ORIS Data Privacy Policy
ORIS is committed to protecting your personal data and being transparent about the manner your personal data are being processed. As a rule, the Chief Data Officer acts as the data controller, responsible for the processing of your personal data in every country you are operating.
We take outmost care to process your personal data in accordance with the principles set forth in the data protection legislation applicable in the countries where ORIS operates, including (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR").
This Privacy Policy regards the personal data of the following categories of individuals:
- customers or potential customers;
- representatives or contact persons of ORIS customers or potential customers;
- suppliers and subcontractors and other business partners;
- representatives or contact persons of ORIS suppliers, subcontractors and other business partners;
- users of our Internet websites;
- general public
The Privacy Policy is intended to provide details of all processing activities that we perform and therefore the Privacy Policy is structured by reference to the type of relationship or interaction that you have with ORIS. This means that not all of the sections, nor the processing purposes in this Privacy Policy will be relevant to everyone.
This Privacy Policy describes:
- the purposes for which we collect and use your personal data;
- the processing grounds for such purposes;
- the categories of personal data we collect from you and process and the sources from which they originate;
- whether the provision of your personal data is necessary and the possible consequences of your refusal to provide such data;
- to whom we disclose or we may disclose your personal data;
- the countries where we transfer your personal data;
- the duration of processing of such data;
- your rights as a data subject and the manner in which you may exercise.
PURPOSES, GROUNDS FOR PROCESSING AND CATEGORIES OF PERSONAL DATA
In the context of your interaction with ORIS, you, as a natural person, may be subject to the data processing activities that we perform. Thus, we use your personal data in the following cases:
1. If you are a customer or potential customer of ORIS
1.1 Customer Due Diligence and Reporting
Purposes: we process your personal data to undertake due diligence before commencing the contractual relationship with you.
If and to the extent requested or permitted by law, this may include anti-money laundering checks, anti-bribery, corruption checks or other similar types of checks. We perform such due diligence to ensure that the relationship with you is appropriate and that any potential risks are identified and managed prior to commencing the contractual relationship with you.
Categories of personal data and sources: name, e-mail, phone, fax, address, data resulting from the due diligence carried out, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from other sources and not directly from you, respectively from our service providers, business partners and from publicly available sources.
Grounds for processing: depending on the jurisdiction where the processing takes place, the processing is either necessary (i) to comply with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, including to preserve our business operations and to grow such. In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
1.2 Providing the services requested by you
Purposes: we process your personal data for the following purposes (i) negotiating the terms of the relationship with you and concluding the agreement, (ii) providing the services requested by you and managing the aspects arising from our contractual relationship, (iii) communicating with you in connection with any aspect related to the services requested by you (e.g., providing you with pricing information, delivering the products purchased, managing and facilitating the relationship and raising invoices), (iv) facilitating payment for goods and services.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose.
Grounds for processing: we rely on the performance of the agreement concluded with you.
1.3 Customer administration
Purposes: we process your personal data for customer administration purposes, namely for (i) creating, managing and maintaining a Customer Relationship Management database (CRM), including relevant organisational charts, (ii) keeping records relating to our customers, including minutes of meetings and other notes.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose.
Grounds for processing: we rely on our legitimate interests of operating our business, which includes taking the necessary steps for facilitating our customer relationship management.
1.4 Management of legal claims and risks
Purposes: we process your personal data in connection with our legal rights and obligations, for the following purposes (i) taking the necessary measures to enforce or defend any legal claims made by, against or otherwise involving you, and (ii) periodical reporting at group level.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose.
Grounds for processing: we rely on our legitimate interests of operating our business, which includes taking the necessary measures to protect our business.
1.5 Whistleblowing
Purposes: we use a specific platform to enable reporting of suspected misconduct related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS policies and directives and to conduct investigation on the reported issues.
Categories of personal data and sources: name, e-mail, phone, fax, address, passport number, national identity number, professional address, date of birth, salary or compensation information, function within the organisation, financial account information, data reported regarding suspected misconduct, data related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS policies and regulations. Some of this personal data is collected from other sources and not directly from you, respectively from the whistleblower, other business partners and from publicly available sources.
