Updated January 1, 2018
This Policy provides information regarding:
1. Proove Intelligence (“Proove”) management and protection of personal data,
- Collected from its employees for workforce management purposes
- Collected in the course of recruitment
- Collected from website visits for the purposes of operating and improving the website
- Processed and analyzed on behalf of Proove s clients.
2. The process to exercise individual privacy rights regarding one’s personal data held by Proove in relation to:
- Individual access,
- Rectification, as appropriate,
- Objection to use
- Restriction of processing
- Challenging compliance
3. Proove Group does not collect special categories of data such as racial or ethnic origin or health data.
I. Proove PROTECTION AND MANAGEMENT OF PERSONAL DATA
Proove collects personal data, meaning information about an identified or identifiable individual, directly from individuals, from its employees and from its website.
Proove has access to its clients’ data, without collecting it, to perform data analysis as a service to a client. In these cases, the data may be personal or anonymous. In either case, Proove never collects or stores the data.
Proove Group collects personal data from,
- its employees, with implicit consent for the purposes of human resource management including hiring, deployment, compensation, benefits, leave management, performance management, discipline and termination, as well as emergency contact;
- candidates for positions at Proove; with proper notification and implicit consent, Proove may use internet searches to perform due diligence on candidates strictly in relation to data relating to recruitment purposes.
- customers business email addresses as necessary to the business relationship
- Website users, through automatic collection of certain technical information, including IP address, device information, geo-location information, computer and network performance data and navigation history. Proove uses permanent and temporary cookies on the website. Cookies are small text files, stored on the user’s computer during the site visit. Cookies often store the settings for a website, and help Proove make the user’s experience more efficient by providing information about the visit. Proove uses permanent cookies to analyze website usage and for language preferences. Proove uses temporary (session based) cookies to improve performance and to determine web trends. Proove cookies may be disabled but this may exclude the use of some features of the website.
Proove processes personal data that its clients have collected and provided to Proove for the purposes of a contract with a client. This data is analyzed and processed exclusively under the instructions of the client in the context of the contract and in accordance with the contract. Proove uses this data to develop multi-platform and multi-channel directional marketing, display advertising and search marketing campaigns and strategies for its customers. Proove also uses this data for data analytics purposes to provide its clients with insights into their businesses and marketing campaigns and strategies.
Proove does not sell or otherwise disclose to third parties any data it holds save in the following exceptional cases:
- Should Proove receive a request from law enforcement authorities to provide personal data in its custody, it would only do so upon demonstration of lawful authority. If the data requested is held on behalf of a business customer, Proove will consult the customer unless it is prohibited to do so by law.
- Strictly as allowed by law, Proove may disclose data to another organization where it is:
- reasonable for the purposes of investigating a breach of an agreement or a contravention of the law that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
- reasonable for the purposes of preventing, detecting or suppressing fraud and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
- necessary to identify an individual who is injured, ill or deceased, to a government institution or the individual’s next of kin or authorized representative and, if the individual is alive, with notification to the individual.
- With respect to employee data, Proove may disclose personal data if it is necessary:
- to establish, manage or terminate an employment relationship, as allowed by law.
- in a prospective business transaction where Proove has entered into an agreement that:
- restricts the use and disclosure of that data solely for purposes related to the transaction
- protects the data by security safeguards appropriate to the sensitivity of the information, and
- if the transaction does not proceed, the data is returned to Proove or destroyed it within a reasonable time.
Proove may transfer personal data to suppliers and sub-contractors it employs to deliver its services and the transfer may occur across national borders. In all cases, it is subject to the following conditions:
- The transfer is solely for the purpose of assisting Proove in its service delivery and under its instructions.
- It comes under contractual clauses that ensure compliance with data protection legislation at a compatible level of protection whether Proove transfers as a collector to a processor or as a processor to a sub-processor.
- When Proove collects personal data,
- Exercises due diligence in the choice of processors to whom to transfer the data;
- Ensures compliance with data protection with contractual clauses and monitors compliance through means including inspections, audits and immediate breach reports.
- When Proove processes personal data for a client, it does so
- Exclusively under documented instructions from its business customer;
- With approval of the customer and in accordance with the SA.
4. Location of personal data
Proove stores European employee data in the United Kingdom.
Website data, client data and non-European employee personal data are stored in Canada and in the United States.
Proove is committed to data security and protects personal data through integrated physical, technological and administrative safeguards. In particular,
- All data is protected by security safeguards appropriate to the level of sensitivity of the data through (i) physical measures, such as secure areas; (ii) technical measures, such as encryption and secure servers; and (iii) organisational measures such as access policies based on the need-to-know and employee security through vetting and supervision.
- All data is retained only for as long as it is necessary for the purposes for which it was collected or transferred, in accordance with Proove Retention Schedule.
- Should Proove suffer a breach, it would implement its Incident and Breach Response Plan, including notification to individuals and or data collector, as soon as feasible.
II. PROCESSES TO EXERCISE PRIVACY RIGHTS AT Proove
1. Individual access
Proove responds to individual requests for access to one`s personal data, and for rectification as necessary for all data it holds as a collector, through new following process.
In relation to employee data and employment candidate data, the request must be addressed to the Vice-President Human Resources to respond.
In relation to website data, the request must be addressed to the Vice President, Technology, to respond.
Both will seek advice from the Data Protection Officer as necessary to ensure compliance. The DPO may be reached at DPO@Proovegroup.com
- Within one month, free of charge, unless
- the volume or the complexity of the request require a longer process, where Proove will inform the requester, within one month, of the reasons for an extension and may charge a reasonable fee to cover administrative costs; or
- the request is unfounded or excessive and Proove may refuse the request with justification.
- Providing the following information:
- the purposes of the processing;
- the categories of personal data processed;
- the third parties to whom the personal data have been or will be transferred under the employment of Proove and their location;
- the criteria to determine the period for which the personal data will be stored;
- the existence of the right to request rectification or erasure of personal data and the process for it;
- the right to object to processing, as applicable;
- the right to lodge a complaint with a supervisory authority.
Rectification requests follow the same process as access requests, described above.
Proove provides rectification as soon as possible within one month. Should Proove refuse the request, it will provide justification.
3. Challenging compliance
An individual about whom Proove holds data may challenge compliance with data protection rights by filing a complaint in accordance with the process instituted for access requests and rectification requests, described above.
Proove will investigate the complaint in consultation with the office responsible for the use of the data and under the guidance of Data Protection Officer. Should the complaint be well-founded, Proove will take all appropriate measures to resolve the complaint and, if necessary, amend its practices as needed.
The Data Protection Officer may be reached at DPO@DACGroup.com
The Vice-President, Human Resources, may be reached at firstname.lastname@example.org
The Vice-President, Technology, may be reached at email@example.com.