Last Updated, 30.09.2020
1 WHO PROCESSES YOUR PERSONAL DATA?
This Policy applies to the processing of personal data by CPM Switzerland.
For the purpose of this Policy and the GDRP, to the extent any of the above entities process your personal data in connection with use cases identified in this Policy, each will be considered a “data controller” of your personal data. Please note that in some cases we may carry out the activities referred to in this Policy in our capacity as a data processor acting on behalf of our clients. We have made this distinction clear in the Policy.
2 PURPOSE OF THIS POLICY
This Policy explains our approach to any personal data that we might collect from you using this website (the “Site”) and any personal data about you we might collect/process in other situations or interactions with us, and the purposes for which we process your personal data.
This Policy also sets out your rights in respect of our processing of your personal data.
This Policy will inform you of the nature of the personal data about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it or otherwise object to our processing of it for a specific purpose. This Policy is intended to assist you in making informed decisions when using the Site or otherwise providing personal data to us or in other situations where we may process your personal data.
3 HOW TO CONTACT US?
4 TYPE OF PERSONAL DATA WE COLLECT/PROCESS
When we talk about personal data we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other
factors that are specific to them, such as their physical appearance. Categories of personal data we may collect and process about you include: • contact information (e.g. name, physical address, telephone number, email address); • your date of birth; • information about your employment or education history; • information for hiring talent and human resources (e.g. work eligibility status, financial account information, government-issued identification information or dietary requirements); • any additional data that may identify you which you submit to us.
5 HOW WE USE PERSONAL DATA?
Our primary goal in collecting personal information from you is to: i. verify your identity; ii. help us improve our products and services and develop and market new products and services; iii. carry out requests made by you on the Site; iv. investigate or settle inquiries or disputes; v. comply with any applicable law, court order, other judicial process, or the requirements of a regulator; vi. enforce our agreements with you; vii. protect the rights, property or safety of us or third parties, including our other clients and users of the Site; viii. provide support for the provision of our Services; and ix. use as otherwise required or permitted by law. We set out in more detail below the specific ways in which we may use your personal data
➢ All Service Enquiries.
Our Site uses various user interfaces to allow you to request information about our products and services: these include printed and electronic enquiry forms and a telephone enquiry service. Contact information may be requested in each case,
together with details of other personal information that is relevant to your enquiry. This information is used in order to enable us to respond to your requests.
Who do we share your personal information with for this purpose?
We do not share your personal information for this purpose.
What is our legal basis?
It is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best customer service we can to you.
➢ Client Administration
We may collect personal data about our client and potential client contacts to enable us to respond to client requests, to administer client accounts with us, to conduct credit checks (if permitted by applicable law), and to verify and carry out financial transactions for payments made to us.
Our legal basis for processing It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the services requested by our clients in an effective and efficient way.
Who do we share personal data with for this purpose? We may share such personal data with our third party vendors (such as our payment service providers or IT providers), financial institutions, group companies, affiliates, professional advisors, regulatory bodies or other law enforcers or such other third parties as indicated in the in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
If individuals apply for a job with us or otherwise express an interest in working for us, we will collect contact details and CV or resume information from the individual. We use such personal data for the following purposes: a) to assess the individual’s suitability for any position for which they applied (or future positions for which we think the individual may be suitable) including employment or freelancer positions, summer placements or internships and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person application; b) to take any steps necessary to enter into any contract of employment (or otherwise) with the individual; c) to comply with any regulatory or legal obligations in relation to any such application; and d) to review our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation.
What is our legal basis? Where we use personal data in connection with recruitment and talent management it
will be in connection with us entering into a legal contract with them or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment and talent management decisions for CPM United Kingdom Limited or it is our legal obligation to use such personal data to comply with any legal obligations imposed upon us. We will not process any special data except where we are able to do so under applicable legislation or with the individual’s explicit consent .
Who do we share your data with for this purpose?
We may share such personal data with our group companies, affiliates, third party vendors or professional advisers or such other third parties as indicated in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
➢ Marketing communications
We may carry out marketing activities using an individual’s personal data. In particular, we may use personal data to form a view on what we think the individual may want or need, or what may be of interest to the individual. We may use that information to provide individuals with marketing information about our events and services we feel may be of interest. We may also provide individuals with information about media and public relations events.