Grounds for processing: depending on the jurisdiction where the processing takes place, the processing is either necessary (i) for ensuring compliance with a legal obligation incumbent to us or, (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, which includes maintaining our reputation and to act appropriately in all the countries in which we do business. In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
1.6 Data processing as obligation imposed by the law
Purposes: we process your data in the context of providing the services in order to ensure compliance with the legal obligations incumbent to us, for example, in order to comply with lawful requests from public authorities, courts of law, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose or resulted from our relationship.
Grounds for processing: this processing is necessary to ensure compliance with the legal obligation incumbent to us.
1.7 Direct marketing
Purposes: we process your personal data in order to provide to you in electronic form our newsletters promoting our services and products, but only if you have subscribed and, hence, given your express consent to such processing. We use your personal data to decide which marketing communications will be sent to you. Generally, these decisions do not have any legal effects concerning you or do not significantly affect you. In cases the decisions would entail such adverse effects to you, you will be provided, prior to the processing, with details on the logic involved, as well as the significance of the possible consequences of such processing, In these cases you have the right to obtain human intervention, to express your point of view and to consent such decisions.
For example, we may tailor the marketing communications you receive based on the industry you activate, job title and preferences that you have selected.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose or resulted from our relationship.
Grounds for processing: for sending marketing communication, we rely on your express consent to such processing. You can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective communication or by using the contact details indicated in this Privacy Policy. For deciding which marketing communication is suitable for you, we rely on our legitimate interests of undertaking appropriate promotional activities. However, where we are required to do so by applicable law, we will get your express consent for such segmentation, for example, in case the decisions taken following the segmentation process would have any legal effects concerning you or would significantly affect you.
1.8 Other marketing actions
Purposes: we process your personal data in order to conduct certain marketing activities, such as customer satisfaction surveys, in order to help us understand what you think about our products or services. This may include telemarketing campaigns, online surveys etc.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose or resulted from our relationship.
Grounds for processing: depending on the jurisdiction where the processing takes place, the grounds for processing are either (i) the legitimate interests of ORIS or (ii) your express consent to such processing.
The legitimate interests mentioned above consist of taking the necessary measures to permanently improve our services and products.
In case the processing is based on your consent, you can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective communication or by using the contact details indicated in this Privacy Policy.
2. If you are a representative or contact person of a ORIS customer or potential customer
2.1 Customer Due Diligence and Reporting
Purposes: we process your personal data to undertake due diligence before commencing the contractual relationship with the entity you represent or are employed by, which is a potential customer of ORIS. If and to the extent requested or permitted by law, this may include anti-money laundering checks, anti-bribery, corruption checks or other similar types of checks. We perform such due diligence to ensure that the relationship with you is appropriate and that any potential risks are identified and managed prior to commencing the contractual relationship with you.
Categories of personal data and sources: name, e-mail, phone, fax, address, data resulting from the due diligence carried out, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from other sources and not directly from you, respectively from the entity you represent or are employed by, our service providers, business partners and from publicly available sources.
Grounds for processing: depending on the jurisdiction where the processing takes place, the processing is either necessary (i) to comply with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, including to preserve our business operations and to grow such. In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
2.2 Providing the services requested by the entity you represent or are employed by
Purposes: we process your personal data for the following purposes (i) negotiating the terms of the relationship with the entity you represent or are employed by and concluding the agreement, (ii) providing the services requested by you and managing the aspects arising from the contractual relationship with the entity you represent or are employed by, (iii) communicating with you in connection with any aspect related to the services requested by you (e.g., providing you with pricing information, delivering the products purchased, managing and facilitating the relationship and raising invoices), (iv) facilitating payment for goods and services.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: we rely on our legitimate interest in providing our services according to our area of activity and managing the relationship with our customers.
2.3 Customer administration
Purposes: we process your personal data for customer administration purposes, namely for (i) creating, managing and maintaining a Customer Relationship Management database (CRM), including relevant organisational charts, (ii) keeping records relating to our customers, including minutes of meetings and other notes.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for this processing, we rely on our legitimate interests of operating our business, which includes taking the necessary steps for facilitating our customer relationship management.
