Last Updated 16/03/2023
Privacy and Data Protection Policy and Notice
Who is the data controller?
The data controller processing your personal data through this website, or in the course of providing our services to you, is TRG Research and Development Ltd, a duly registered limited liability company in Cyprus under registration number ΗΕ352217, with its registered office at 28 Agios Athanasios Avenue, Agios Athanasios, 4102, Limassol, Cyprus. However, with regard to our platform, TRG is a data processor.
What personal data do we collect?
Personal data means any information relating to you that identifies you or could reasonably be used to identify you, and that is recorded in any form.
Personal data which is being gathered consists of any details which are personally identifiable provided consciously and voluntarily by a customer, the customer’s administrator or through your use of the TRG website (as described below). This may include your name, address, telephone number, e-mail address, postal address, birth date, gender, position and organization name, your bank account, credit card and other such payment and billing details, billing address, your account username and password and usage details, and other information you may choose to provide to us.
If you are a person having a contractual relationship with us, if you are a prospective client or a non-client counterparty, we may collect the following personal data: (a) Identity data such as first name, maiden name, last name, identification number, passport number, username or similar identifier, marital status, title, date of birth (city and country) and gender. (b) Contact Data such as a residential or business address, email address and telephone numbers. (c) Marketing and Communications Data like your preferences in receiving marketing from us. (d) Other data: We may collect banking details, marital status, employed/self-employed if you hold/held a prominent public function (for PEPs), FATCA / CRS info, authentication data (e.g. signature), IP addresses, financial account information such as bank details, insurance information, family member information, nationality, residence or work permit in case of non-EU nationals, employment position, educational background, employment history. We may also obtain personal data arising from the performance of our contractual obligations, tax information (e.g. defence tax, tax residency, tax identification number), financial info (as expected annual credit/debit turnover, nature of transactions, source of income, source of assets).
Additionally, we may obtain location data related to the geographic location of your laptop, mobile device or other digital devices on which the TRG website or platform is used.
TRG also collects data relating to employees. This is governed by a specific notice we have made available to our employees.
TRG also collects data relating to employment candidates. This includes CVs and the data contained therein, notes on meetings, standardized tests, reports, references, interviewer impressions and such industry-standard data, as well as collecting data made publicly available or available to us on social networks. We collect such data based on the intention of the candidate to enter into an employment agreement with TRG.
You do not have any legal obligation to provide any information to TRG however, we require certain information in order to provide the services. If you choose not to provide us with certain information, we may not be able to provide you with some or all of the services.
Collection of Personal Data
We collect personal data through your use of our website. In other words, when you are using the website, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This may include technical information and behavioural information such as the user’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), hardware model, operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the website, the period of time the user visited the website, methods used to browse away from a page, and any phone number used to call our customer service number. We likewise may place cookies on your browsing devices (see section COOKIES below).
We collect and process different types of personal data, which we receive from you directly or from our contractors in person or via their representative in the context of the contractual relationship we have with you. To the extent permitted by the law and for the fulfilment of our contractual or potential contractual relationship, we may additionally collect and process personal data which has been lawfully obtained from third parties e.g. public authorities or companies that introduce you to us and/or from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers, the press, media and the internet).
What are the purposes of personal data we collect?
We use personal data to provide and improve our services and meet our contractual, ethical and legal obligations, including for example:
Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (GDPR Article 6(1)(b)):
- carrying out our obligations arising from any contracts entered into between you and TRG and/or any contracts entered into between a customer and TRG and to provide you with the information, products and services that you request from TRG;
- administering your account with TRG including identifying and authenticating your access to the parts of the services that you are authorized to access.
- verifying and carrying out financial transactions in relation to payments you make in connection with the services;
- contacting you to inform you of additional services which may be of interest to you.
Processing which is necessary for compliance with a legal obligation to which TRG is subject (GDPR Article 6(1)(c)):
- compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, members, facilities etc;
- for security purposes and to identify and authenticate your access to the parts of the services and our application that you are authorized to access.
Processing is necessary for the purposes of the legitimate interests pursued by TRG or by a third party (GDPR Article 6(1)(f)) of providing and promoting an efficient and wide-ranging service to customers:
- notifying you about changes to our service;
- contacting you for the purpose of providing you with technical assistance and other related information about the services;
- replying to your queries, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;
- contacting you to give you information about events or promotions or additional services offered by TRG, including in other locations;
- soliciting feedback in connection with your use of the services;
- tracking use of TRG facilities and services to enable us to optimize and improve our services;
Personal data which you provide us may be combined with personal data which your employer, a TRG customer, provides us, or which may be provided by other sources, all of which will be used for the purposes set out above.
Where do we store your personal data?
Your personal data is stored on our servers and on the servers of the cloud-based database management services we engage, located within the EU.
With whom do we share this personal data?
We transfer personal data to third parties in a variety of circumstances. We endeavour to ensure that these third parties use your information only to the extent necessary to perform their functions and to have a contract in place with them to govern their processing on our behalf. These third parties may include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimization of our website, our application, and our marketing. Additionally, if required, we may share your information with governmental/regulatory/law enforcement agencies or other third parties provided that such obligation is based on national or EU law.
What are your rights regarding your personal data?
Access: this enables you to request access and receive information regarding the personal data we hold about you.
Request for rectification: this enables you to request to have the data we hold about you to be completed or corrected.
Request for erasure: this enables you to request the deletion of the personal data we hold about you.
Restriction of processing: this enables you to make a request, in certain situations, that your personal data are only used for specific purposes.
Object to processing of personal data: this enables you to object to the processing of your personal data
Data portability: this enables you to request to obtain a copy of the personal data in a structured, commonly used and machine-readable format and/or the transmission of your personal data to another controller.
In order to exercise any of your above rights, please contact us at email@example.com. We will endeavour to respond to any request as soon as possible and no longer than 30 days from the receipt of the request. Note that we may have to undertake a process to identify a data subject exercising their rights. We may keep details of such rights exercised for its own compliance and audit requirements. Please note that personal data may be either deleted or retained in an aggregated manner without being linked to any identifiers or personal data, depending on technical commercial capability. Such information may continue to be used by us. In case where we will not be able to respond to your request within the aforementioned time period or in case your request is rejected, we will inform you accordingly explaining the reasons for any delay or rejection. All rights can be exercised free of charge.
Before making a final decision to recruit you or to enter into a contractual relationship with you, we may collect and process information relating to your criminal record in order to satisfy ourselves that there is nothing in your criminal convictions history which will prevent us from hiring you or entering into a contractual relationship with you. We seek to ensure that our information collection and processing is always proportionate.
Right to lodge a complaint
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.
How do we protect your personal data?
As part of our effort to prevent any unauthorised access or disclosure of your personal data, we have implemented physical, technical and administrative safeguards. We also update and test our security technology on an ongoing basis and we restrict access to your personal data on a need-to-know basis. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities. Note, however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will ever occur.
We will retain your personal data for as long as necessary, to fulfil the purposes we collected it for, and to comply with regulatory or statutory obligations. The criteria used to determine our retention periods include: – The length of time we have an ongoing relationship with you and provide the services to you. – Whether there is a legal obligation to which we are subject. – Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations). You have the right to request the deletion of your data.
Will this privacy notice change?
For any further information, please contact us at firstname.lastname@example.org.