PRIVACY POLICY
This Privacy Policy sets out the basis on which any personal data, including but not limited to payment details and other information we collect from you or other sources or that you provide to us (“Information”), will be handled by us in connection with your access and use of Verisio’s website (the “Site”), the Verisio platform Optimus (the “Platform”), and/or audits or services (collectively, the “Services”).
Please read the following carefully to understand our practices regarding your information. By using our Site and Services, you agree to the handling of your information under this Privacy Policy.
References in this Privacy Policy to “we”, “our”, or “us” (or similar) are references to Verisio Limited, registered at 5 Station Road, Ailsworth, Cambridgeshire, PE5 7AH. References to “user” or “you” (or similar) are references to you as an individual or legal entity.
If you use our Site and Services, you consent to the collection, use and sharing of your personal data under this Privacy Policy (which includes all other documents referenced in this Privacy Policy) and agree to the Terms of Use on the Site. We created this Privacy Policy to give you confidence as you use the Site and Services and to demonstrate our commitment to protecting privacy.
Verisio adopts the following points concerning privacy:
- During auditing, we gather confidential information on companies and individuals, which must be stored and processed carefully. This confidentiality has always been at the heart of good social compliance auditing. If any confidential interviews have been recorded, the copy of the recording will be transferred onto a hard drive and locked in a safe in our Head Office. Only Senior Management and Office Manager will have keys to the safe. This information will not be added to our cloud-based platform and must be removed from the auditors’ telephone or computer.
- All data we gather is stored in our cloud-based Optimus platform and backed up in a secure data centre. This data is secured beyond the Advanced Encryption Standard (AES). No stand-alone personal data is permitted to be kept on individual computers.
- Access by any user is recorded by Optimus using IP addresses and date and time stamps. Master and Individual passwords are changed regularly and must exceed 12 mixed and random characters.
- During the audit, data subjects are requested to consent to using their data as part of their contractual commitment to the master client. Their data can only be viewed by the controller, the processor, the subject, and the master client.
- All data is collected and processed legally, fairly, and transparently.
- Verisio has appointed a Data Protection Officer.
- Any data subject may fully view all the data held on them by requesting a log-in to the Optimus platform. Commonly, any data will have already been shared as a hard or soft-copy audit report.
- Data may be shared with law enforcement or intelligence where the standards of vital, public, and legitimate interests are met. This may apply when vulnerable workers or children are under immediate threat.
- As part of the contractual arrangement within auditing, data must be kept indefinitely, as agreed between the master client and the data subject. However, if all parties agree, data may be permanently erased from the platform.
INTRODUCTION AND BACKGROUND
Verisio is a Data Controller and consequently must process all Personal Data (including Special Categories of Personal Data) about Data Subjects following the General Data Protection Regulation (the “GDPR”) and any other relevant data protection legislation, domestic or otherwise (as may be in force or repealed or replaced from time to time) (together the “Data Protection Rules”). For the avoidance of doubt, Verisio remains the sole Data Controller, even where affiliated offices or sub-contractors carry out processing.
Verisio will collect, store, use and otherwise process Personal Data about the companies and people with whom it interacts, who are the Data Subjects. This may include clients, workers, employees, contractors, suppliers and other third parties.
Verisio processes Personal Data to comply with its statutory obligations and achieve its objective of advancing and maintaining good corporate social compliance and the fight against Modern Slavery.
Every Data Subject has several rights concerning how Verisio processes their Data. Verisio is committed to ensuring that it processes Personal Data appropriately and securely following the Data Protection Rules, as such commitment constitutes good governance and is essential for achieving and maintaining the trust and confidence of Data Subjects. Therefore, Verisio will regularly review its procedures to ensure they are adequate and current, not less than once a year.
DATA PROTECTION PRINCIPLES
Verisio, as the Data Controller, is required to comply with the six data protection principles set out in the GDPR, which provide that Personal Data must be:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and not further processed for other incompatible purposes.
- Adequate, relevant, and limited to what is necessary regarding the purposes for which it is processed.
- Accurate and, where necessary, kept up to date – every reasonable step must be taken to ensure that inaccurate personal data is erased or rectified without delay.
- Kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a way that ensures its security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organisational security measures.
Verisio will collect, store, use and otherwise process Personal Data about the companies and people with whom it interacts, who are the Data Subjects. This may include clients, workers, employees, contractors, suppliers and other third parties.
Verisio processes Personal Data to comply with its statutory obligations and achieve its objective of advancing and maintaining good corporate social compliance and the fight against Modern Slavery.
Every Data Subject has several rights concerning how Verisio processes their Data. Verisio is committed to ensuring that it processes Personal Data appropriately and securely following the Data Protection Rules, as such commitment constitutes good governance and is essential for achieving and maintaining the trust and confidence of Data Subjects. Therefore, Verisio will regularly review its procedures to ensure they are adequate and current, not less than once a year.
WHAT INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following information about you:
(a) Information relating to (but limited to) the following categories of information: (1) contact data (such as your email address and phone number); (2) demographic data (such as your gender, your date of birth and your postcode code (or equivalent)); and (3) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and information in emails or letters that you send to us;
(b) Information that you provide by filling in forms on our platform, including information provided at the time of registering to use our platform and other co-registrations, subscribing to our Services, posting material and information or requesting further services;
(c) Information you provide us or that we may collect from you when you report a problem with our platform;
(d) a record of correspondence if you contact us;
(e) general, aggregated, demographic and non-personal information;
(f) details about your computer, including but not limited to your IP address, operating system and browser type, as well as information about your general internet usage (e.g. by using technology that stores information on or gains access to your device, such as cookies, tracking pixels, web beacons (together, “Cookies”));
(g) your email address from a third party if you indicate that you have consented to that third party sharing your information with us;
(h) any other information we consider necessary to enhance your experience on the platform.