2.4 Management of legal claims and risks
Purposes: we process your personal data in connection with our legal rights and obligations, for the following purposes (i) taking the necessary measures to enforce or defend any legal claims made by, against or otherwise involving you or the entity you represent or are employed by, (ii) periodical reporting at group level.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: we rely on our legitimate interests of operating our business, which includes taking the necessary measures to protect our business.
2.5 Whistleblowing
Purposes: we use a specific platform to enable reporting of suspected misconduct related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS policies and directives and to conduct investigation on the reported issues.
Categories of personal data and sources: name, e-mail, phone, fax, address, passport number, national identity number, professional address, date of birth, salary or compensation information, function within the organisation, professional e-mail address, , financial account information data reported regarding suspected misconduct, data related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS. Some of this personal data is collected from other sources and not directly from you, respectively from the whistleblower, other business partners and from publicly available sources.
Grounds for processing: Depending on the jurisdiction where the processing takes place, the processing is either necessary (i) for ensuring compliance with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, which includes maintaining our reputation and to act appropriately in all the countries in which we do business.
In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
2.6 Data processing as obligation imposed by the law
Purposes: we process your data in the context of providing the services in order to ensure compliance with the legal obligations incumbent to us, for example, in order to comply with lawful requests from public authorities, courts of law, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: this processing is necessary to ensure compliance with a legal obligation incumbent to us.
2.7 Direct marketing
Purposes: we process your personal data in order to provide to you in electronic form our newsletters promoting our services and products, but only if you have subscribed and, hence, given your express consent to such processing. We use your personal data to decide which marketing communications will be sent to you. Generally, these decisions do not have any legal effects concerning you or do not significantly affect you. In cases the decisions would entail such adverse effects to you, you will be provided, prior to the processing, with details on the logic involved, as well as the significance of the possible consequences of such processing, In these cases you have the right to obtain human intervention, to express your point of view and to consent such decisions. For example, we may tailor the marketing communications you receive based on the industry you activate, job title and preferences that you have selected.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for sending marketing communication, we rely on your express consent to such processing. You can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective communication or by using the contact details indicated in this Privacy Policy. For deciding which marketing communication is suitable for you, we rely on our legitimate interests of undertaking appropriate promotional activities. However, where we are required to do so by applicable law, we will get your express consent for such segmentation, for example, in case the decisions taken following the segmentation process would have any legal effects concerning you or would significantly affect you.
3. If you are a supplier, a subcontractor or other business partner of ORIS
3.1 Supplier Due Diligence and Reporting
Purposes: we process your personal data to undertake due diligence before commencing the contractual relationship with you.
If and to the extent requested or permitted by law, this may include anti-money laundering checks, anti-bribery, corruption checks or other similar types of checks. We perform such due diligence to ensure that the relationship with you is appropriate and that any potential risks are identified and managed prior to commencing the contractual relationship with you.
Categories of personal data and sources: name, e-mail, phone, fax, address, data resulting from the due diligence carried out, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from other sources and not directly from you, respectively from our service providers, business partners and from publicly available sources.
Grounds for processing: depending on the jurisdiction where the processing takes place, the processing is either necessary (i) to comply with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, including to preserve our business operations and to grow such. In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
3.2 Maintaining our contractual relationship with you
Purposes: we process your personal data for the following purposes (i) negotiating the terms of the relationship with you and concluding the agreement, (ii) maintaining our contractual relationship with you, (iii) communicating with you with respect to any relevant business-related matters.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose.
Grounds for processing: we rely on the performance of the agreement concluded with you.
3.3 Management of legal claims and risks
Purposes: we process your personal data in connection with our legal rights and obligations, for the following purposes (i) taking the necessary measures to enforce or defend any legal claims made by, against or otherwise involving you, (ii) periodical reporting at group level, and (iii) checking and keeping records to ensure that our suppliers and subcontractors have appropriate qualifications and training to ensure safe working on our sites (supplier training records).
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for this processing, we rely on our legitimate interests of operating our business, which includes taking the necessary measures to protect our business. In respect of the supplier training records, the processing thereof may be based, depending on the jurisdiction, on the legal obligations incumbent to us.
