What is a privacy notice?
We want to ensure you understand what information we collect about you, how we will use it and for what purpose.
We are also required by data protection legislation to explain certain matters to you.
What personal data do we collect about you?
If you sign up to receive our press releases or interim and year-end reports, we will collect, store and process the following personal information about you:
- Sign-up data: name, e-mail address and phone number
How and why will we use your personal data?
We need to use your personal information to process your subscription request and provide you with the information you have signed up to receive.
We are guided by the principle that you should not be surprised by any use we make of your personal information.
What happens if you do not provide personal information?
You are asked to provide certain personal information to us so we can provide the services you have requested from us. If you do not provide us with certain personal information we will not be able to process your request.
Who else might your personal data be shared with?
We use a third-party provider, Cision Sverige AB (a company registered in the Sweden, whose registered office is at Linnégatan 87 D, 104 51, Stockholm) to provide the services to you.
When you provide personal data to us, this may involve a transfer of that data outside of the European Economic Area ("EEA"). This is because some of Cision’s servers are located outside of the EEA. In all such instances, we employ all the necessary measures to ensure an adequate level of protection of such data.
How long do we keep your personal data?
We will keep your personal information for as long as we provide services to you. Once you have unsubscribed, we will delete all personal information.
How do we keep your personal data secure?
We ensure the security of your personal data. Our provider, Cision, have implemented the following measures:
- rigorous screening during the hiring process
- all employees must understand and agree to the Information Security Policy.
- upon termination or change of employment, access rights are removed or updated to ensure employees only have access to information that is required for their job.
- information systems and infrastructure are hosted in a combination of world-class data centers and Infrastructure-as-a-Service (IaaS) providers.
- offices have physical entry controls to ensure only authorized personnel gain access to facilities.
- hosting facilities utilize biometric security, video surveillance, and a 24/7 staffed guard.
- regular vulnerability assessments on the running applications (dynamic), the application code (static), and the underlying infrastructure using industry standard tools.
- manual penetration testing on an annual basis.
- applications follow a multi-tiered model, which provides the opportunity to apply controls at each layer, practicing “defense in depth.”
- data centers follow industry standard practices and provide an attestation of their annual audits such as SOC Type II.
- cryptographic protocols such as TLS to protect information in transit over public networks.
- at the network edge, stateful firewalls, web application firewalls, and DDoS protection are used to filter attacks.
- applications follow a multi-tiered model which provides the ability to apply security controls between each layer.
- email systems utilize state-of-the-art spam and malware filters to prevent outbreaks and phishing campaigns.
- Internet browsing is controlled and filtered for known malicious sites to prevent infection of internal systems and data leakage.
- All servers and computers have industry standard anti-virus software installed which is updated and continuously monitored.
- Servers send logs to a central repository for forensic storage and correlation to detect anomalous activity and facilitate investigations.
- Backups are taken regularly and stored off-site in a secure location in case of a catastrophic incident at the hosting facility.
What are your rights in relation to your personal information?
You have certain rights in relation to your personal data, and we have summarised those that are relevant here. For more information on your rights, or if you wish to exercise any of them, please contact us (see the contact details at the bottom of this notice)
Rights/What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. The right of access
You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Notice).
This is so you’re aware and can check that we’re using your information in accordance with data protection law.
3. The rights to rectification and erasure
You are entitled to have your information corrected if it’s inaccurate or incomplete. In limited circumstances you will have a right to have information erased (known as the right to be forgotten).
4. The right to restrict processing
You have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it;
5. The right to object to processing
You have the right to object to certain types of processing, including processing based on our legitimate interests in some cases.
6. The right to lodge a complaint
You are able to submit a complaint to the Information Commissioner’s Office about any matter concerning your personal information, using the details below. However, we take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try to resolve them.
Office of the Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema SLM 1549, Malta
Tel (+356) 2328 7100, www.idpc.org.mt
7. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
How will we handle a request to exercise your rights?
We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, the law may allow us to refuse to act on the request.
If you have any questions about anything in this privacy notice, please contact our Data Protection Officer at DPO.Officer@kindredgroup.com
Other questions are directed to our press contact firstname.lastname@example.org