Accreditation Canada (“AC”) values its relationships with its clients, business partners, board members, technical committee members, patient partners, surveyors, facility, and advisors and anyone else who helps AC achieve its mandate. In furtherance of that mandate, AC s committed to protecting your Personal Information that it may collect, use and disclose, in accordance with applicable privacy law. In cases where privacy laws do not directly apply, AC aspires to meet the standards under the Personal Information Protection and Electronic Documents Act (“PIPEDA”).
- Application. 2
- Important Privacy topics that you need to know.. 2
- How to contact us: 3
- Consent 3
- What is Personal Information?. 3
- What Personal Information do we collect?. 3
- How Do We Collect Your Personal Information?. 4
- How do we use Your Personal Information?. 5
- Disclosure of Personal Information. 6
- Storage and cross border transfer of Personal Information. 6
- How do we protect your Personal Information?. 6
- How long do we retain your Personal Information?. 7
- Links to other websites. 7
- What do we do in case of a security breach?. 7
- Cookies and Embedded Scripts. 7
- Resolving Your Privacy Concerns. 9
- How we conduct Privacy Impact Assessments. 10
- How we check our Privacy practices. 10
- Conflicts and Interpretation of Policy. 11
- Contact Us. 11
- The European Union General Data Protection Regulation. 11
The Policy: Full Version
- Business Partners
AC’s business partners include: (1) surveyors; (2) other contractors, faculty and advisors; (4) patient partners; (5) partners to save lives; (6) sales representatives; and (7) technical committee members. Business partners, in the course of conducting their duties, on behalf of AC, may also have access to and collect Personal Information and Personal Health Information.
The key elements of this Policy are set out below, and the details of which are as set out in the following sections.
AC may collect your Personal Information when you contact AC, act for or represent AC, register with AC, use AC products and services, or otherwise provide AC with your Personal Information. Examples include:
- Client Information: representative’s name, title/position, identifying address (i.e. office number), direct phone number, email address, credit card information, billing information.
- Business Partner Information: name, address, direct phone number, email address, allergy information, as applicable.
- User Generated Information: IP address, information provided in the course of communications with AC.
- Patient Experience/Personal Health Information: Patient narratives and other information collected by AC on behalf of its clients.
Examples of the purposes for which AC may use your Personal Information are:
- To develop products and standards.
- To provide survey services.
- To issue an accreditation services and award.
- To manage personnel and ensure safety of business partners.
Examples of to whom AC may disclose your Personal Information are:
- Affiliated or related entities to enable product and service delivery.
- Third party providers that provide survey services.
- Third party providers that provide safety and security services
- Third party cloud-based storage and computing services.
You have the following choices:
Depending on the products, services or your use of the AC website or portal services, your choices may include the following:
- Cookies Settings and Preferences. You may disable cookies and other tracking technologies through the settings in your browser. While doing so may negatively affect your experience with the use of the AC website, it will not prevent AC from transacting with you, unless AC advises you otherwise.
- Marketing e-mails. You may sign up to AC mailing lists in order to receive promotional and other materials that may be of interest to you. If you no longer wish to receive marketing e-mails from AC, you may choose to unsubscribe at any time by clicking the “unsubscribe” link in the applicable AC email or contact the AC Privacy Officer as set out in the “How to Contact Us”.
- Opt-Outs. You may contact us to opt-out of the use or sharing of your Personal Information, including for marketing or advertising purposes, and/or the provision of your personal information to our business partners for such purposes.
For more information about this Policy, our privacy practices or to obtain access to or correction of your personal information, please email AC’s Privacy Officer at Privacy@healthstandards.org or write to Accreditation Canada, 1150 Cyrville Road, Ottawa, ON. K1J 7S9, Canada.
By using our website or services, or otherwise interacting with us, you consent to the collection, use and disclosure of your Personal Information by AC in accordance with the terms of and for the purposes set out in the Policy. If AC wishes to collect, use or disclose your Personal Information for any additional purposes, it will obtain your express consent (by verbal, written or electronic agreement).
You are free to refuse or withdraw your consent, subject to legal and contractual restrictions. The refusal or withdrawal cannot be applied retroactively. In cases where your Personal Information is required, we may not be able to provide those products and services to you without your Personal Information. We will inform you of the consequences of refusal or withdrawal as appropriate.
