ReSurg General Privacy Policy – Clients, vendors, service providers – September 2021

RESURG

GENERAL PRIVACY POLICY


1. PREAMBLE

RESURG preserves your privacy and strives to collect responsibly your Personal Data, pursuant to the Regulation (EU) 2016/679 General Data Protection Regulation (hereinafter “GDPR”) and any other applicable EU and Member State regulations on data protection.

This Privacy Policy explains how RESURG collects and uses the Personal Data which You provide to Us, directly or indirectly, either as:

a client or a prospective client,
a representative of a client or prospective client, a vendor
a service provider

(collectively, “Data Subject(s)” or “You”).

Under the GDPR and with regards to your Personal Data, the data controller is RESURG SA, a Swiss company whose registered office is rue Saint-Jean 22, 1260 Nyon – Switzerland. RESURG SAS and RESURG Madrid SL, respectively the French and Spanish subsidiaries of RESURG SA, act as processors as they work with RESURG SA on some processing of Personal Data on its behalf. RESURG SA, RESURG SAS and RESURG Madrid SL are collectively designated as “RESURG”, “We” or “Us” for the purpose of this Privacy Policy.

Terms in capital letter used in this Privacy Policy and that are not defined in this preamble are defined in the last section of this document.

2. PERSONAL DATA PROCESSED BY RESURG

RESURG only collects information that is necessary to fulfil the purpose behind our relationship with You. We may collect, use and store the following Personal Data that You provide to Us :

  • Contact information: first name, last name, e-mail address, VAT number, professional and personal phone number;

  • Contractual details: information collected about the services We provide to You or You provide to Us;

  • Financial information: bank account numbers, credit card numbers, etc.. Retained to make or receive a payment;

  • Communications: information we capture through our communications. For instance: telephone conversations, emails, recordings of meetings;

  • Publicly available data: details about you that are in public records and information about you that is openly available on the internet.

    The majority of the Personal Data provided by You is mandatory in order for Us to administer the contractual relationship and/or comply with statutory requirements relating to taxation. Failure to provide mandatory Personal Data may affect our ability to accomplish the purposes stated in this Privacy Notice and potentially affect the contractual relationship between us.

    The list set out above is not exhaustive, and there may be other Personal Data which RESURG processes in the context of our relationship. We will update this Privacy Notice from time to time to reflect any notable changes in the categories of Personal Data which it processes.

    The majority of the Personal Data which We process will be collected directly from You. In limited circumstances your Personal Data may be provided by third parties.

3. PURPOSES OF PROCESSING OF YOUR PERSONAL DATA

RESURG uses your Personal Data for a variety of purposes in order to manage its business relationship with You, where necessary to perform its obligations under a contract, to comply with legal obligations or otherwise in pursuit of its legitimate business interests. We have set out below the main purposes for which your Personal Data is processed:

  • Relationship management, customer service, training and communication;

  • Develop and carry out marketing activities;

  • Develop, test and manage new and existing services;

  • Comply with laws and regulations that apply to Us;

  • Protect your confidentiality.

    This list is not exhaustive and RESURG may undertake additional processing of Personal Data in line with the purposes set out above. RESURG will update this Privacy Notice from time to time to reflect any notable changes in the purposes for which it processes your Personal Data.

4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

RESURG processes your Personal Data where there is an appropriate legal basis to do so. RESURG will have one or more of the following reasons for using your Personal Data:

  • Our use of your Personal Data is necessary to fulfil a contract we have with You or to take steps to enter into a contract with You;

  • Our use of your Personal Data is necessary to comply with a legal or regulatory obligation that we have;

  • You have provided your consent to Us using the Personal Data, for example when You have provided information for use at an event or during a meeting;

  • Our use of your Personal Data is in our legitimate interest as a commercial organization to provide services to our clients or for the purpose of business development, provided our use is proportionate and respects your privacy rights

5. SHARING YOUR PERSONAL DATA

In connection with the purposes described above, We may need to entrust your Personal Data to, or share your Personal Data with, third parties. This may include the following:

  • To any holding company, subsidiary of affiliate of RESURG;

  • To external third parties who provide services to Us, such as lawyers, technology providers, cloud service provider, and other service providers that assist us in carrying out RESURG services. All such third-party service providers are required to take appropriate security and confidentiality measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes;

  • To comply with all applicable laws and regulations;

  • To third parties in order for RESURG to protect its legal rights (e.g. in case of litigation).

