Terms and Privacy Policy
Data Protection Policy
SENTINEL PERFORMANCE SOLUTIONS LIMITED
DATA PROTECTION POLICY
1 Introduction
This policy has been adopted by Sentinel Performance Solutions Limited [and all its branches, subsidiaries and affiliates worldwide] ("Sentinel") in order to provide consistent treatment of personal data. Sentinel shall apply the following criteria and controls in connection with the processing of personal information.
In order to operate in the business environment and to comply with its legal and regulatory obligations, Sentinel needs to collect and use certain types of information about individuals with whom it deals including current, past and prospective employees, suppliers, distributors and customers.
It is Sentinel's policy to comply with the laws of the jurisdictions in which its members do business, to keep personal data secure and to use it in a fair and lawful manner consistent with individuals' existing legal rights.
2 Data Protection Officer
Sentinel shall appoint a Data Protection Officer who shall be responsible for overseeing implementation of and compliance with this policy.
3 Content and retention of personal data
Personal data collected and processed by Sentinel shall be:
(a) adequate, relevant and proportionate to the purpose(s) for which the information is processed;
(b) accurate and, where necessary, kept up to date; and
(c) kept for no longer than is necessary given the purpose(s) for which the information was processed subject to any applicable legal or regulatory requirements.
4 Sensitive Personal data
Sentinel shall handle sensitive personal data with particular care. If any staff member intends to collect and/or process such personal data, they must have the prior approval of the Data Protection Officer or comply with established internal guidelines to ensure that appropriate notifications to individuals have been given and any required consents obtained. In the former instance, the Data Protection Officer shall consider whether he/she should consult further to ensure that appropriate notifications to individuals have been given and any required consents obtained.
5 Security
Appropriate technical and organisational measures shall be taken by Sentinel designed to ensure that personal data remains confidential and secure against unauthorised or unlawful processing and against accident, loss or destruction or damage.
Where a third party service provider is used to process personal data on behalf of Sentinel, the Sentinel shall enter into a written contract with that service provider under which the service provider agrees to act only on the instructions of Sentinel and to have in place appropriate security measures.
6 Transfers of personal data
It is essential that any transfers of personal data outside Sentinel to third parties are subject to safeguards to ensure an adequate level of protection. Such transfers shall comply with established internal guidelines to ensure that appropriate notifications have been given and any required consents obtained or rights to object provided. In particular, Sentinel will require third parties to agree to comply with appropriate privacy and information security standards designed to ensure an adequate level of protection, unless they are located in an EEA country or other country which has been recognised by the European Commission as providing adequate protection, and the conditions pertaining to the transfer of such data may need to be set out in a contract.
In the case where Sentinel becomes a third party, for example because it has been acquired by a new owner, then that entity shall either enter into contractual arrangements which will govern the future processing of personal data transferred to it under this policy to ensure adequate protection or shall, if requested to do so, immediately destroy or return such personal data that is in its possession or control, and shall certify in writing that it has done so, unless this is prohibited by the national law or regulator of the country in which it processes the personal data. Where this is the case, to the extent allowed under such requirements, the personal data will be kept secure and confidential and will no longer be actively processed.
7 Purpose of processing and notification
Where personal data is collected directly from an individual, Sentinel shall, so far as practicable, and in compliance with relevant legal requirements and exemptions, make sure that the individual is informed or otherwise made aware of the purposes for which Sentinel intends to process the personal data.
Similarly, where personal data is collected from a third party, Sentinel shall, so far as practicable, and in compliance with relevant legal requirements, make sure that the individual is informed or otherwise made aware of the purposes for which Sentinel intends to process the personal data unless a relevant exemption is applicable. For example, an exemption may apply in the case where the provision of the information would involve a disproportionate effort.
Save as may be required by law or regulation, Sentinel will collect, use, transfer and retain personal data only for purposes which are not incompatible with the notification given or the purpose for which the data were originally collected or subsequently authorised by the individuals concerned.
8 Access and right to object
Except where law or regulation provides otherwise, Sentinel will accept requests by an individual for access to his or her personal data held by Sentinel and, if such information is incorrect, requests that it be amended. Where such access and / or amendment is refused, and save as may be required by law or regulation, the individual will be notified and informed of the reasons for the decision and, in the latter case, the fact that the individual considers the information to be incorrect will also be recorded.
In addition, Sentinel recognises the right of individuals to object at any time on compelling legitimate grounds relating to his/her particular situation to the processing of data relating to him/her except where law or regulation provides otherwise: processing will no longer involve those data where there is a justified objection.
Where requests for access have been made, these shall be referred to the Data Protection Officer.
9 Marketing
Sentinel will act on any request from an individual to cease processing his or her personal information for the purpose of direct marketing.
10 Automated Decisions
Sentinel recognises that individuals are entitled not to be subject to decisions that produce legal effects concerning them or significantly affects them which are based solely on automated processing of data intended to evaluate certain personal aspects, such as creditworthiness or performance at work, unless measures are taken to safeguard the individual's legitimate interests. In particular, in such a case, individuals have the right to know the logic involved in the automated decisions.
11 Legal Rights
This policy is designed to ensure that the legal rights of individuals are protected, in particular as regards the rights provided by the EC Directive 95/46, but it does not create new legal rights for individuals.
12 Disputes
Sentinel shall retain responsibility towards the individuals whose personal data it collects and will address, in a fair and timely manner, disputes or complaints from individuals about how their personal data is collected or used by Sentinel, and will ensure that redress is provided where appropriate.
13 Mandatory requirements of national legislation
The criteria and controls specified in this policy shall apply subject to the mandatory requirements of the national legislation applicable to Sentinel that do not go beyond what is necessary in a democratic society: that is, if they constitute a necessary measure to safeguard public security; the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions; an important economic or financial interest of the State; national security; defence; the protection of the individuals whose data are being processed or the rights and freedoms of others; or - in the case of the first three of these - they constitute a monitoring, inspection or regulatory function connected with the exercise of official authority.
14 Contacts
Any questions about this policy should be directed to the Data Protection Officer.
Product enquiries
Find out more