GDPA MEMBER PRIVACY COMPLIANCE PORTAL
EMIN HASIC
HEREIN REFERRED TO AS THE (ENTITY)
SINCE 9TH JUNE 2018 CERTIFICATION NUMBER: 80302
We are 100% committed to protecting your data, the same way we wish our own personal data to be protected by others. If you have any concern, please reach out to us. Our policy herein is designed to meet our local Data Privacy Regulation, including regulations of other jurisdictions where applicable. Should you find any aspect which does not meet our obligation towards you, please feel free to let us know via the Communication Options provided at the end of this page and we will address the matter accordingly.
CONSENT FORM
We request your consent to use the personal data you enter below. This permits us to fulfill our obligations to you. At anytime you can exercise your RIGHTS regarding your personal data that we may have in our possession. We never request excessive personal data/information just for the sake of it and are able upon request to justify the reason as to why we are requesting such data/information and its purpose.
If you are under our minimum age of consent which is 16 years of age, your details will be permanently deleted within 5 working days if it has not been forwarded by your Guardian.
GDPR PRIVACY POLICY
This Privacy Policy explains the information/data we gather about you, what we use that data for, and who we share it with. It also sets out your rights in relation to your information and who you can contact with your queries.We also tell you why we are able to process your information, whether you have to provide it to us and how long we store it for.
This privacy policy applies to the processing of data provided or collected online, through our sites and applications where this privacy policy is posted whether on our digital properties, or on applications we make available on third-party sites or platforms including:
website: https://www.eminhasic.com
facebook: https://facebook.com/ehauditor
linkedin: https://www.linkedin.com/in/eminhasic/
vimeo: https://vimeo.com/showcase/ehauditor
This policy also incorporates our obligations to comply with privacy regulations on how we collect and process your personal data via offline methods including in person, when sending physical hard copy data/information via postal services/courier (air/sea/road) and all other applicable offline methods.
By providing us with your data, you warrant that you are over the minimum age of consent. If you are not over the minimum age of consent, please provide parental, carer or guardian consent.
We the ENTITY are the data controller and are responsible for your personal data (referred to as “we”, “us” or “our” in this policy).
HOW CAN YOU CONTACT US?
If you have any questions or concerns about your privacy, you can contact us using the “Communication Options” found below. Should you have any complaints, we would be grateful if you contact us first.
HOW DO WE COLLECT YOUR PERSONAL DATA?
By providing us with your information data, you warrant to us that you are over the age of consent as defined in the Consent Form above.
We collect data about you through a variety of different methods.
Direct interactions: For example, when you fill in forms on our website (or otherwise) or by communicating with us in person, by post, phone, email or otherwise, including when you:
• Order our products or services.
• Create an account on our site.
• Subscribe to our services or publications.
• Request resources or marketing be sent to you.
• Enter a competition, prize draw, promotion or survey.
• Give us feedback.
Automated technologies or interactions: As you use our sites, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. For further details regarding cookies, please see cookies tab below.
Third Party or publicly available sources: Sometimes we will collect personal information from a third party or a publicly available source. When this occurs, we rely on the person providing us with that personal information having the right to do so. We don’t guarantee website links or policy of authorised third parties.
WHAT INFORMATION DO WE COLLECT?
We may collect personal information from you in the course of our business, including through your use of our Site, when you contact or request information from us, when you engage our services, or as a result of your relationship with one or more of our staff or clients.
To manage the different aspects of our relationship with you, we may collect the following personal information:
• Name and job title.
• Contact information including the company you work for, email address and social media account where appropriate.
• Demographic information such as your address, preferences and interests.
• Other information relevant to the provision of Services.
• Payment information.
• Information that you provide to us as part of us providing the Services to you
• Other information relevant to the provision of Services.
• Curriculum vitae, including your age and/or gender if you provide it to us, your education, employment history and similar matters and similar information that you may provide to us.
• Other information relevant to potential recruitment by us.
We collect this information to help us:
• Verify your identity.
• Deliver our services.
• Improve, develop and market new services.
• Carry out requests made by you on the site or in relation to our services.
• Investigate or settle enquiries or disputes.
• Comply with any applicable law, court order, other judicial processes, or the requirements of a regulator.
