This Policy describes how the Partners in Performance Group being Partners in Performance International Pty Ltd and its related bodies corporate globally (Partners in Performance/ Us/ We), including the data controller entities specified in the schedule, collects, uses, holds and discloses the personal information it holds about its clients, employees, potential clients or employees, business associates and their employees, as well as visitors to Partners In Performances’ website or users of any products or applications it makes available (You).
This Policy also explains your data protection rights including the rights You have to access your personal information, correct inaccurate information and to object to the use of personal information for the purposes described in the Policy. This Policy also describes our acts and practices in relation to the way we process personal information about our suppliers, contractors and employees.
Last updated: 1 September 2021
This Policy describes how the Partners in Performance Group being Partners in Performance International Pty Ltd and its related bodies corporate globally (Partners in Performance/ Us/ We), including the data controller entities specified in the schedule collects, uses, holds and discloses the personal information it holds about its clients, employees, potential clients or employees, business associates, and their employees, as well as visitors to Partners In Performances’ website or users of any products or applications it makes available (You).
This Policy also explains your data protection rights including the rights You have to access your personal information, correct inaccurate information and to object to the use of personal information for the purposes described in the Policy. This Policy also describes our acts and practices in relation to the way we process personal information about our suppliers, contractors, and employees.
This Policy contains the following sections:
“Personal information” is information or an opinion relating to an individual which can be used to directly or indirectly identify that individual especially by an identifier such as a name or identification number, location data or an online identifier in some instances, it can relate to existing juristic persons (such as companies).
Laws and rules regarding the use of personal information may vary by jurisdiction. Partners in Performance Group members comply with laws and rules which apply to their jurisdiction, or which govern the personal information that they collect and use.
Certain privacy laws may apply based on your or our location, or the location in which the processing of personal information takes place.
We currently collect and process the following information:
You are not required to provide us with your personal information. However if you do not provide it to us, then we may not be able to provide services to You, or otherwise engage or do business with, You or employ you (as the case may be).
Most of the personal information we process is provided to us directly by for example by corresponding with us by phone email, or via other direct interactions with us such as completing a form online.
We also receive personal information indirectly, from the following sources in the following scenarios:
In general, we use and disclose your personal information for the following purposes. To:
We will only use your personal information where we are permitted to do so by applicable law.
In Australia, we may use or disclose your personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in certain other circumstances provided for in the Privacy Act 1988 (Cth) Privacy Act 1988 (Cth) or applicable state and territory privacy laws.
If the EU GDPR or UK GDPR applies (for example because You are located in the European Economic Area or You are in the UK) we process personal information where we have a lawful basis for doing so. This means we collect and use your information only where:
Where information is collected or processed in South Africa, we collect and use your information where:
We may disclose your personal information to:
Partners in Performance is a global organisation, with offices in various jurisdictions. As a global organisation, we cannot limit our processing of an individual’s personal information to the country in which that individual is based. In the course of providing our services, we will likely need to transfer personal information to locations outside the jurisdiction in which you provide it or where you are viewing our website. By using our website, you expressly agree to such transfers.
In some circumstances, we may be required to disclose your personal information to other members of Partners in Performance located in, or outside, your country, which may not have equivalent data privacy laws to where you reside. In appropriate circumstances, we may disclose your personal information to other members of Partners in Performance located in, or outside, your country, which may not have equivalent data privacy laws to where you reside. We will treat personal information collected and sent to us, in accordance with the requirements of any applicable binding corporate rules or local laws relating to privacy. Accordingly, your personal information may be transferred outside of your country and it may be accessed and processed by authorised individuals from any location. By using our website, you expressly agree to such transfers.
For example, wherever your information is processed outside of your country of origin, we will ensure that appropriate mechanisms and/or contractual arrangements are in place to protect your information. We secure any transfers from the EEA or from the UK ensuring that appropriate safeguards are in place (if adequacy decisions are not in place), such as by using European Commission‑approved model clauses (alongside other supplementary technical or contractual measures where necessary).
A current list of countries in which Partners in Performance members are located or operating can be obtained from the Privacy Officer upon request. Contact details are set out in section 9 below.
We also disclose personal information to service providers located outside your country or the country from which the data was provided (collectively the “jurisdiction of origin”). While such third parties will often be subject to privacy and confidentiality obligations, where lawful, such obligations may differ from and be less stringent than the requirements of the privacy laws of the jurisdiction of origin. For transfers from the EEA, we rely on European Commission‑approved model clauses.
Personal information that we collect is stored on on‑site secure physical servers or by on‑line cloud‑based third party data storage providers. All access to data is password protected, and we employ the use of Rights Management Services (RMS) in some circumstances.
Generally, we will only retain your personal information for so long as is necessary to achieve the purpose for which it was collected. In some cases, we may retain your information for a longer period, in which case, it will be retained for as long as we require it for a lawful business purpose or to comply with our legal obligations, for historical or statistical purposes, or otherwise for so long as you have consented to us retaining your information.
Under data protection laws, you have rights including:
As we are required to take reasonable steps to ensure that your personal data remains accurate, please let us know of any changes to the personal data that you have provided to us by contacting us at firstname.lastname@example.org.
You may exercise your data protection rights by contacting the Privacy Officer at email@example.com (subject to exceptions set out in the applicable laws). Your rights may be limited in some cases, such as where we have a compelling reason or are subject to a legal requirement to deny the request. Where personal information is used on the basis of consent, you may withdraw your consent at any time, but this will not affect processing that has already taken place and we may be entitled to continue processing your information where we have another lawful ground upon which to do so.
lf you exercise your rights, we will require you to verify your identity and to specify what information you require. You are not required to pay any charge for exercising your rights.
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing business environment.
If you have any questions about privacy‑related issues, please contact the Privacy Officer by email to firstname.lastname@example.org. Any complaint about our handling of personal information should be made in writing to the Privacy Officer who will respond within 30 days. If the complaint remains unresolved, you can refer it to any data protection authority where you live, where you work or where you feel your rights have been infringed.
EU Representative: Partners in Performance UK Limited
Schedule 1 – Data Controllers for the purposes of EU GDPR, UK GDPR and POPIA