General Data Protection Regulation
Effective Date of GDPR: May 25, 2018
Effective Date of Agreement: September 30, 2021
Introduction
This notice document (the “Notice”) sets forth the additional rights available to European Union (“EU”), United Kingdom (“UK”) and European Economic Area residents (“EEA”) and supplements the information contained in the Company’s Privacy Policy and applies solely to persons located in the EU, UK and EEA. The purpose of this notice is to comply with the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR (which is the UK law version of the EU General Data Protection Regulation by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019). Any applicable terms defined in the GDPR or UK GDPR have the same meaning when used in this Notice. Similarly, any terms defined in the Company’s Privacy Policy have the same meaning when used in this Notice.
This Notice does not apply to workforce-related personal information such as a company registration number, a company email, or anonymized data.
Data Controllers
Sometimes the Company acts as the Data Controller related to your personal information.
In other situations, we are considered only a Processor of your personal information. In such case, the identity of the Data Controller will be disclosed to you by your employer, the Company or another third-party.
In addition, the EU General Data Protection Regulation 2016/679 (“GDPR”) requires organizations which are subject to the GDPR and are not established in the EEA, to designate a representative in the EEA to act on its behalf regarding GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect. Similarly, the UK GDPR (which is the UK law version of the EU General Data Protection Regulation by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by Schedule 1 to the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) also requires organizations which are subject to the UK GDPR and are not established in the UK, to designate a representative in the UK to act on its behalf regarding UK GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect.
Pursuant to Article 27 of the GDPR, Birkman International Inc. has appointed Borlux Ltd. (Postal address: First Floor, Penrose 1, Penrose Dock, Cork, Ireland) as its GDPR representative in the EU. If you usually reside in an EU Member State you can contact Borlux Ltd. regarding matters pertaining to the GDPR by using the online request form at https://services.nathantrust.com/privacycontact.
What Information is Collected?
Personal Information We Collect About You
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual (collectively “Personally Identifying Information” or “personal information”).
The Personally Identifying Information we collect from our customers may include: full name, referral name, company name, mailing addresses (city, state, zip, country), email addresses, phone & fax numbers, invoicing history, spoken language, education level and area of study, age, gender, ethnicity, employment status, detailed employment information (position title, dates hired, etc), Birkman Learning System training history, Birkman-account ID numbers, last four digits of credit card, and food allergy information.
The Personally Identifying Information we collect on respondents of the Birkman questionnaire is much more limited and may include: email address, country, language, first and last name, zip/postal code, education information, gender, the purpose for taking the assessment, year born, ethnicity, employment status and employment details (job title, years worked, organization size, employer name, full- or part-time, seeking, not seeking, not able to work, retired). When someone completes a Birkman questionnaire, this constitutes agreement to provide “Personally Identifying Information” to Birkman.
How Do We Use the Data We Collect?
How We Collect Personal Information About You
As stated in more detail in the Company’s Privacy Policy, we collect personal information about you:
- Directly from you when you voluntarily provide it to us;
- Automatically as you navigate through the Websites. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies;
- From third parties, for example, our business partners, your employer, or other websites.
How We Use Your Information
The basis for our collection of and use of your Personally Identifying Information will vary dependent on your relationship with us. However, we operate in compliance with applicable data protection laws and process personal information where we have a legal basis for doing so. We may use or disclose the Personally Identifying Information we collect for one or more of the following legitimate purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To confirm your identity and protect against unauthorized use of our services.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users/consumers is among the assets transferred.
- If you are applying for one of our employment vacancies, we need to process your information to assess your suitability for the role you have applied for, and the legal basis we would be relying on is that the processing is necessary to perform a contract or take steps at your request, before entering into a contract.
- We also collect and process personal information based on consent according to Art. 6(1)(a) GDPR, which you are free to give or refuse. You’ll see consent options when you visit our website for the first time. You can change your decisions at any time by emailing privacy@birkman.com. If you change your decision, it will not affect the lawfulness of processing based on consent before its withdrawal. Where we are relying on your consent to process personal information, you are entitled to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you are based in the EEA you may only use the Websites if you can provide consent to data processing under the laws of your country.