• Enforce our agreements with you.
• Protect the rights, property, or safety of us or third parties, including our other clients and users of the Site or our Services with recruitment purposes.
• Use as otherwise required or permitted by law.
HOW DO WE USE YOUR INFORMATION?
We may use your information for the following purposes:
Fulfilment of Services: We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services. Please note also that our Terms of Business apply when we provide the Services.
What is our legal basis? It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you. It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
Client Services: Our Site uses various user interfaces to allow you to request information about our Services including electronic enquiry forms and conference call service. Contact information may be requested in each case, together with details of other personal information that is relevant to your Service enquiry. This information is used to enable us to respond to your requests.
What is our legal basis? It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
Business Administration and Legal Compliance: We use your personal information for the following business administration and legal compliance purposes:
• To comply with our legal obligations.
• To enforce our legal rights.
• To protect the rights of third parties.
• In connection with a business transaction such as a merger, or a restructuring, or sale.
What is our legal basis? Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
Recruitment: We use your personal information to assess your suitability for any of our available positions for which you may apply, whether such application has been received by us online, via email or by hard copy or an in-person application.
What is our legal basis? Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for our company. We will not process any special category data except where we are able to do so under applicable legislation or with your explicit consent.
Marketing communications: We may carry out the following marketing activities using your personal information:
• Postal marketing.
• Email marketing.
We may use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services to send you marketing communications.
We will only send you marketing communications where you have consented to receive such marketing communications, or where we have a lawful right to do so.
What is our legal basis? It is in our legitimate interest to use your personal information for marketing purposes.
Client insight and analysis: We analyse your contact details with other personal information that we observe about you from your interactions with our Site, our email communications to you and/or with our Services such as the Services you have viewed.Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal information from the computer hardware and software you use to access the Site, or from your mobile. This includes the following:
• An IP address to monitor Site traffic and volume.
• A session ID to track usage statistics on our Site.
• Information regarding your personal or professional interests, demographics, experiences with our products and contact preferences.
Please see our Cookie section below for further information.
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of offers our registered users like to see.
We also use this information for marketing purposes (see the marketing section above for further details).
What is our legal basis? Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details, where available.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?
Depending upon the specific context in which we collect your personal data, our legal basis for processing will be one or more of the following:
• We have obtained your consent.
• To perform our obligations in accordance with any contract that we may have with you.
• It is in our legitimate interest to use your personal information in such a way to ensure that we provide the Services in the best way that we can.
• It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
If you have questions about the legal basis on which we collect and use your Information, please contact us using the details provided in the Contact Us section below.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We may share personal information with a variety of the following categories of third parties as necessary:
• Our professional advisers such as lawyers and accountants.
• Government or regulatory authorities.
• Regulators/tax authorities/corporate registries.
• Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers.
• Third parties engaged in the course of the services we provide to clients,
• Third party service providers to assist us with client insight analytics, such as Google Analytics.
• Third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
WHERE DO WE TRANSFER YOUR DATA?
In order to provide our services, we may need to transfer your personal information to locations outside the jurisdiction in which you provide it. This includes to individual companies within our family of companies, or third parties in locations around the world for the purposes described in this privacy policy. Wherever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. These steps may include implementing standard contractual clauses where recognised by law, obtaining your consent, having a lawful basis for transferring personal information or other lawful means of transferring personal information.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 3 months.
HOW DO WE KEEP YOUR PERSONAL INFORMATION CONFIDENTIAL AND SECURE?
We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
DO WE ADHERE TO THIRD PARTY PRIVACY POLICIES?
You will find a list of all our social media links in the “Introduction” tab above. Separate to our own privacy policy, we also adhere to the privacy conditions of each social media platform we subscribe to.
Find below links to the privacy policies provided by the social media platforms we are or may become members of and to other social media platforms you may find useful.
You may find it beneficial and/or of interest in reading them, so you can understand on how they protect your data and where applicable any provisions they place upon us the Entity in protecting your data.
HOW DO WE RESPOND TO A DATA BREACH?
In the event of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will take the following steps:
• Immediately log the breach.
• Assess the risk to people’s rights and freedoms.
• Where required, report this breach to the affected individual(s) and the appropriate supervisory authority(ies).