3.4 Whistleblowing
Purposes: we use a specific platform to enable reporting of suspected misconduct related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS policies and directives and to conduct investigation on the reported issues.
Categories of personal data and sources: name, e-mail, phone, fax, address, passport number, national identity number, professional address, date of birth, salary or compensation information, function within the organisation, professional e-mail address, , financial account information data reported regarding suspected misconduct, data related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS. Some of this personal data is collected from other sources and not directly from you, respectively from the whistleblower, other business partners and from publicly available sources.
Grounds for processing: Depending on the jurisdiction where the processing takes place, the processing is either necessary (i) for ensuring compliance with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, which includes maintaining our reputation and to act appropriately in all the countries in which we do business.
In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
3.5 Data processing as obligation imposed by the law
Purposes: we process your data in the context of providing the services in order to ensure compliance with the legal obligations incumbent to us, for example, in order to comply with lawful requests from public authorities, courts of law, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: this processing is necessary to ensure compliance with a legal obligation incumbent to us.
3.6 Direct marketing
Purposes: we process your personal data in order to provide to you in electronic form our newsletters promoting our services and products, but only if you have subscribed and, hence, given your express consent to such processing. We use your personal data to decide which marketing communications will be sent to you. Generally, these decisions do not have any legal effects concerning you or do not significantly affect you. In cases the decisions would entail such adverse effects to you, you will be provided, prior to the processing, with details on the logic involved, as well as the significance of the possible consequences of such processing, In these cases you have the right to obtain human intervention, to express your point of view and to consent such decisions. For example, we may tailor the marketing communications you receive based on the industry you activate, job title and preferences that you have selected.
Categories of personal data and sources: name, email, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for sending marketing communication, we rely on your express consent to such processing. You can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective communication or by using the contact details indicated in this Privacy Policy. For deciding which marketing communication is suitable for you, we rely on our legitimate interests of undertaking appropriate promotional activities. However, where we are required to do so by applicable law, we will get your express consent for such segmentation, for example, in case the decisions taken following the segmentation process would have any legal effects concerning you or would significantly affect you.
4. If you are a representative or contact person of a ORIS supplier, subcontractor or other business partner
4.1 Supplier Due Diligence and Reporting
Purposes: we process your personal data to undertake due diligence before commencing the contractual relationship with the entity you represent or are employed by. If and to the extent requested or permitted by law, this may include anti-money laundering checks, anti-bribery, corruption checks. We perform such due diligence to ensure that the relationship with you is appropriate and that any potential risks are identified and managed prior to commencing the contractual relationship with you.
Categories of personal data and sources: name, e-mail, phone, fax, address, data resulting from the due diligence carried out, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from other sources and not directly from you, respectively from the entity you represent or are employed by, our service providers, business partners and publicly available sources.
Grounds for processing: depending on the jurisdiction where the processing takes place, the processing is either necessary (i) to comply with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, including to preserve our business operations and to grow such. In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
4.2 Maintaining our contractual relationship with the entity you represent or are employed by
Purposes: We process your personal data for the following purposes: (i) negotiating the terms of the relationship with the entity you represent or are employed by and concluding the agreement, (ii) maintaining our contractual relationship with the entity you represent or are employed by, (iii) communicating with you with respect to your requests and any other relevant business-related matters, (iv) facilitating payment for goods and services.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: we rely on our legitimate interest in managing the relationship with the entity you represent or are employed by.
4.3 Management of contractual partners database
Purposes: we process your personal data for management of contractual partners database, namely for (i) creating, managing and maintaining a database of our contractual partners, (ii) keeping records relating to our contractual partners, including minutes of meetings and other notes.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: we rely on our legitimate interests of operating our business, which includes taking the necessary steps for facilitating the relationship with our contractual partners.
4.4 Management of legal claims and risks
Purposes: we process your personal data in connection with our legal rights and obligations, for the following purposes (i) taking the necessary measures to enforce or defend any legal claims made by, against or otherwise involving you, (ii) periodical reporting at group level, and (iii) checking and keeping records to ensure that our suppliers and subcontractors have appropriate qualifications and training to ensure safe working on our sites (supplier training records).