HOW WE WILL USE YOUR INFORMATION
We may use information held about you in the following ways:
(a) to provide you with information, feedback or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
(b) to provide you with location-based services;
(c) contacting you when necessary or requested to facilitate your use of the Service;
(d) notifying you about resources or services we think you may be interested in learning more about;
(e) to improve our Services and to deliver a better and more personalised service to you;
(f) to ensure that content from our platform is presented in the most effective manner for you and the device you use to access our platform;
(g) to notify you about changes to our Services;
(h) for any other reason that we deem necessary to enhance your platform experience.
COMMITMENTS
- Ensure that additional safeguards (as required by the Data Protection Rules) are in place to protect Personal Data that is transferred outside of the European Economic Area (the “EEA”).
- Ensure that data is processed in line with the Data Subject’s rights, which include the right to:
- request access to Personal Data held about them by the company.
- have inaccurate Personal Data rectified.
- have the processing of their Personal Data restricted in certain circumstances.
- Have Personal Data erased in certain specified situations (in essence, where its continued processing does not comply with the Data Protection Rules).
- Prevent the processing of Personal Data for direct marketing purposes.
- Prevent, in some cases, decisions being made about them which are based solely on automated processing (i.e. without human intervention) and which produce significant or legal effects on them.
- Ensure all employees understand the company’s data protection policies and procedures.
- Design projects, processes, and systems with privacy in mind at the outset
TO WHOM WE MAY DISCLOSE YOUR INFORMATION
We share your information only as described below and with businesses that follow practices at least as protective as those described in this Privacy Policy:
(a) Other Entities. To offer you our Services, we may engage with businesses who are affiliates of us or non-affiliated service providers (e.g. marketing companies, government entities, regulators). You understand that it is essential that such companies have access to the relevant information to perform their functions. We will ensure these businesses do not use your information for other purposes. By using our platform, you freely and expressly consent to transferring, storing, using, and disclosing your information among businesses that are affiliates of us or non-affiliated service providers, wherever located. These businesses shall be contractually bound to respect the confidentiality of your data.
(b) Marketing. We may also use your information to provide you with information about services that may interest you and enhance your Platform experience, service messages, new features and enhancements. We may contact you via various channels, including, without limitation, emails, posts, and telephone. We may permit third parties to use your information. For example, we may provide advertisers with information to help them reach the kind of audience they want to target and to enable us to comply with our commitments to our advertisers (e.g. by displaying their advertisements to a target audience). Additionally, you may be asked to provide additional information to participate in some of our market research activities.
(c) Business Transfers. If all of our assets are acquired, subscriber and customer information will be one of the transferred assets.
(d) Protection of Our Platform and Others. We release account and other information when we believe such a release is appropriate to comply with the law and law enforcement investigations and to protect the rights, property or safety of our users or others. This includes exchanging information with other companies and organisations for various reasons, such as fraud protection and credit risk reduction.
Note that our platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before submitting personal data or other information to these websites. Please do not post or add personal data to the Site that you would not want to be publicly available.
HOW WE STORE YOUR INFORMATION
We may store, process and transmit the information we collect from you in Europe and other locations worldwide – including outside your country. Information may also be stored locally on your devices to access the Services. Your data may also be processed by staff outside the EEA who work for us or one of our suppliers. Such staff are engaged in, among other things, providing support services, maintaining and operating the Site and services, and providing security services. By submitting your data, you agree to this transfer, storing or processing. We will take all necessary steps to ensure your data is treated securely per this policy. Each affiliate or supplier receiving your data is bound by standard contractual clauses that comply with the standard contractual clauses for transferring personal data to controllers established in third countries set out in the European Commission Decision 2010/87/EU.
WHAT SECURITY MEASURES WE APPLY
We maintain commercially reasonable technical, administrative, and physical safeguards to ensure your information is treated securely following this Privacy Policy and to protect against unauthorised access or alteration to, disclosure, or destruction of your data. We may use encryption technology to secure your information during transmission to our platform, external firewall, and on-host firewall technology to prevent network-level attacks. Only those authorised employees, contractors, and agents who need to know your information concerning the performance of their services are allowed to access this information.
You must protect yourself against unauthorised access to your password and the devices used to access our Services. You are responsible for keeping your password confidential. For example, ensure you sign off after using a shared device.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your data transmitted to our platform. Any transmission is at your own risk.
HOW CAN YOU ACCESS AND AMEND YOUR INFORMATION?
In certain circumstances, you have the right to access and receive a copy of the information we hold about you, rectify any inaccurate personal data held about you, and request the deletion of personal data held about you. You also have the right to data portability for the information you provide to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and move it or request that we send it to a third party. You may have the right to restrict or object to our processing of your personal data, including for direct marketing. You can exercise your rights by contacting us here. NOTE: We may ask you to verify your identity before responding.
You can opt out of receiving future marketing communications from us anytime by adjusting your customer communication preferences through the unsubscribe link within the email communication.
For information about our use of cookies, please refer to our Cookie Policy.
We may retain a copy of your information for compliance reasons. When you update information, we may keep a copy of the prior version for our records.
WHAT IF WE CHANGE OUR PRIVACY POLICY?
Our business changes constantly, and our Privacy Policy may also need to change. We will post the current version of this Privacy Policy on this website, and each such change will be effective upon posting. We may email periodic reminders of our notices and conditions, but you should check our website frequently for recent changes. It is your responsibility to review the Privacy Policy regularly. Following any such change, your continued use of the website or platform constitutes your agreement to this Privacy Policy as so modified.
HOW YOU CAN CONTACT US
If you have any concerns about your data, please contact us here with a thorough description of the issue, and we will try to resolve it.