• Conduct a Full Audit and based on the findings, update the security procedures and security measures to mitigate the chances of a similar breach reoccurring.
WHAT SHOULD YOU DO IF YOU FALL VICTIM TO A DATA BREACH?
If you believe you have been the victim of a data breach through one of our mediums, either online or offline, report the breach using the Data Breach Register below. We will respond in line with GDPR regulations, and keep you posted on the outcome of our investigation into the breach.
HOW CAN YOU ACCESS YOUR INFORMATION AND WHAT ARE YOUR OTHER RIGHTS?
You have the following rights in relation to the personal information we hold about you:
Your right of access: If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Your right to erasure: You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).
Your right to restrict processing: You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.
Your right to data portability: You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object: You can ask us to stop processing your personal information, and we will do so, if we are:
• Relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing.
• Processing your personal information for direct marketing purposes.
Your right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant Supervisory Authority.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
If you wish to exercise any of these rights, you can do so via the Data Subjects Access Requests portal below.
You will not have to pay a fee. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request, to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex, or if you have made a number of requests. In this case, we will notify you and keep you updated.
HOW DO WE HANDLE CHILDREN’S DATA?
Should we handle children’s personal data, we endeavour to do so by following the GDPR key standards:
BEST INTERESTS OF THE CHILD: We account for the best interests of any child as a primary consideration where any conflict arises, keeping children safe from exploitation risks and protecting their health and well-being.
DATA PROTECTION IMPACT ASSESSMENTS (DPIA): We undertake DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our service and/or come in contact with our products, which may arise from the data processing.
AGE-APPROPRIATE APPLICATION: We undertake a risk-based approach to recognizing the age of individual users. This applies to the standards in the code of all users. Where we rely on consent for any aspects of our services, we obtain parental authorization for under aged individuals.
TRANSPARENCY: Under Article 5(1) of the GDPR we process personal data lawfully, fairly and in a transparent manner in relation to data subjects including children.
DETRIMENTAL USE OF DATA: We do not use children’s personal data in ways that show to be detrimental to their well-being, or that go against industry codes of practice, other regulatory provisions or Government advice.
POLICIES AND COMMUNITY STANDARDS: We uphold our own published terms, policies and community standards (including privacy policies, age restriction, behavior rules and content policies) herein and beyond. It’s our way of saying that we say what we do and we do what we say.
DEFAULT SETTINGS: Our operational settings are set to ‘high privacy’ by default, unless a compelling reason for a different default setting can be shown, taking into account the best interests of the child.
DATA MINIMIZATION: We collect and retain only the minimum amount of children’s personal data where needed to provide the elements of the service in which a child is actively and knowingly engaged. Where applicable children are also given separate choices over which elements they wish to activate.
DATA SHARING: Data relating to children is not disclosed unless a compelling reason to do so is shown, taking into account the best interests of the child.
GEOLOCATION: Geolocation tracking features are switched off by default, unless a compelling reason to switch it on is shown. In such case, an obvious sign for children is shown when location tracking is active. Options which make a child’s location visible to others default back to off at the end of each session.
PARENTAL CONTROLS: Children are provided with age-appropriate information about parental controls. If any of our online service allows a parent or a guardian to monitor a child’s online activity or track their location, then our service will provide an obvious sign to the child when they are being monitored.
PROFILING: Any profiling options are turned off by default. The off by default setting does not mean that profiling is not possible or not permitted. Whenever possible, children are offered control over whether and how their personal data is used. Profiling is subject to a privacy setting and only occurs when there are appropriate measures in place to protect the child from any harmful effects, such as content that is detrimental to their health or well-being.
NUDGE TECHNIQUES: We do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protection.
CONNECTED TOYS AND DEVICES: Should we provide connected toys or devices e.g. a fitness band that records the child’s level of physical activity and then transmits this back to servers, or a home hub interactive speaker device,) it will include effective tools to enable conformance to the code. This includes being clear about who is processing the child’s personal data and what their responsibilities are, anticipating and providing for use by multiple users of different ages, providing clear information about our use of personal data at point of purchase and on set-up, finding ways to communicate just in time information and avoiding passive collection of personal data.
