Skip to main content
main content, press tab to continue

Risk intelligence central privacy notice

Risk Intelligence Central is provided on behalf of all affiliates worldwide within the Willis Towers Watson Group which form part of the global Corporate Risk and Broking (“CRB”) business (hereafter referred to as “We” or “Willis Towers Watson”).

This privacy notice describes our collection, use, disclosure and processing of personal information that we collect through Research and Innovation Center online surveys (collectively, the “Websites”). If you would like information about Willis Towers Watson’s privacy practices with respect to its other websites, products, and services, please review our Global Website Privacy Notice.

This Privacy Notice only applies to all Risk Intelligence Central applications excluding Country Information, which is subject to the Privacy Notice of the provider.

Risk Intelligence Central is a web-based platform that provides data and information and allows clients to manage their documents. Risk Intelligence Central is only provided to clients who receive CRB services from Willis Towers Watson or other third parties that help Willis Towers Watson to provide these services. Willis Towers Watson would ensure that it has a legal basis for processing your Personal Information, for example if it is necessary for the Online Terms of Use, or for the legitimate business interests of Willis Towers Watson in providing CRB services and Risk Intelligence Central. Risk Intelligence Central can be accessed via a web portal called One Place.

Categories of personal information we collect
Name, contact information and other identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Customer records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.
Protected classifications: characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
Commercial Information: including records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
Usage data: internet or other electronic network activity Information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Geolocation data: precise geographic location information about a particular individual or device.
Biometric information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. (to the extent permitted and subject to applicable laws)
Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings.
Employment history: professional or employment-related information.
Education information: education information and records.
Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
How we use personal information
Providing support and services and operating our websites
Protecting the integrity of the Services
Analyzing and improving our business
Personalizing content and experiences
Advertising, marketing and promotional purposes
Securing and protecting our business
Defending our legal rights
Auditing, reporting, corporate governance, and internal operations
Complying with legal obligations

1. Personal Information that we may collect from you

Personal Information that we may collect through the websites includes your:

  • Employer or Company’s Name
  • full name and title
  • Business address or place of work
  • Job Title and / or role
  • Preferred Language
  • Contact details such as email, telephone and mobile telephone numbers
  • Your preferences such as contact restrictions and preferred method of contact
  • Any other information which could be regarded as sensitive Personal Information as defined by applicable privacy law and which is provided by you as part of any incident management process.

Once you are accessing and using Risk Intelligence Central, we may also capture:

  • information regarding your dealings with us;
  • any interest you have in relation to our services or our practice areas; and
  • any information you may voluntarily submit to us by completing any form within One Place or Risk Intelligence Central; and
  • details of your usage of Risk Intelligence Central such as dates and durations of access.

Categories of sources of personal information:

  • from you, either directly (i.e., through information you submit to us, including via forms that you may complete and submit through our Website or applications) or indirectly (i.e., by observing your actions on our Websites)
  • from the content of messages, documents and surveys that you may complete on our Websites;
  • from session ‘cookies’ and other similar tools deployed on parts of our Websites that can only be accessed by authenticated users who are logged into the Website (for further information regarding cookies used on our Websites, please see Section 4 below)
  • from our clients in connection with us providing professional services to them

Categories of personal information we collect. While the personal information we collect varies depending upon the nature of the services provided or used and our interactions with individuals, we may collect the following categories of personal information (subject to applicable legal requirements and restrictions):

  • Name, contact information and other identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  • Customer records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, tax ID, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.
  • Protected classifications: characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
  • Commercial Information: including records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
  • Usage data: internet or other electronic network activity Information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
  • Geolocation data: precise geographic location information about a particular individual or device.
  • Biometric information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information (to the extent permitted and subject to applicable laws).
  • Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings.
  • Employment history: professional or employment-related information.
  • Education information: education information and records.
  • Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

2. How we may use your personal information

While the purposes for which we may process personal information will vary depending upon the circumstances, in general we may use Personal Information about you for our legitimate business interests, including the following:

  • Providing support and services: including to provide our services, operate our Websites, applications and online services; to communicate with you about your access to and use of our services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
  • Analyzing and improving our business: including to better understand how users access and use our services and Websites, to evaluate and improve our Websites, services and business operations, and to develop new features, offerings and services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes.
  • Personalizing content and experiences: including to tailor content we send or display on our websites and other services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.
  • Advertising, marketing and promotional purposes: including to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our services or information we think may interest you; and to administer promotions and contests.
  • Securing and protecting our business: including to protect and secure our business operations, assets, services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct
  • Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
  • Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
  • Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.

