you may have regarding compliance with our Privacy Statement.