ONLINE TOOLS: Where applicable, prominent and accessible tools are provided to help children exercise their data protection rights and report concerns.
WHAT ARE COOKIES?
A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer. When you visit our site, strictly necessary cookies will be placed on your device.
Cookies enable sites to:
• Keep you signed in
• Remember your site preferences
• Give you locally relevant content
You can change cookie settings, by changing the settings on your browser. To do so, find your chosen browser below and follow the instructions provided. Please note that disabling cookies may interrupt the flow of your information to us and not permit us to meet our obligations to you.
• how to disable cookies on chrome
• how to disable cookies on firefox
• how to disable cookies on edge
• how to disable cookies on mac
• how to disable cookies on ipad
• how to disable cookies on iphone
• how to disable cookies on phone
• how to disable cookies on opera
• how to disable cookies on internet explorer
• how to disable cookies on safari
OUR COOKIE LIST
Below is the list of cookies we use. All Cookies are leveraged to provide site functionality, analytics, advertising and profiling (if applicable) to ensure you get the best experience possible.
COOKIE LIST: EMIN HASIC
STILL HAVE CONCERNS ABOUT COOKIES?
If you are still not comfortable with the cookies we use then reach out to us via the COMMUNICATION OPTIONS below and we will do our best to put any concern you may have to rest.
WHAT IS PRIVACY BY DESIGN?
Privacy by Design (PbD) is a data privacy concept that calls for the incorporation of data privacy protections into the design of information systems, products, and services.
When designing our website(s), or any new personal data information gathering activity, we endeavour to implement “PRIVACY BY DESIGN”, as outlined by the 12 GDPR Principles:
1. Implementing data protection issues as part of the design and implementation of systems, services, products and business practices.
2. Making data protection an essential component of the core functionality of our processing systems and services.
3. Anticipating risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
4. Processing only the personal data that we need for our purposes(s), and that we only use the data for those purposes.
5. Ensuring that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
6. Providing the appropriate communication channels where our members can dialogue with us.
7. Adopting a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
8. Providing individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
9. Offering strong privacy defaults, user-friendly options and controls, and respect user preferences.
10. Using only data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
11. When using other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
12. Using privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.
Rest assured, we are not perfect and have no doubt that we may have not taken certain aspects into account, not because we have ignored them but because they have slipped our radar. Tell us, this is the only way we can improve our service and obligation to YOU via the COMMUNICATION OPTIONS below.
To us, Trust is Everything!
WHAT IS OUR COMMITMENT TO COMPLIANCE?
We are committed to uphold the highest standards when it comes to protecting your personal data and doing the right thing by YOU, as we would expect others to do the right thing by US.
Perfection is something we strive for and is part of our culture. In saying that, we are also human and no doubt will make mistakes. When we do, you will be able to view them via our recorded breaches in the COMMUNICATIONS OPTIONS provided below.
Being a member of GDPA provides us with the knowledge and tools to continually work towards being compliant with the protection you would expect from us.
If you identify any shortfalls we may have, we invite you to contact us directly via the COMMUNICATIONS OPTIONS provided below, and we will come back to you within the shortest possible time-frame during our business hours and work towards correcting the matter and/or clarifying any doubts you may have.
HOW DO WE MANAGE OUR PRIVACY POLICY?
To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.
DATA BREACH REGISTER
CYBER SECURITY REGISTER
COMMUNICATION OPTIONS
You can contact us via traditional post directly to our appointed GDPR Registrar acting on our behalf as our registered European GDPR Secretariat.
Our GDPR Secretariats duties are to view your submission and submit them to us, where we will take the necessary steps in answering you accordingly in-line with the GDPR Regulations and the protection of your personal data.
Please address the mail as follows:
BUSINESS PHONE NUMBER GLOBAL
☎ International: +61 1300 464372
☎ National: 1300 GOGDPA or 1300 464372
BUSINESS HOURS
★ Monday to Friday
★ 9am to 5pm
★ Excluding Public Holidays
Title: DPO
Name: Emin Hasic
Email: emin@eminhasic.com
We have declared ourselves to the applicable Supervisory Authorities.
Following is a detailed list of all Supervisory Authorities: