We may process your personal information for legitimate business purposes to administer our employment, contractual or other relationship with you and to run our businesses. We may collect, use, and transfer your personal information through automated and/or paper-based data processing systems. We have established routine processing functions such as processing for regular payroll and benefits and supplier payments. We also process personal information on an occasional or ad hoc basis in the context of employment and vendor or customer requests for information concerning personal data or requests for correction.
We believe in being transparent about how we handle your personal information. This Privacy Statement («Statement») explains how European Resources Group (ERG) («ERG» «we», «us») handles the personal information of its employees, prospective employees and contractors, customers, vendors and other external parties. ERG adheres to strict data privacy laws such as the General Data Protection Regulation (Regulation (EU) 2016/679) as well as local laws.
This Statement explains in detail the types of personal data we may collect about you and what we do with this personal data. It further describes what measures we take to keep your personal data safe, as well as your rights in relation to the personal data we hold about you. Please see the definitions and glossary to understand the meaning of some of the terms used in this Statement. In addition to this Privacy Statement, we also provide you with a Cookie Statement, which sets out our additional information about your privacy if you use this website.
From employees, job applicants and contractors we may collect as necessary data for managing human resources, including:
- Information you provide us in relation to a job vacancy, for example, personal data you send us via CVs or automated online application forms;
- immigration, right-to-work and residence status;
- identity information;
- emergency contact details and a limited amount of family information
- agency details and hours administration
From website visitors we may collect as necessary data including:
- in relation to your visit to our websites, we will log your internet protocol (IP) address so that it is recognised the next time you visit;
From visitors to our offices and mine sites we may collect personal data to protect our security, safety and legal obligations, including:
- Images from closed circuit television (CCTV);
From customers, suppliers and other external parties we collect personal data, including:
- Details of the transactions you carry out with us;
- personal data that you send us;
- personal data required to conclude a contract with you.
ERG also collects personal data in the course of complying with its legal obligations (for example, to comply with government requests and to undertake due diligence).
We limit our personal data collection and processing to the amount needed for the relevant processing purpose. If your data is to be processed for a different purpose we will inform you of that new purpose.
We may transfer your personal information outside the country where you reside or work, including to countries that do not provide the same level of protection for your personal information as you may expect in your own country, where the following criteria are met:
- Transfers and/or disclosures within ERG will be protected by an Inter-Group Agreement if it is necessary to share personal data outside of the jurisdiction where your personal data was first collected;
- For transfers and/or disclosures outside ERG, the transfer or disclosure is protected by contractual data privacy clauses. This will include an assessment of whether any transfers across national borders comply with applicable data privacy laws;
- The relevant data subjects have consented to the transfer or disclosure; or
- The transfer and/or disclosure is otherwise required by local law or is expressly permitted under local data privacy laws, and that the relevant personal data originates in that jurisdiction.
We keep your data secure and protected against accidental, unauthorised or unlawful processing, including against loss and unauthorised access, destruction, misuse, modification or disclosure. This means we ensure that we have the appropriate technical, physical, and organisational measures in place for all stages of the personal data ‘life cycle.’ Data security obligations apply whether your personal data is stored in hard copy form (e.g., paper) or in electronic form (e.g., in databases). Access to your personal data is provided on a ‘need to know’ basis for parties outside and within ERG.
We require our business groups to immediately report any breaches of your personal data to the ERG Data Privacy Officer for investigation.
Your personal data is kept only for as long as necessary for the lawful purpose for which it is processed (as notified to the relevant individuals), or for the time required or permitted under local laws. After such time, records containing your personal data will be securely destroyed (as in the case of physical records) or permanently deleted (in the case of electronic records) in accordance with ERG’s Data Retention Schedule or as required by applicable local laws.
We take reasonable steps to ensure that personal information is accurate, complete, and current. Please note that you have shared responsibility with regard to the accuracy of your personal information. Additionally, you may:
- request information about how your personal data;
- request access to your personal data;
- seek erasure of your personal data;
- ask for processing of your personal data to cease;
- be notified if a Group business has made a decision about you that is based on automated data processing alone, so that you can request human review of such decision, if necessary;
- complain about processing; or
- withdraw previously given consent regarding ERG’s processing of your personal data.
There are legal exceptions to the exercise of these rights, and ERG will review each request on a case by case basis, referring to the laws of the country where you are located. Your requests for exercising your rights should be referred to the ERG Data Privacy Officer for your region, who can be contacted at: email@example.com.
Consent of a data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.
Breach means a known or suspected breach of:
- our data security obligations;
- any of the other unauthorised storage, destruction, access to or processing of your personal information
Data Privacy Officer means a member of Compliance who is the first point of contact for data privacy questions from a region, as listed on the data privacy page on the ERG website.
Data subject means the individual to whom personal data relates.
Group business: includes all companies, product groups, business units, global functions and corporate offices in the European Resources Group.
Legitimate business purpose: a purpose that is directed at ERG achieving its business objectives and that complies with all relevant laws and regulations.
Personal data: all information relating to any identifiable natural person
Privacy Statement: a notice that needs to be provided to data subjects when we collect their personal data.
Processing: all actions taken in relation to personal data including collecting, using, disclosing, recording, organising, storing, transferring, amending, deleting, destroying, retrieving, accessing, hosting or otherwise handling.
Privacy and Cookie Statement
Your privacy is important to us, and we are committed to ensuring your privacy is respected and protected. As part of this commitment, we have prepared this privacy statement to explain the manner in which we collect, use, disclose and otherwise treat the information of visitors of this website.
This website collects the following analytics:
- Internet Protocol (IP) address of computer or mobile device being used
- web pages requested
- referring web page
- browser used
- date and time
This website does not associate this data to individual user identities.
To enhance your experience on our websites, we use «cookies». Cookies are small text files that we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personal information. Our website collects information and stores it in the form of cookies on your hard drive. You can think of cookies as providing a ’’memory’’ for the website, so that it can recognise you when you come back and respond appropriately.
Most browsers automatically accept cookies. You can set your browser option so that you will not receive cookies and you can delete existing cookies from your browser.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required in order to enable you to use our website.
- Analytical/performance cookies. They allow us to collect information about how visitors use the site and count the number of visitors. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, remember your preferences (for example, your choice of language or region). The information these cookies collect cannot track your browsing activity on other websites.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
This website uses the Laravel framework and Google Analytics, which uses all of the above types of cookies.
You can block cookies by selecting the appropriate setting on your browser that allows you to refuse the storing of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire after 120 minutes.
We will not disclose, rent, sell or otherwise transfer your personal information. However, this website may contain links to other websites. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others.
We are not responsible for the performance of websites operated by third parties or for your business dealings with them. Therefore, whenever you leave this website we recommend that you review each website’s privacy practices and make your own conclusions regarding the adequacy of these practices.
If you have any questions or concerns about this privacy statement or its implementation please contact us via email: firstname.lastname@example.org.
Last updated on: May 25, 2018