Where consent is obtained by a client or business partner of AC for the processing of that Personal Information by AC, we will undertake reasonable measures to ensure that the consent on which we rely – as the basis for the collection, use or disclose – is in compliance with applicable privacy laws, as appropriate.
If you do not agree to the terms of this Policy, you should exit the website, Client Portal, Partner Portal or Surveyor Portal, and cease use of all of AC’s services immediately, or contact AC to withdraw your consent where applicable. Your continued use following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy to the greatest extent permitted by law.
“Personal Information” means any information, in any form, about an identifiable individual or an individual whose identity may be inferred or determined from such information. AC considers business contact information that identifies an individual (e.g. individual’s name, position/title, identifying work address, direct telephone number, or email address) to be Personal Information as intended by this Policy.
This Policy does not apply to aggregate or anonymous information, which subject to agreement, remains in the custody and control of AC.
|Information about our Clients||-Representative’s name
-Identifying address (i.e. office number)
-Direct phone number
-Credit card information
-Identifying billing information
|Information held by our Clients||-Personal health information, when AC operates as an agent and provides survey services to its clients.|
|Business Partners and Board Members||-Name and contact information (i.e. address, email address)
-Emergency contact information and allergy information
-Information required for onboarding (i.e. interview notes)
-Information required to govern the contractual relationship (i.e. SIN), where applicable
|Webinar Attendees||-Name and contact information (i.e. address, email address)
We collect only such Personal Information as we deem to be reasonably required in the circumstances for the purpose(s) for which it is collected.
- Personal Health Information that we collect
AC may collect personal health information directly from individuals, when it acts as a service provider/agent to its clients. For example, AC may be engaged by health care providers to provide survey services. This personal health information, at all times, remains in the custody and control of its clients and AC only operates under the direction of its clients in these circumstances. AC ensures that any of its obligations as an agent, as required by applicable privacy laws, are addressed in each specific circumstance, via contractual measures and by employing reasonable measures to ensures its clients have obtained valid consent to the collection of personal health information, for example.
- Personal Health Information accessed/collected by our business partners
Surveyors may access personal health information in the custody and control of AC’s clients when providing clients with licenced accreditation products and services. Surveyors do not collect any Personal Information, do not remove it offsite and do not disclose it to AC or any third party.
AC and its business partners may also collect personal health information inadvertently during the survey development process (i.e. during a patient experience interview, where personal health information is disclosed by the patient). This information is de-identified at AC’s earliest opportunity and no identifying information is retained by AC. Appropriate consents are acquired at the time the personal information is collected, in line with applicable privacy laws for each particular situation.
Personal Information is collected in the course of the following interactions with AC:
- When individuals create accounts on our website or create (or are provided) accounts with any Client Portal, Partner Portal or Surveyor Portal operated by AC.
- When individuals place orders through our website for goods and services.
- When individuals respond to online or email surveys, or provide information to us in person, in writing, by fax or over the telephone when asked for such information.
- In the course of a licensed accreditation process, where information is uploaded by clients and business partners.
- How do we use Your Personal Information?
We use Personal Information for the following purposes:
- For the performance and delivery of accreditation products and services and related services.
- For the performance and delivery of education and training sessions and webinars.
- To process transactions for the purchase of goods and services.
- To perform activation services and generate reports.
- To improve our products, services and website.
- To enter and maintain contractual relationships with business partners.
- To inform clients of, or offer goods or services or to seek donations.
- To comply with our statutory obligations or any lawful order.
- To provide information reasonably required by debt or equity investors planning to invest or who have invested, directly or indirectly, in any of our entities, businesses or assets, or by our potential or existing donors.
- To generate anonymized or statistical data.
- Transfer of Personal Information to Affiliates, Related Entities and Business Partners
Your Personal Information will be accessible to our affiliates, related entities and business partners, as required for the delivery of our products and services.
- Transfer of Personal Information to Third Party Service Providers
Your Personal Information may be collected by or transferred to third party service providers for processing. Such uses include:
- The delivery of patient experience surveys.
- The de-identification of personal information.
- To ensure the safety of our business partners that travel to foreign jurisdictions.
- The maintenance, review and development of our systems, procedures and infrastructure, including testing or upgrading out computer systems.
Unless permitted or required by the applicable laws, AC does not use Personal Information for other purposes.
- How do we use your Personal Information for marketing?
