Unit8’s business activities revolve around data processing and analytics. When dealing with data, we want our conduct to be exemplary. In particular, we only engage in lawful and ethical activities, and we meet or exceed industry best practices with respect to data security and confidentiality.
For the purpose of the General Data Protection Regulation (“GDPR”), the Data Controller is Unit8 SA.
The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The following overall principles apply to the collection and processing of personal data:
The level of personal data that the Company collects will vary based on the subject and their relationship with the Company.
The Company does not collect or process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Furthermore, the Company also does not systematically collect or process publicly accessible areas on a large scale (social networks, etc.).
The Company may use personal data for different purposes:
The Company may transfer or disclose personal data to third parties for any of the purposes listed above, including to governmental and professional agencies and third parties who perform services on our behalf (e.g. payroll providers, insurance companies, etc.).
When personal data is disclosed to third parties who perform services on Unit8’s behalf, the Company ensures that such service providers use the data only in accordance with its instructions and that they take appropriate technical and organisational measures to ensure that there is no unauthorised or unlawful processing or accidental loss or destruction of or damage to personal data.
Finally, the Company may also disclose personal data to third-parties when required by law or regulators or for the purposes of, or in connection with legal proceedings. For instances where third parties are required to disclose personal data that have been collected by Unit8, such requests should be addressed to email@example.com. The Company will make every effort to cooperate with the requesting third party, within the boundaries of existing laws and regulations.
In any case, Unit8 does not sell or rent personal data to third parties.
The Company shall retain personal data records for the longest of:
After the applicable retention period(s) have expired, personal data will be deleted or anonymized.
In the case of personal data from employees / freelancers that left or stopped working with the Company, the length of purpose is deemed to not exceed 24 months (starting from the last day of work).
Under the General Data Protection Regulation, all personal data subjects have a number of important rights:
The Company will handle all exercises of data subject rights in accordance with the requirements of applicable privacy law. Any request to exercise any of these subject rights should be addressed to firstname.lastname@example.org.
The Company takes appropriate technical and organisational measures to protect personal data from loss, misuse, alteration and destruction. Unit8 personnel having access to personal data may only be granted access to the extent necessary for appropriately performing their duties. All employees and collaborators of the Company are bound by strict confidentiality clauses.
Unit also implemented procedures to deal with any (suspected) data security breach. In accordance with any regulatory requirements, any such breach shall be notified to the appropriate authorities and to the data subjects when required to do so.
The Company regularly monitors its security level and regular testing of these defenses is carried out to ensure their effectiveness.
The Company does not process data in any ways that would require the application of Article 35 of Regulation (EU) 2016/679 of the European Parliament and of the Council on General Data Protection Regulation.