Safeguard Global Privacy Policy
What types of personal data do we handle, and why?
In the course of its business activities, we may have access to certain categories of personal data related to individuals within the European Union: Contact points for potential and current customers. We may access the following personal data on persons of interest or points of contact with potential or current customers, which may also be established in Europe:
- Name;
- Job title;
- Professional contact details;
- Company.
We access this personal data, concerning current customers, when strictly necessary to manage and perform agreements in place between us and those customers (for example, when we need to contact a customer for invoicing purposes, we may use the professional contact details of a point of contact within that customer). Account managers at Safeguard Global US may need to contact certain customers for these purposes, including customers located within the European Union.
As for potential customers, we may access these personal data when they are shared with us by individuals (for example, when an individual reaches out to us on behalf of a potential customer at an event, or by sending us an inquiry) or by third parties (for example, through third-party data brokers with which we have appropriately regulated our data processing relationship, through written agreements). We may use these personal data to reach out to potential customers, in order to send marketing communications or engage with those customers to attempt to establish a business relationship – this may include potential customers within the European Union, given that the Safeguard Global Group Marketing and Sales teams are based at Safeguard Global US. It is important to note that none of our customers are consumers, as our business is strictly B2B.
Therefore, while we do reach out to individuals within potential customers for these purposes, the organisations to which those individuals belong are the target of our communications, and not the individuals themselves (as consumers).
Do we transfer any personal data onwards, to other entities?
As a rule, we do not sell data related to Safeguard Global Group customers or prospective customers to any third parties, or otherwise share data with third parties.
However, we may disclose personal data to third parties acting as agents / processors on our behalf:
- Service providers which provide SaaS (software as a service) customer relationship management platforms and tools used by Safeguard Global US, and which may have access to personal data stored by Safeguard Global US on their platforms and tools, used to ensure an efficient management of Safeguard Global Group customers;
- Service providers which provide SaaS marketing automation platforms and tools used by Safeguard Global US, and which may have access to personal data stored by Safeguard Global US on their platforms and tools, used to allow Safeguard Global US to effectively carry out its marketing activities; and
- Service providers which otherwise participate in the provision of services to customers, assisting Safeguard Global US in this regard (including other Safeguard Global Group affiliates), and which may have access to customer data when strictly necessary to allow their assistance in the provision of these services.
This may include personal data related to individuals within the European Union and the United Kingdom.
Other than in the above cases, it is also important to understand that we may be required to disclose personal data in response to lawful requests by competent U.S. public authorities, including to meet national security or law enforcement requirements.
How can you reach out to us?
For any questions regarding this Privacy Policy, or our practices regarding personal data, you can reach out to us at: privacy@safeguardglobal.com. To get in touch with the Data Protection Officer for the SafeGuard Global Group, please contact: dpo@safeguardglobal.com.
What are your rights as a Data Subject? How can you react if you believe that we are mishandling your personal data?
Under the UK and EU GDPR, you are entitled to:
- Access the personal data we hold about you;
- Request the correction, amendment or deletion of personal data we hold about you, where it is inaccurate or has been processed in violation of the Principles.
The above rights can be restricted where the burden or expense for SG US in allowing them to be exercised would be disproportionate to the risks to your privacy, in your specific case. Restriction may also happen if allowing your rights to be exercised would violate the rights of other persons. However, we will always endeavor to allow the exercise of your rights to the fullest extent feasible. You can exercise these rights by contacting us, at: privacy@safeguardglobal.com.
Given that SG US only transfers your personal data onward to its agents / processors (as noted above), and not to any third-party controllers, your right to opt-out of these transfers does not apply, under Section 2(b) of the Principles. In any case, SG US has entered into data processing agreements with these agents and processors to ensure the following, in accordance with Section 3(b) of the Principles:
- The transfer of personal data to agents / processors is only performed for limited and specified purposes (noted above);
- The agents / processors are required to provide at least the same level of privacy protection as is required by the Principles;
- The agents / processors are required to effectively process personal data they receive from us in a manner consistent with our obligations under the Principles; and
- The agents / processors must notify us if they determine that they can no longer provide the same level of privacy protection as is required by the Principles, in which case they must also take reasonable and appropriate steps to stop and remediate unauthorized processing of those personal data.
We will also provide a summary or representative copy of the relevant privacy provisions contained within our agreements with agents / processors to competent authorities, upon a valid request. In any case, you retain the right to opt-out from any further processing activities which we might wish to carry out using your personal data, for purposes which are different to or incompatible with the purposes laid out in this Policy. We will notify you of any such further processing if and when it takes place, so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.
While we do not process any sensitive data under the scope of this Policy, you also have the right to opt-in (rather than merely opt-out) to any onward transfer of those data or further processing of those data, for purposes which are different to or incompatible with the purposes laid out in this Policy. If and when this becomes applicable, we will notify you so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above. In compliance with Data Protection Principles, we commit to resolving complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy-policy should first contact us at: privacy@safeguardglobal.com.
Should you consider that we have not been able to fully resolve your complaint, you remain entitled to submit your complaint to the Information Commissioner’s Office 0303 123 1113, at https://ico.org.uk/concerns/ or a data protection authority within the European Union, so that the panel established by the European Union data protection authorities (DPAs) can engage us to fully resolve the issue. We may also proactively refer your complaint to this panel.
We commit to cooperating with this panel and complying with the advice given by this panel with regard to personal data transferred from the European Union.
- In particular, this means that we will cooperate with the DPAs in the investigation and resolution of any complaints brought against us regarding data protection. It also means that we will comply with any advice given by the DPAs in these cases and that we will provide written confirmation to the DPAs that such action has been taken.