We may, occasionally, send you information or marketing messages by electronic means (this includes email, telephone, text message (SMS) or automated calls about our products and services, competitions, special offers and for soliciting donations.
Our Affiliates, related entities, and other entities which we have carefully selected (collectively, “Our Group”), may also send you information or marketing messages, depending on whether you have consented.
We may also send you information via email/SMS/other automated means to ask about your marketing preferences. You can confirm whether you would like us and any of the entities of Our Group to send you information or marketing messages by checking the appropriate option.
If you have consented to receive information or marketing messages from us, or any of the entities of Our Group, you can opt out at any time.
We do not disclose Personal Information to any organization or person for any reason except as set out in this Policy, where we have obtained your express consent, or where otherwise permitted by law. Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted without your consent or where AC is obliged to disclose your Personal Information without consent.
Where obliged or permitted to disclose Personal Information without consent, AC will not disclose more Personal Information than is necessary for the relevant purposes of such disclosure.
Hard copies of records containing Personal Information, where they exist, are stored by AC in Ontario, Canada. In most cases, electronic copies of records containing your Personal Information are stored on servers located in Ontario, Canada. Some third party service providers engaged by AC may store your personal information in foreign jurisdictions. Such third party service providers are not engaged to provide services in jurisdictions where foreign storage restrictions exist.
Where Personal Information is accessed, transferred or stored outside of Canada, your Personal Information may be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation.
- How do we protect your Personal Information?
- Physical, technical and organizational security measures
We employ a variety of physical, technical and organizational security measures to maintain the safety of Personal Information.
We offer the use of a secure server. All sensitive financial information (e.g., credit card), any information provided via AC’s websites, Client Portal and Surveyor Portal is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, where it is only accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.
- When engaging third party service providers
The transfer of personal information to third party service providers for processing will occur only after those entities have entered into a contractual arrangement that:
- prohibits the third party from using the information for purposes other than those specified by AC;
- prohibits them from allowing access to or disclosing Personal Information to any other party (unless required to do so by law); and
- requires them to have appropriate safeguards in place to ensure the ongoing protection of Personal Information.
- How long do we retain your Personal Information?
We keep your Personal Information only for as long as it is required. The length of time we retain Personal Information varies depending on the purpose(s) for which it was collected and for which consent was obtained. This period may extend beyond the end of your relationship or contract with us.
Where Personal Information is no longer required for AC’s purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form.
AC may provide links to, or automatically produce search results for third party websites or resources or third party information referencing or linking to third-party websites or resources. AC has no control over such third-party websites and resources, and website users acknowledge and agree that AC is not responsible for the content or information contained therein. When website users follow such a link, they are no longer protected by our Policy, and we encourage you to read the privacy statements or other disclaimers of such other third parties. AC is not responsible for privacy or security practices or the content of others’ websites, services or products.
A “breach of security safeguards” is the loss of, unauthorized access to or unauthorized disclosure of Personal Information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving Personal Information under AC’s custody or control, we will notify you and the appropriate federal or provincial Privacy Commissioners in Canada, in line with the applicable privacy laws. We may also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach. We will keep a record of any breach of security safeguards.
The table below explains the cookies we use and their purpose.
|Universal Analytics (Google)||_ga
|These cookies are used to collect information about how visitors use our website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Read Google’s overview of privacy and safeguarding data (https://support.google.com/analytics/answer/6004245)
|Web Analytics (ClickDimension)||cusid
|These cookies are used to collect information about how visitors use our website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.|
|DoubleClick||__ar_v4||This targeting/advertising helps with tracking conversion rates for ads.|
|We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Read more at YouTube’s embedding videos information page. (http://www.google.com/support/youtube/bin/answer.py?hl=en-GB&answer=171780)
|Hotjar cookie||_hjClosedSurveyInvites||This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.|
|Hotjar cookie||_hjDonePolls||This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.|
|Hotjar cookie||_hjMinimizedPolls||This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.|
|Hotjar cookie||_hjDoneTestersWidgets||This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.|
|Hotjar cookie||_hjMinimizedTestersWidgets||This session cookie is set to let us know whether that visitor is included in the sample which is used to generate funnels.|
You can disable cookies completely, or be prompted prior to a cookie being loaded, by adjusting your browser’s settings. Consult each individual browser’s “help” feature for more information.
Find out how to manage cookies on popular browsers:
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
- Embedded Scripts
An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.