Our legal basis for processing
We rely on our legitimate interest to process personal data in this way for marketing purposes. However, where the individual is a consumer, we will only send electronic marketing communications or event invitations to such individual with their consent.
We also provide individuals with opt out choices regarding personal data uses, particularly around marketing and advertising. To see how you can opt out of marketing communications, please see the section entitled OPT OUT AND UNWANTED COMMUNICATIONS.
Please note if a third party asks us to share personal data so that they can send electronic marketing communications to particular individuals, we will obtain the relevant individual’s consent prior to sharing the personal data for such purpose.
Who do we share personal data with for this purpose?
We may share your data with our group companies, affiliates, promotions agents, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in DATA SHARING section below in connection with this purpose.
➢ Contact Databases
We collect and maintain data bases containing information about retailers, SME businesses, on-trade premise and consumers which we use to help our clients increase and manage distribution of their products. We may collect this information independently or as data processors acting on behalf of our clients. Such information may include an individual’s name and personal contact information, or business
contact details. The type of personal data that we collect may vary depending on the services we are providing to our client. Data collected will only always be specific and not excessive to fulfil the data processing task. This information may be information that is purchased by our client or our business, voluntarily supplied to us by those individuals through our Site, during a face to face meeting, or in other situations such as a phone call to our contact centre or email contact via a client website.
Our legal basis for processing
It is in our legitimate interests (or those of our client) to process personal data in this way so that we can provide the services requested by our clients in an effective and efficient way.
Who do we share personal data with for this purpose?
We may share such personal data with our clients, group companies, affiliates, third party vendors (such as our IT providers) or professional advisers or such other third parties as indicated in DATA SHARING section below in connection with this purpose.
Business administration and legal compliance.
We may use an individual’s personal data for the following business administration and legal compliance purposes:
• to facilitate the operation or effective management of our group of businesses;
• to enforce or protect our legal rights;
• to deal with complaints;
• to protect the rights of third parties (including where health or security of an individual is endangered (e.g. a fire); and
• in connection with a business transition or sale such as a merger, re-organisation, acquisition by another company, or sale of all or a portion of our assets.
Our legal basis for processing
Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law, such as a court order, to process such personal data.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with the individual’s explicit consent.
Who do we share personal data with for this purpose?
We may share personal data with our clients, group companies, affiliates, agents, partners, third party vendors or professional advisers, emergency service providers or law enforcers or other regulatory bodies (including tax and social security authorities) or such other third parties as indicated in SHARING YOUR PERSONAL DATA section below in connection with this purpose.
➢ Visiting our premises.
If an individual visits any of our premises we may collect contact information as part of our sign in process. We may also capture their image on our surveillance camera or CCTV.
Our legal basis for processing
It is in our legitimate interests to process personal data in this way for security reasons. Who do we share personal data with for this purpose?
We may share such personal with our clients, group companies, affiliates, recruitment partners or agents, third party vendors (such as our IT providers) or advisers or law enforcers or such other third parties as indicated in the SHARING YOUR PERSONAL DATA section below in connection with this purpose.
6 SHARING YOUR PERSONAL DATA
Please note, the types of third parties we share your personal data with set out above is non-exhaustive and there may be circumstances where we need to share personal information with other third parties in order to operate our Sites and to provide our services.
We may share your personal information with any of our group affiliates, or with our agents, partners, clients, contractors, professional advisors or government or regulatory bodies for the following purposes: (a) provide our services to clients or otherwise receive assistance in processing transactions; (b) fulfilment of requests for information, receiving and sending communications, updating marketing lists, analysing data; (c) provision of IT and other support services; (d) to facilitate the operation and effective management of our group of businesses; (e) comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; (f) assistance in other ancillary to the operation of tasks, from time to time. Our agents, partners and contractors will use your information to the extent necessary to perform their functions.
We will not sell your personal information to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of CPM United Kingdom Limited or the division or office responsible for the services.
We will notify you of any other circumstances where we would share your information on a case by case basis.