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for this processing, we rely on our legitimate interests of operating our business, which includes taking the necessary measures to protect our business. In respect of the supplier training records, the processing thereof may be based, depending on the jurisdiction, on the legal obligations incumbent to us.
4.5 Whistleblowing
Purposes: we use a specific platform to enable reporting of suspected misconduct related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS policies and directives and to conduct investigation on the reported issues.
Categories of personal data and sources: name, e-mail, phone, fax, address, passport number, national identity number, professional address, date of birth, salary or compensation information, function within the organisation, professional e-mail address, , financial account information data reported regarding suspected misconduct, data related to potential breaches of applicable laws, ORIS code of business conduct and other ORIS. Some of this personal data is collected from other sources and not directly from you, respectively from the whistleblower, other business partners and from publicly available sources.
Grounds for processing: Depending on the jurisdiction where the processing takes place, the processing is either necessary (i) for ensuring compliance with a legal obligation incumbent to us or (ii) to achieve our legitimate interests of taking the necessary measures to protect our business, which includes maintaining our reputation and to act appropriately in all the countries in which we do business.
In case some of the personal data have a special regime under the data protection laws, we will process such data to the extent one or more of the guarantees prescribed by the law for processing such data are applicable.
4.6 Data processing as obligation imposed by the law
Purposes: we process your data in the context of providing the services in order to ensure compliance with the legal obligations incumbent to us, for example, in order to comply with lawful requests from public authorities, courts of law, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: this processing is necessary to ensure compliance with a legal obligation incumbent to us.
4.7 Direct marketing
Purposes: we process your personal data in order to provide to you in electronic form our newsletters promoting our services and products, but only if you have subscribed and, hence, given your express consent to such processing. We use your personal data to decide which marketing communications will be sent to you. Generally, these decisions do not have any legal effects concerning you or do not significantly affect you. In cases the decisions would entail such adverse effects to you, you will be provided, prior to the processing, with details on the logic involved, as well as the significance of the possible consequences of such processing, In these cases you have the right to obtain human intervention, to express your point of view and to consent such decisions. For example, we may tailor the marketing communications you receive based on the industry you activate, job title and preferences that you have selected.
Categories of personal data and sources: name, e-mail, phone, fax, address, as well as other personal data you may provide directly to us, as needed to fulfill this purpose. Some of this personal data is collected from the entity you represent or are employed by.
Grounds for processing: for sending marketing communication, we rely on your express consent to such processing. You can always withdraw your consent expressing thereby your option of not receiving our newsletters in the future by clicking “Unsubscribe” when you receive the respective communication or by using the contact details indicated in this Privacy Policy. For deciding which marketing communication is suitable for you, we rely on our legitimate interests of undertaking appropriate promotional activities. However, where we are required to do so by applicable law, we will get your express consent for such segmentation, for example, in case the decisions taken following the segmentation process would have any legal effects concerning you or would significantly affect you.
5. If you are a member of general public
5.1 Management of communication received from members of general public
Purposes: we process your personal data to receive and respond to your requests or communication and to take the necessary actions to manage the communication. We process your personal data to keep a record of your communication if requested by law or in case such processing is necessary to enforce or defend any legal claims made by, against or otherwise involving you.
Categories of personal data and sources: personal data that you provided to us within the request or communication and during the correspondence with you.
Grounds for processing: we base this data processing activity on our legitimate interest in operating our business, which include receiving and keeping records of the communications received, managing and taking all necessary measures to enforce or defend any legal claims made by, against or otherwise involving you.
6. For all above categories of data subjects
6.1 Changes in structure or similar transactions involving ORIS
Purposes: we may also process your data in the context of changes in structure or similar transactions involving ORIS.
Categories of personal data and sources: personal data processed for the initial purposes as indicated above in subsection 1-5.
Grounds for processing: in this case, the grounds for processing may be represented by (i) the legal obligation (in case ORIS is legally obliged to disclose certain personal data to public authorities), and (ii) the performance of the agreement concluded by ORIS in the context of such transaction (if you are a party to such agreement) or the legitimate interest of ORIS to carry out the transaction in the most effective manner (in the rest of the cases).