Legal Basis for Processing Your Information
The legal basis to process your Personally Identifying Information includes processing that is:
- necessary for the performance of a contract between you and the Company;
- necessary to comply with legal requirements (for example, to comply with applicable accounting rules or to make mandatory disclosures to law enforcement);
- necessary for our legitimate interests (for example, administering the Services we provide and to manage our relationship with you and to improve the website and our Services);
- to protect the vital interests of you or another person; and
- where legally required and we have no other valid legal basis to process Personally Identifying Information, we will use consent by you, which may subsequently be withdrawn at any time (by emailing privacy@birkman.com) without affecting the lawfulness of processing based on consent before its withdrawal.
Disclosure of Your Information
To learn to whom we share your personal information please refer to the Company’s Privacy Policy.
Children’s Information
We do not solicit or intentionally collect data from persons under 16 years old nor do we publish content that is targeted at anyone under 16 years old. We do not knowingly collect personal information from children under 16. If you are under 16, you may not use any of our Websites. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
Storing Your Personal Information
We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage.
International Data Transfer
We may transfer personal information to third parties located in other countries or receive personal information from third parties located in other countries. We will ensure the necessary steps are taken to give adequate protection to such information as required by the relevant data privacy laws. Unless notified otherwise or exempt, transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA or from third parties outside the EEA to the EEA will be based on an adequacy decision or are governed by the standard contractual clauses as required by applicable law.
The Company complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland, respectively, to the United States (collectively, the “Privacy Shield”). Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Retention of Personal Information
We will retain your personal information only for a period as is necessary. We maintain specific records management and retention policies and procedures to ensure personal information is deleted after a reasonable time according to the following retention criteria:
a) We retain your personal information as long as we have an ongoing relationship with you, or as long as you have an account with us;
b) We will only keep your personal information while your account is active or as long as is necessary to provide services to you;
c) We retain your personal information as long as is necessary to comply with our contractual obligations, legal obligations and legitimate business interests.
How to Exercise Your Rights
Automated Decision Making and Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can object to your personal information being used in this way. We are permitted to use automated decision-making and profiling if the decision:
a) Is necessary for entering into, or performance of, a contract between you and us;
b) Is authorized by the EU or a member state law to which we are subject, and which also lays down suitable measures to safeguard your rights and freedom of legitimate interest;
c) Is based on your explicit consent.
Where we engaged in automatic decision making or profiling in connection with a contract between us or further to your explicit consent, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention from us in the decision-making process, and the opportunity to express your point of view and to contest the decision.
We may place a piece of information known as a cookie on your computer when you visit our website, which allows us to improve user experience. Our cookie will track only your activity on our website and will not track your other internet activity. You may turn off the acceptance of cookies in your browser at any time.
Disclosure of Your Information
The GDPR and the UK GDPR provides persons within the EU, UK, and EEA with specific rights regarding their personal data. This section describes these rights and explains how to exercise those rights.
(a) Right of access. You have the right to obtain: (i) confirmation of whether, and where, we are processing your personal information; (ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods; (iii) information about the categories of recipients with whom we may share your personal information; and (iv) a copy of the personal information we hold about you.
(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay. You may request that we complete and/or correct any personal data we have collected on you.
(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified. This means that Birkman’s consultants, clients, customers, and questionnaire respondents can request that Birkman delete any/all personal data of themselves, and it will be permanently deleted.
(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
(f) Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason. Depending on the data being objected to, it may prohibit you from doing business with Birkman because of the legal standpoint from which Birkman operates. Some clients and customers may refuse to complete the Birkman Questionnaire because of the personal data collected during the process. They are within their rights to object to provide any of the data required in order to complete the Questionnaire.
If you are resident in France, you also have the right to set guidelines for the retention and communication of your personal information after your death.
If you wish to exercise one of these rights, please contact us at privacy@birkman.com and we will comply with any request to the extent required under applicable law.
We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the applicable law. Be sure to include your Birkman-related contact information so that we can accurately process your request in a timely manner. Please note we may keep a record of your communications to help us resolve any issues.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Changes to This Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on the Website and update the Notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Data Protection Officer Contact Information
If you have any questions or comments about this notice, the ways in which the Company collects and uses your information described here and in the Company’s Privacy Policy, your choices and rights regarding such use, please do not hesitate to contact our Data Protection Officer:
Birkman Data Protection Officer, Beverly Martin:
Birkman Corporate Headquarters
9090 Katy Fwy., Bldg. 450
Houston, TX 77024
privacy@birkman.com
(713) 623-2760