7 DATA TRANSFERS OUTSIDE OF THE EEA
We may transmit personal data outside the EEA to certain categories of third parties (as listed above in HOW WE USE PERSONAL DATA and more specifically to our Parent Company Omnicom in the US or in other locations globally.
In particular when transferring your personal data outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the European Commission referred to as the “model clauses” which give personal data the same protection it has in Europe; or (3) where we have partners or suppliers based in the US, we
may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
8 HOW DO WE OBTAIN YOUR CONSENT?
Every time a user visits our Site, web analytics software provided by a third party generates an anonymous analytical cookie. These cookies can tell us whether or not you have visited the Site before. Your browser will tell us if you have these cookies, and if you don’t, we generate new ones. This allows us to track how many individual unique users we have, and how often they visit the Site. Unless you have previously downloaded content or subscribed to one of our newsletters on our Site, these cookies cannot be used to identify individuals, they are used for statistical purposes only. If you have previously subscribed or downloaded content from our site, we will know the details you gave us for this, such as name and email address.
Cookies used include:
The expiration date is varying on different analytics tools between 1 and 3 years
User data tied to cookies and advertising IDs is also used to detect and prevent ad fraud and ensure that users don’t see ads that they’ve blocked in the past. In these cases, or in cases where Google stores this data on behalf of its customers (e.g. in Google Analytics), data may be stored for periods longer than those specified above.
SOCIAL MEDIA COOKIES
Social Media providers use electronic tools including ‘Cookies’, ‘Social Plugins’ and ‘Tracking Pixels’ to track your browsing habits, likes and social interactions across the internet in order to build up a profile about you. We enable these on our site to facilitate social sharing.
The expiry date for Twitter and LinkedIn cookies is 30 days and 90 days for Facebook cookies.
10 OPT OUT AND UNWANTED COMMUNICATIONS
To opt-out of any future promotional or marketing communications or any other commercial communications from us, you should send a request to us at the contact information in the section entitled contact details .
11 THIRD PARTY LINKS AND SERVICES
Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies.
We do not monitor, control, or endorse the privacy practices of any third parties.
We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.
13 HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements. The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them. If any personal data is only useful for a short period (e.g. for a specific marketing campaign or in relation to recruitment), we will delete it at the end of that period. Please note that if you are an unsuccessful candidate we may keep your information for a short period. If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list so that we know not to send you further marketing communications in the future.
14 CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL INFORMATION
We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration. For more information click here.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from: • unauthorised access; • improper use or disclosure; • unauthorised modification; and • unlawful destruction or accidental loss.
All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our Services.
15 HOW TO ACCESS YOUR INFORMATION AND YOUR OTHER RIGHTS?
You have the following rights in relation to the personal information we hold about you:
➢ Your right of access.
If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
➢ Your right to rectification.
If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If we’ve shared your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
➢ Your right to erasure.
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
➢ Your right to restrict processing.
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing it. It won’t stop us from storing your personal information though. We’ll tell you before we lift any restriction. If we’ve shared your
personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
➢ Your right to data portability.
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
➢ Your right to object.
You can ask us to stop processing your personal information, and we will do so, if we are:
• relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
• processing your personal information for direct marketing.
➢ Your rights in relation to automated decision-making and profiling. For more information click here. You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
➢ Your right to withdraw consent. For more information click here. If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
➢ Your right to lodge a complaint with the supervisory authority. For more information click here. If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the UK Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO
website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
16 ENFORCEMENT RIGHTS AND MECHANISMS
We will ensure that this Policy is observed and duly implemented. Violations of the applicable data protection legislation in the EEA may lead to penalties and/or claims for damages. If at any time you believe that your personal data has been processed in violation of this Policy, or if you have any inquiries or complaints about the use or limitation of use of your personal data, you may contact the relevant individuals in CONTACT DETAILS section: Please note that if you have a complaint about our privacy practices, you may contact your local EU Data Protection Authority (“DPA”). We are committed to cooperating with DPAs and to comply with their dispute resolution procedures in cases of complaints. We are also committed to complying with any regulations or guidelines that DPAs may issue from time to time in accordance with EEA and Member State data protection legislation. We undertake to register and/or keep our registration updated as a data controller and/or processor in all jurisdictions where we maintain entities in the EEA.