PROVISION OF PERSONAL DATA
When we request you to provide us your personal data, ORIS kindly asks you to provide all categories of personal data we request.
You will be free to refuse the provision of your personal data, however if you do withhold specific data we may not be able to continue our relationship with you or otherwise provide you the services requested from us, when:
- the processing is necessary to comply with a legal obligation or to perform the agreement to which you are a party, or
- we shall not be able to achieve the processing purposes described above without processing such data.
If you provide us personal data of other natural persons, we kindly ask you to communicate to them the modality in which ORIS intends to process their personal data, as described in this Privacy Policy, before such disclosure.
DISCLOSURE OF YOUR PERSONAL DATA
To achieve the aforementioned purposes and to the extent necessary, we disclose or we may disclose your personal data to the following categories of data recipients:
1. other companies that are part of the ORIS and group affiliated;
2. central/local public authorities, government agencies, governmental providers of healthcare services, social security authorities and other authorities;
3. providers of payment services;
4. providers of analysis services;
5. providers of IT support services, storage and hosting services;
6. accountants, attorneys and providers legal and financial services;
7. providers of travel and accommodation services;
8. providers of tax and financial services, providers of benefits, payroll managers;
9. providers of HR services;
10. agents, consultants, contractors and other third parties that provide services to ORIS;
11. brokers, banks, insurance agents;
12. professional organisations (trade unions);
13. other contractual partners of ORIS and group affiliated to whom data should be disclosed so that they may provide the services covered by the relevant contracts;
14. any other individuals or entities to whom data should be disclosed upon request from you.
We disclose your personal data to the above-mentioned data recipients:
- if we are under an obligation or have permission to do so by law or in the context of legal proceedings, for instance to enforce a court ruling or to comply with a request made by a law enforcement agency;
- if we deem that the disclosure is necessary or appropriate in order to prevent physical harm or financial loss;
- in relation to an investigation into a fraudulent activity or other unlawful activity, actual or suspect;
- if we sell or transfer our business or assets, entirely or partially (including in the event of a reorganisation, winding-up or liquidation of business);
- for other legitimate interests justified by ORIS.
DURATION OF THE PROCESSING
We will retain your personal data for as long as is reasonably necessary for the purposes explained in this Privacy Policy. For example, your personal data is retained during your relation with ORIS, and afterwards for a subsequent period necessary for ensuring compliance with the applicable law.
YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
Right of access: allows you to obtain confirmation that your personal data are being processed by us and, if affirmative, the relevant details of such processing activities, as well as a copy of your personal data.
Right to rectification: allows you to rectify your personal data if inaccurate.
Right to erasure: allows you to obtain the erasure of your personal data in certain cases (e.g., if the data are no longer necessary in relation to the purposes for which it was collected).
Important! We will not be able to act on such requests in all cases, such as where the law compels us to keep data for a certain period, or where the data are necessary for a legitimate interest such as the defence of a right in court.
Right to restriction: allows you to request us not to use your personal data in any way except to store it until another request from you is resolved, namely: (i) you have requested the rectification of the data; (ii) you have opposed the erasure of the data in the case of unlawful processing; (iii) you have required us to provide you with certain data for the defence of a right; (iv) you have objected to the data processing.
Right to object: allows you to object to further processing of your personal data within the conditions and limits set forth by law.
Important! The law compels us to act on such requests only for direct marketing processing (e.g., if you receive e-mails with our informative notes, you can unsubscribe). In the other cases, we will balance our interests and your particular situation in order to make a final decision. Therefore, please explain why you object to the processing when making such a request.
Right to portability: allows you to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another data controller.
Important! The law compels us to act on such requests only for the data previously processed based on your consent or on the performance of the contract concluded with us and only if the processing is carried out by automated means.
You may exercise your aforementioned rights and find out more about the processing of your personal data by sending a request to hello@oris-connect.com.
You also have the right to file a complaint with the competent data protection authority.
This Privacy Policy is in force as of September 2021.
We may amend this Privacy Policy from time to time, for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business.