Privacy NoticeJuly 2021
BOLTTECH GLOBAL PRIVACY NOTICE
bolttech and our associated companies (collectively referred to as "bolttech", "we", "us") is committed to protecting the personal data of individuals. We take your data protection rights and our legal obligations seriously and have implemented a global data privacy program to establish and maintain high standards for processing personal data. This global privacy notice is the foundation of that program and explains our commitments when processing personal data.
SCOPE OF THIS NOTICE
This notice applies to our processing of personal data globally, in relation to our customers, contractors, business partners, policyholders and other individuals.
Data protection compliance obligations vary from country to country and where applicable local laws require higher standards of protection or further information to be provided to you, they shall prevail. We have separate privacy notices which explain in more detail how we collect and use personal information in relation to specific processing activities in the regions in which we operate. Please see the More Information section below to request more information from us.
Our objective is to ensure all relevant legal and regulatory requirements are complied with. Our internal data governance procedures are monitored on a regular basis to maintain compliance. We commit to ensuring, wherever you are in the world, that we will adopt the following principles:
We ensure personal data is collected and used in a fair, lawful and transparent manner. We maintain up-to-date internal and external privacy notices which clearly explain how we use personal information.
We ensure personal data is obtained for specified, explicit and legitimate purposes and will not be further processed in any manner incompatible with those purposes. Our policies and staff training highlight the principle of data minimisation, which we flow into the way our business processes function. We will only use your personal data as anticipated in the original privacy notice provided.
We ensure personal data we process is adequate, relevant and not excessive in relation to the purposes. We take care to ensure that we only process personal data where there is a clear business justification or legal need to do so.
We ensure personal data we process is accurate and, where necessary, kept up to date. We take regular steps to refresh and clean our personal information databases.
We ensure that personal data is not kept for longer than necessary for the purpose for which it was collected. We operate a data retention policy which ensures that we balance privacy with legal obligations wo retain important records.
We implement appropriate technical and organisational security measures to prevent unauthorised or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration or damage to personal data we process. Where personal data is transmitted outside of our group, a secure medium is used and we put written agreements in place with third party recipients which set out the required level of security standards that we expect. Where we use third parties to process personal data on our behalf, we ensure they commit to implementing appropriate technical and organisational measures to safeguard the data they process for us and to only process the data as we have requested.
We process data in a manner which respects individuals’ rights. We ensure individuals have the ability to access their personal data and exercise their rights where required under applicable local data protection laws.
We have a responsibility to and will ensure we process personal data in a responsible and legally compliant manner. We implement appropriate governance, policies, processes, controls and other measures necessary to demonstrate that our processing of personal data is in accordance with this policy and applicable data protection laws. We ensure proper training, supervision and instruction of our employees and monitor the implementation and compliance to this policy across our business.
If you have any questions about this notice or would like to access the information it contains in a different format please contact:
firstname.lastname@example.org for all European privacy matters;
and email@example.com for all other privacy matters,
or send your query by post to:
Attention: Group Privacy Officer,
Bolttech 25/F, Unit 2501-06, FWD Financial Centre,
308 Des Voeux Road Central, Hong Kong.
Bolttech has a dedicated Group Data Privacy Officer (“DPO”) who has primary responsibility for managing privacy and data protection risk (working closely with our legal counsel and business division leaders). Our Group DPO can be contacted here firstname.lastname@example.org.
The bolttech entity responsible for your personal information will be the member of bolttech that originally collects information from or about you. This will be explained in separate privacy notices made available when your personal data are first collected by that bolttech entity, for example where you or the business you work for engages us to provide a service.
You can find out more about bolttech at www.bolttech.io or by contacting us.
UPDATING THIS NOTICE
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice.
You might find external links to third party websites on our website. This notice does not apply to your use of a third party site.