Last updated on Jul 01, 2020.
Sufle aims to respond within 30 days after the receivement of privacy related concerns.
Direct: We acquire personal data from individuals directly through various sources: business cards that are provided from individuals, completed online forms and surveys, subscribed newsletters and bulletins, registered webinars, events or meetings that we host and recruitment documents that individuals provide us at our office. Sufle also might collect personal data directly through contracts created for business relationships, professional services or its software applications.
Indirect: Sufle collects personal data from individuals indirectly through various sources: recruitment service and clients that we work with. Sufle might attribute personal data to its customers relationship management (CRM) processes to improve its offers for business clients, subscribers and individuals.
Public Sources: Sufle collects personal data from the sources that are open to the general public such as news articles, sanctions lists, Internet searches and so on.
Social and professional network platforms: When individuals register or login to our website using social media (Facebook, Twitter, Google or LinkedIn) in order to authenticate their identity or connect social media login information with this website, Souffle might collect information needed for the registration or login process that is permitted by the relevant social media provider. This particular information might be name, e-mail address and additional details based on the individual’s privacy settings on the social media platform. Individuals who want to set and control the information shared with this website can change their privacy settings and controls on the relevant social media platform.
Business clients: The professional services we perform for our business clients might engage sharing personal data controlled by our clients if needed. Examples include audit processes undertaken for the compliance assessments that involve employee information. Our professional services might also include processing personal data that is controlled by our clients on behalf of them on our hosted applications. This type of collection and processing of personal data is subject to different privacy terms, policies and notices.
Recruitment services: Sufle may collect personal data from candidates that apply through employment agencies and other parties such as our former employers.
Personal data that is commonly collected by Sufle to conduct our business processes:
Sensitive personal data: Sufle does not obtain sensitive or special type of personal data from individuals besides its own employees. Sufle may collect and process sensitive personal data from individuals (that are not employed by Sufle) when it is instructed by a third party with the expressed consent of individuals to do so, or when it is required by law. Examples of sensitive data Sufle may collect or hold is given below:
Sufle may collect and use personal data in order to conduct business and provide its product and services based on lawful reasons:
Contracts: Sufle might process personal data to perform its contractual obligations owed to the relevant individuals or to create a contract with them.
Consent: Sufle might collect and use personal data based on the freely consent given by the individuals when they provide their personal data.
Legitimate interests: Sufle might collect and use personal data relying on legitimate interests based on the evaluation of fair, reasonable and justifiable processing. These legitimate interests include:
Sufle aims to be transparent when it collects and uses personal data and why the personal data is needed in the first place. The reasons why Sufle collects and uses personal data includes:
Sufle might occasionally share personal data with the third parties it trusts in order to improve and increase efficiency of its service offerings. These third parties are contractually obligated to protect and secure the data that is shared with them. Sufle might engage with one or more of the following categories of data recipients described below:
Access: Individuals can ask Sufle anytime to verify whether it processes personal data of them and if so, they can ask for specific details of which type of information is processed.
Correction: Individuals can ask Sufle to edit and correct its records if they see any incorrect or incomplete information about them is held.
Erasing: Individuals can ask Sufle to delete or erase any of their personal data after they withdraw their information processing consent or when Sufle does not need the specific information for the initial collection purpose.
Processing restrictions: Individuals can ask Sufle to restrict the processing of their personal data temporarily if they object to the accuracy of their data and prefer to restrict its use instead of asking for erasure. Individuals can also ask Sufle to preserve their personal data to establish or defend a legal claim. A temporary restriction is applied while the legitimate grounds of processing personal data is verified. Individuals can ask for to be informed by Sufle when the temporary processing restriction is lifted.
Data portability: Individuals can occasionally ask Sufle to transmit their collected personal data directly to another company in a structured, machine-readable format if it is technically consistent.
Automated Individual Decision Making: Individuals can ask Sufle to review the decisions made about them in accordance with the automated processing services that might bring legal effects concerning or significantly affecting them, such as profiling.
Right to Object to Direct Marketing Including Profiling: Individuals can object to use of their personal data for Sufle’s direct marketing purposes and activities, including profiling. In this case, Sufle might need to keep some minimal amount of information about them to meet their request of ending marketing for these individuals.
Right to Withdraw Consent: Individuals can withdraw their previously given consent for one or more specified purposes for personal data processing. Withdraw of consent does not affect the legitimacy of any data processing that is done before the withdrawal. Withdrawal of consent might mean inability to offer certain services or products to individuals and if so, they will be informed of the situation.
Individuals who would like to exercise their Data Subject Rights can email: [email protected] Sufle might require some specific information regarding these individuals to confirm their identity and help them access their personal information and exercise any of their data rights. This process helps both Sufle and individuals to ensure the personal data is not disclosed to any other person who has not the right to access this data. These requests can be made with no charges if they are obviously grounded and conscionable. In some cases, Sufle may be unable to meet these requests if they conflict with other lawful grounds.
Sufle exercises necessary technical and organizational security policies and procedures to ensure the protection of personal and sensitive personal data from loss, misuse, change and demolition. Sufle is dedicated to ensure the access to personal data is limited only to those who have justifiable reasons to access. The individuals who have access to the personal data are required to protect the confidentiality of such information as well. Sufle may practice pseudonymisation, de-identification or anonymisation methods to protect the personal data effectively.
Individuals should also be aware that the security concerns involved in transmitting data via the Internet is at their own risk. While the security of data transmission to the website is not completely guaranteed, Sufle aims to protect the security of personal data.