3. How we share your Personal Information

We may disclose your Personal Information to our affiliates for the uses and purposes set out above, including for marketing the products and services offered by other businesses across the Willis Towers Watson group (subject to applicable laws).

We may also disclose your Personal Information to third parties for the following reasons:

  • to third party service providers, which may include recipients outside your country of residence, such as entities providing customer service, email delivery, auditing, hosting and supporting our Website and providing other services to Willis Towers Watson including the provision of applications, software and externally hosted platforms which may form part of the Websites;
  • if we are obliged to disclose your Personal Information under applicable law or regulation, which may include laws outside your country of residence;
  • in order to enforce or apply our Website terms of use, or to protect the rights, privacy, safety or property of Willis Towers Watson, our clients, Affiliates or other third parties including third party service providers;
  • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
  • in connection with the planning, due diligence and implementation of commercial transactions, including any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) - in such cases, your personal information will be transferred to the acquiring entity.

We request those external service providers to implement and apply security safeguards to ensure the privacy and security of your personal information. These third parties have agreed to confidentiality restrictions and to use of any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.

Aggregate and de-identified information. We may share aggregate or de-identified information, which does not identify and is not linked or linkable to a particular individual, with third parties for research, marketing, analytics and other purposes.

Certain privacy laws (such as the California Consumer Privacy Act (“CCPA”)) require that we disclose the categories of Personal Information that we have disclosed for a business purpose as well as the categories that we have “sold” (as that term is defined under the CCPA or other applicable laws). Please review the descriptions of the categories of personal information under the Personal Information that we may collect from you section above, for further descriptions of each category of personal information.

Categories of personal information disclosed for a business purpose. In general, we may disclose the following categories of personal information in support of our business purposes identified above:

  • Name, contact information and other identifiers

We have disclosed the categories of personal information listed above to the following categories of third parties in the preceding twelve months:

  • Service providers

We do not “sell” Personal information.

4. Other information that we may collect

Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. We may collect Other Information in various ways.

For instance, when you visit our Websites, we may record your IP address. Your IP address is a unique series of numbers that uniquely identifies your computer on the Internet. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Websites. We may also derive your approximate location and company details from your IP address. We may also gather Other Information about your computer such as the type of your internet browser, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, and the name and version of the Websites you are using, which we use to provide you with a more effective service.

Cookies: Additionally, when you visit our Websites, we may store a ‘cookie’ on the hard drive of your computer. Cookies are small text files that a website transfers to your hard drive to store and sometimes collect information about your usage of websites, such as time spent on the Websites, pages visited, language preferences, and other anonymous traffic data. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using the Websites and to recognize your computer in order to assist your use of the Websites. We also gather statistical information about use of the Websites in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. The data stored by these cookies is encrypted. Our Cookie Notice is available at https://www.wtwco.com/en-GB/Notices/cookie-notice-business-type-b.

You can control the way in which cookies are used by altering your browser settings. You may refuse to accept cookies by activating the setting on your browser that allows you to reject cookies. However, if you select such a setting, you will not be able to use our Websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access or log on to our Websites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Where our Websites uses cookies or similar technologies that provide tracking, targeting and/or analytics cookies, or collects and/or sell Personal Information as defined by an appropriate regulation, you will be asked to provide your preference if required by applicable law.

From you: Information such as your preferred means of communication is collected when you voluntarily provide it. We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Websites.

By aggregating information: Aggregated Personal Information does not personally identify you or any other user of the Websites (for example, we may aggregate Personal Information to calculate the percentage of our users who have a particular telephone area code).

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information (such as combining your name with your location). If we do, we will treat the combined information as Personal Information as long as it is combined.

5. Security

We maintain appropriate technical and organizational security measures to protect the security of your data against loss, misuse, unauthorized access, disclosure or alteration. Despite this, the security of the transmission of information via the Internet cannot always be guaranteed and you acknowledge this in your access and use of our Websites. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contact & Comments ” section (section 10) below.

6. Transferring your personal information internationally

Your Personal Information may be stored and processed in any country where we or our Affiliates have facilities or engage third party service providers, for example but not limited to the United Kingdom, and by using the Websites you understand that we will transfer of information to Inserted countries outside of your country of residence which may have data protection rules that are different from those of your country. We have established safeguards to protect Personal Information that is transferred to other countries to ensure that such information is accorded a level of protection at least comparable to how we handle such information in your country.

Please see the Contact & Comments section below for details on how you can contact us to get further information on the third countries to which Personal Information will be transferred and further information relating to the safeguards we have in place in relation to international transfers of data.

7. Your choices and access

We have to process the Personal Information set out in sections 1 and 4 in order to provide you with access to Risk Intelligence Central. You do not have to provide personal information requested by Willis Towers Watson. However, such refusal would prevent you from accessing Risk Intelligence Central.

