Purpose of the document

Unit8’s business activities revolve around data processing and analytics. When dealing with data, we want our conduct to be exemplary. In particular, we only engage in lawful and ethical activities, and we meet or exceed industry best practices with respect to data security and confidentiality.

For the purpose of the General Data Protection Regulation (“GDPR”), the Data Controller is Unit8 SA. 

The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

All questions, comments, requests or complaints regarding this Privacy Policy and its application should be addressed to compliance@unit8.co.

Collection and processing of personal data

The following overall principles apply to the collection and processing of personal data:

• Purpose: Unit8 only collects and processes personal data that are necessary to be able to run its activities.
• Adequacy: Only the data that is needed for running the Company’s activities are collected.
• Accuracy: The Company makes every effort to ensure that the data collected are of high accuracy and quality.

The level of personal data that the Company collects will vary based on the subject and their relationship with the Company. 

• Candidates: The Company collects personal data on past employment and education, in order to be able to make individual decisions on the candidate’s adequacy to the roles. These decisions are not automated.
• Employees and freelancers: The Company collects additional data (such as national ID numbers, bank account details, etc.) in order to be able to meet obligations with regards to contracting, payment of remuneration and social security, and the necessary disclosures to the relevant authorities.
• Clients and suppliers: The Company collects limited amounts of personal data (mostly contact details) in order to be able to manage relationships in a professional and efficient way.
• Website visits, webinar attendance, etc.: The Company may collect contact details and information on current work position to be able to target its communication more effectively.
• Others: Other instances vary on a case-by-case basis, but data collection will always be limited to the extent justified by the immediate purpose of the relationship.

The Company does not collect or process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Furthermore, the Company also does not systematically collect or process publicly accessible areas on a large scale (social networks, etc.).

Uses of personal data

The Company may use personal data for different purposes:

• Company operations (running and developing our business with clients and prospects, administration, accounting, reporting, IT infrastructure, etc.)
• Recruitment and personnel administration.
• Security, quality and risk management.
• Marketing and promotion of the Company’s services.  
• Compliance with legal, regulatory or certifications’ requirements.

Disclosures of personal data

The Company may transfer or disclose personal data to third parties for any of the purposes listed above, including to governmental and professional agencies and third parties who perform services on our behalf (e.g. payroll providers, insurance companies, etc.).

When personal data is disclosed to third parties who perform services on Unit8’s behalf, the Company ensures that such service providers use the data only in accordance with its instructions and that they take appropriate technical and organisational measures to ensure that there is no unauthorised or unlawful processing or accidental loss or destruction of or damage to personal data.

Finally, the Company may also disclose personal data to third-parties when required by law or regulators or for the purposes of, or in connection with legal proceedings. For instances where third parties are required to disclose personal data that have been collected by Unit8, such requests should be addressed to compliance@unit8.co. The Company will make every effort to cooperate with the requesting third party, within the boundaries of existing laws and regulations.

In any case, Unit8 does not sell or rent personal data to third parties.

Storage of personal data

The Company shall retain personal data records for the longest of:

• As long as is necessary for the purpose of which it was collected;
• Any legally required retention period; or
• The end of the liability period in which litigation or investigations might arise with regards to the Company’s activities.

After the applicable retention period(s) have expired, personal data will be deleted or anonymized.

In the case of personal data from employees / freelancers that left or stopped working with the Company, the length of purpose is deemed to not exceed 24 months (starting from the last day of work).

Personal data subject rights

Under the General Data Protection Regulation, all personal data subjects have a number of important rights:

• Accessing their personal data the Company holds;
• Receiving their personal data in a structured, commonly used and machine-readable format;
• Requesting corrections to their personal data;
• Requesting the deletion of their personal data;
• Withdrawing their consent to the Company’s processing of their personal data (where such processing is based on consent);
• Restricting on the processing of their personal data;
• Objecting to the processing of their personal data; and
• Communicating complaints and claiming compensation for damages caused by Company breaches of any applicable data protection laws.

The Company will handle all exercises of data subject rights in accordance with the requirements of applicable privacy law.  Any request to exercise any of these subject rights should be addressed to compliance@unit8.co.

Personal data security

The Company takes appropriate technical and organisational measures to protect personal data from loss, misuse, alteration and destruction. Unit8 personnel having access to personal data may only be granted access to the extent necessary for appropriately performing their duties. All employees and collaborators of the Company are bound by strict confidentiality clauses.

Unit also implemented procedures to deal with any (suspected) data security breach. In accordance with any regulatory requirements, any such breach shall be notified to the appropriate authorities and to the data subjects when required to do so.

The Company regularly monitors its security level and regular testing of these defenses is carried out to ensure their effectiveness.

Privacy Impact Assessments

The Company does not process data in any ways that would require the application of Article 35 of Regulation (EU) 2016/679 of the European Parliament and of the Council on General Data Protection Regulation.