In the event of questions about: (i) access to Personal Information; (ii) our collection, use, disclosure or storage of Personal Information; or (iii) this Policy; please contact AC’s Privacy Officer by sending an e-mail to Privacy@healthstandards.org.
AC will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue.
- How Can You Access or Correct Any Inaccuracies In Your Personal Information?
AC endeavors to ensure that all Personal Information provided by or about you and in its possession is accurate, current and complete, as necessary for the purposes for which we use that Personal Information. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use our best efforts to inform third party service providers or contractors which were provided with inaccurate information to enable those third parties to also correct their records.
AC permits the reasonable right of access and review of Personal Information held by us and will endeavour to provide the Personal Information in question within a reasonable time, generally no later than 30 days following the request subject to applicable law. To guard against fraudulent requests for access, we may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.
We will provide copies of the Personal Information in our possession in a form that is easy to understand or in a summary form where appropriate. AC reserves the right not to change any Personal Information but will append any alternative text the individual concerned believes to be appropriate. AC will not charge you for verifying or correcting your information, however, to the extent permitted by applicable law, there may be a minimal charge imposed if you need a copy of records.
A Privacy Impact Assessment is an evaluation process which allows AC to assess and evaluate privacy, confidentiality or security risks associated with the collection, use or disclosure of personal information, and to develop measures intended to mitigate and, wherever possible, eliminate identified risks.
AC undertakes an appropriate Privacy Impact Assessment prior to the Processing of any Special Category/Sensitive Personal Information to assess the risks associated with such Processing. Special Category/Sensitive Personal Information includes:
- Social Insurance Number, banking and credit card information.
- Passport and Visa.
- Health and genetic/biometric data.
- Any personal information of a minor, under the age of majority (18/19 years depending on the applicable jurisdiction).
- Racial/ethnic background.
- Religion, beliefs or political opinions.
- Gender, sexual orientation or sex life.
- Education, employment history, Trade Union membership.
- Background checks – criminal record.
AC will also conduct a specific privacy impact assessment for all new or significantly revised projects involving collection, use or disclosure of personal information that raise risks of privacy, confidentiality or data security (e.g., high risk of unauthorized disclosure due to aspects of the project), where an existing privacy impact analysis does not already adequately address the risks.
Privacy Impact Assessments are directed by AC’s Privacy Officer.
AC conducts organizational privacy audits as a means to ensure that its compliance framework for privacy and confidentiality are supported by its practices. Privacy audits are conducted to ensure AC’s information processing procedures meet privacy requirements by examining how information is collected, stored, shared, used, disclosed, and destroyed. AC’s Privacy Officer leads the audit, with input from internal stakeholders (e.g., information technology) and/or external auditors.
The audit process may involve:
(1) review of existing policies and procedures for legality, completeness and consistency with the AC’s services and activities; management policies and procedures;
(2) examination of how data is obtained including required notices and/or consents from identifiable individuals;
(3) mapping of data flows through the organization, including access, storage, and disposal;
(4) assessment of sensitivity and security risks of information collected, processed and retained by AC and the necessity of processing and retention of data elements;
(5) recommendations on collection, use, disclosure and retention; access processes and procedures; protections and safeguards; and accountability and compliance monitoring.
Privacy audit results will generally be documented within a report containing: a summary of privacy legislation and principles applicable to AC; a description of the policies and practices of AC relating to privacy and information management; any risk areas identified or gaps with respect to compliance; and prioritized recommendations to address gaps and risk areas.
Privacy audits may be conducted internally by AC or with the assistance of a third party auditor. External privacy audits will be conducted every 3 years.
Should there be, in a specific case, any inconsistency between this Policy and Canada’s federal and provincial privacy laws, as applicable, this Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.
To the extent of any conflict between the Policy in English and any version in another language, the English version shall prevail.
1150 Cyrville Road
Health Assessment Europe ASBL
Rue d’Egmont 11, 1000 Bruxelles
This Policy also contains certain information required by the European Union (“EU”) Regulation No. 2016/679 of 27 April 2016, known as the General Data Protection Regulation (“GDPR”), and mirroring legislation (with the GDPR, the “European Data Privacy Laws”) of the other countries (Norway, Iceland and Liechtenstein) forming with the EU Member States the European Economic Area (the “EEA”), which apply when we process personal data about individuals located in the EEA in relation to (i) the offering of goods and services to these individuals or (ii) the monitoring of their behaviour in the EU or EEA – at the moment we consider that only processing of personal data about individual surveyors in the EEA would fall within the scope of European Data Privacy Law.