    Whenever We need to provide Personal Data to any other third party than the ones mentioned herein, we will request of you a separate consent (in documented form) specifying the third party and necessary particulars including the purpose of such provision of Personal Data.

6. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA

There may be some instances where your Personal Data is transferred to countries outside of the European Economic Area (“EEA”) – including the USA - such as when we transfer information to our third party suppliers who are based outside the EEA or when third parties who act on our behalf transfer your Personal Data to countries outside the EEA.

Where such transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

  • Entering into data transfer contracts and using specific contractual provisions that have been approved by European data protection authorities or by the European Commission, such as the standard data protection clauses defined in article 46 c) of the GDPR;

  • Transferring Personal Data to companies in non-EEA countries who have been deemed by the European Commission to have adequate levels of protection.

7. PERSONAL DATA RETENTION

We will keep Personal Data for as long as is reasonably necessary for the purposes for which we collect it.

Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.

8. YOUR RIGHTS AS A DATA SUBJECT

You have a number of legal rights in relation to the Personal Data that We hold about You and You can exercise your rights by contacting Us using the details at the end of this document. These rights include the right:

  • To obtain information regarding the processing of your Personal Data and access to such Personal Data;

  • To withdraw your consent to our processing of your Personal Data where you have explicitly given your consent;

  • To rectify your Personal Data if it is inaccurate or incomplete;

  • To erase your Personal Data in certain circumstances. Please note that there may be circumstances where You ask us to erase your personal data but We must retain it;

  • To restrict (suspend) the processing of your Personal Data in certain circumstances. There may be circumstances where You ask Us to restrict our processing of your personal data but We must refuse that request;

  • To exercise, in some circumstances, your right to data portability and obtain from RESURG the right to receive your Personal Data in a structured, commonly used and machine-readable format. Please note that this right only applies to personal data that You have provided to Us;

To object, at any time of the processing, free of charge and without having to state a legitimate ground every time such processing is based on RESURG’s legitimate interests.

If You wish to exercise your rights, please contact Us using the details below.

You also have the right to lodge a complaint with the applicable data protection authority in the country where the relevant RESURG entity is located if you think that any of your rights have been infringed by Us:

  • For France : the Commission Nationale de l’Informatique et des Libertés (CNIL), www.cnil.fr

  • For Spain : the Agencia Española de Protección de Datos (AEPD), www.aepd.es

  • For Switzerland: The Federal Data Protection and Information Commissioner (FDPIC), https://www.edoeb.admin.ch

    If You are not sure which part of RESURG is using your Personal Data or which is the relevant data protection authority, You can ask Us to clarify this using the contact details in the end of this document.

9. WHO TO CONTACT ABOUT YOUR PERSONAL DATA

If you have any questions or concerns about the way your Personal Data is used by RESURG, You can contact our Data protection lead by email at: gdpr@resurg.com.

10. AMENDMENT TO THE PRIVACY POLICY

This Privacy Policy may be amended from time to time. The newest version of the Privacy Policy will be posted on Our website and may also be distributed (in hard copy or electronic version) as appropriate to You.

11. DEFINITIONS

  • “Data Subject” means the identified or identifiable natural person described in the preamble and to whom Personal Data relates;

  • “GDPR” is defined in the preamble;

  • “Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • “Privacy Policy” means the present document;

  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • “RESURG” is defined in the preamble.

***

This Privacy Policy was last updated on September 23rd, 2021. We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process Personal Data.