- Storage of personal data of individuals in the EEA for processing activities falling within the scope of European Data Privacy Laws
The following provisions apply only to personal data of individuals in the EEA for processing activities falling within the scope of European Data Privacy Laws:
(1) As regards customers, surveyors and other persons with whom we have a contractual relationship as well as their individual representatives, we will hold all personal information for so long as AC is in a contractual relationship. We may then (i) archive the data up to one year after the applicable limitation period has expired or final settlement of any dispute whichever is last and (ii) keep contact details for the purposes of direct marketing for a period of up to 3 years after termination of the contract or last contact made by the relevant individual.
(2) As regards prospects, we keep their contact details for the purposes of direct marketing for a period of up to 3 years after time of collection or last contact made by the relevant individual.
(3) As regards website/app/email users who do not provide us with their contact details, we maintain a log during 18 months before anonymising the data; as regards expiration of cookies, please see above.
Individuals in the EEA are hereby informed that we may transfer and store their personal data in the EEA, Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. “Privacy Shield” accreditation.
- What’s the legal basis for these uses under European Data Privacy Laws?
When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that AC is allowed to process your personal data on the following legal bases.
(i) Legitimate interests. AC is permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The following personal data processing activities are based on this ground:
- contacting or verifying the authority of an individual representing an organisation in relation to the execution or performance of a contract with that organisation and keeping exchanges with that individual as evidence in case of a possible dispute with that organisation;
- anonymising personal data for generating statistics that can be used for, amongst others, improving our products and services and our website;
- improving our products and services and our website when this cannot be done without first anonymising the data;
- providing information to debt or equity investors or donators in order to incite them to invest or donate or continue to do so;
- presenting or communicating on our good or services or requests for donations when we do not need consent;
(ii) Contract. AC is also permitted to process your personal data every time it is necessary for the entry into or the performance of the contract you have agreed to enter with us. If you do not provide the necessary personal data, we will not enter the contact for which it is necessary or we will not be able to carry out our obligations thereunder in case of personal data necessary for its performance.
(iii) Legal obligation. AC is also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.
(iv) Consent. Your consent may be asked for the presenting or communicating on our goods or services or requests for donations when this cannot be done on the sole basis of our legitimate interests, You can withdraw this consent at any time.
(v) Public interest or official authority. AC is also permitted to process your personal data when necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us by the relevant authorities, namely accreditation of health organisations when laid down by applicable EU or EEA country laws.
- Rights afforded under European Data Privacy Laws
When European Data Privacy Laws apply and you are an individual in the EEA, we inform you that you have the rights set out below.
You may exercise these rights by contacting us at the email address indicated in this Policy. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the European Data Protection Laws.
(1) Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so.
In particular, you can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- email, call or write to us (at Communications@healthstandards.org). You can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to 14 business days for this to take place.
- provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- provide us with details of your preferred method of contact (for example, you may be happy for us to contact you by email but not by telephone).
(2) Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data;
- details of the purpose for which the personal data is being or is to be processed;
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers;
- the period for which the personal data is held (or the criteria we use to determine how long it is held); and
- any information available about the source of that data.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
(3) Right to correct any mistakes in your information
As indicated above, you can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
(4) Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate (we will start processing again once we have checked whether or not it is accurate);
- the processing is unlawful but you do not want us to erase your data;
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests.
(5) Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process on the basis of a contract with you or with your consent.
(6) Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
(7) Right to erasure
You can ask us to erase your personal data:
- should we not need your data anymore in order to process it for the purposes set out herein;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- if you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- if your data has been processed unlawfully or have not been erased when it should have been.
(8) Rights in relation to automated decision making
You have the right to have any decision that has been made by automated means and which produces legal effects or has a similar significant effect on you reviewed by a member of staff, it being noted that our processing activities do not fall in that category.
(9) France only – directives for handling personal data after death
If you are in France, we inform you that you may write directives about the handling of your personal information after your death.
(10) Complaints to a European supervisory authority
- Personal Data Breach
Individuals in the EEA are hereby informed that we will also comply with the documentation and notification requirements of articles 33 and 34 of the GDPR in case of a personal data breach as defined in the GDPR.
Effective Date: This Policy was last updated on July 23, 2021.