You may choose to discontinue your access to Risk Intelligence Central and ask that we no longer process your Personal Information in accordance with this notice. Please note that if you do discontinue your use of, or refuse access to Risk Intelligence Central we may still have the right or obligation under applicable law to collect, use, transfer or disclose Personal Information (for example in the context of other services including the CRB Services) and we reserve the right to undertake that activity when appropriate.

Depending on the laws of the country which you are based in, you have certain rights to your Personal Information which we hold about you. Some of these rights may be the rights to access information of the use/process/sharing of your Personal Information, to review, correct, update, erase your Personal Information with us, to suppress, restrict or object to the processing of your Personal Information, and/ or request a copy of Personal Information about you. If you want to exercise such rights, you may contact us by sending your request by email provided in the “Contact & Comments ” section (section 10) below. Some jurisdictions offer additional rights. These are set out below (section 12).

Please note that these rights might be limited under the applicable national data protection law. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

8. Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this privacy notice unless a longer retention period is required or permitted by law.

9. Changes to our Privacy Notice

From time to time, we may change our privacy notice. The effective date of this privacy notice, as indicated at the beginning of this privacy notice, indicates the last time this privacy notice was revised. Checking this effective date allows you to determine whether there have been changes since the last time you reviewed the notice. We will notify you of changes to this privacy notice by posting the revised privacy notice on our Websites. Your use of the Websites following these changes means that you accept the revised privacy notice.

10. Contacts and Comments

The Websites are controlled by various companies within the Willis Towers Watson Group providing CRB Services including the entity with which you have a Relationship Agreement. If you have any questions or comments regarding this privacy notice, or if You have any query or complaint regarding the handling of Your Personal Information by Willis Towers Watson, please contact our Global Privacy Office, at The Willis Building, 51 Lime St, London EC3M 7DQ or at privacy@wtwco.com in the first instance.

11. International Supervisory Authorities & Willis Towers Watson entities.

You have the right to provide a comment or lodge a complaint with an appropriate authority regarding this privacy notice. If you need to know details of which supervisory authority is appropriate for your comment/ complaint, you can contact our Global Privacy Office, at The Willis Building, 51 Lime St, London EC3M 7DQ or at privacy@wtwco.com.

12. Additional Information for Residents in Certain Jurisdictions

We are committed to respecting the privacy rights of individuals under all privacy laws applicable to us. Some privacy laws require that we provide specific information about individual rights to applicable consumers, which we have set forth at the end of this Notice:

A. California Residents

In this section, we provide information for California residents as required under California privacy laws, including the CCPA, which requires that we provide California residents certain specific information about how handle their personal information, whether collected online or offline. This section does not address or apply to our handling of:

  • publicly available information made lawfully available by state or federal governments
  • personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA (such as protected health information that is subject to HIPAA or the California Medical Information Act, and non-public information subject to the Gramm-Leach Bliley Act or the California Financial Information Privacy Act)
  • personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Willis Towers Watson
  • personal information about individuals acting for or on behalf of another company, to the extent the information relates to our transactions with such company, products or services that we receive from or provide to such company, or associated communications or transactions (except that such individuals have the right to opt-out of any sale of their personal information and to not be subject to any discrimination for exercising such right)

Categories of personal information that we collect and disclose. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The list below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect, sell, and disclose to others for a business purpose. We collect these categories of personal information from the sources described in the What information do we collect about you section above, and for the purposes described in the How we may use your personal information, section above.

Rights of California residents. California law grants California residents, certain rights and imposes restrictions on particular business practices as set forth below.

  • Do-Not-Sell: California residents have the right to opt-out of our sale of their personal information. The Website does not sell any personal information and therefore is not required to provide an opt-out right.
  • Initial Notice: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
  • Request to Delete: California residents have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law. The instructions for submitting a verifiable Request to Delete are described in the “Submitting Requests” section below.
  • Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
    • categories of personal information collected;
    • categories of sources of personal information;
    • business and/or commercial purposes for collecting and selling their personal information;
    • categories of third parties/with whom we have shared their personal information;
    • categories of personal information that we have disclosed or shared with a third party for a business purpose; and
    • categories of personal information disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to which we disclosed that particular category of personal information.

    California residents may make a Request to Know up to twice every 12 months. We will respond to verifiable requests received from California residents as required by law. The instructions for submitting a verifiable Request to Know are described in the “Submitting Requests” section below.

  • Right to non-discrimination: The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.
  • Financial incentives: A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time and may not be included in such incentives without their prior informed opt-in consent. We do not offer any such incentives at this time.

Submitting Requests. Requests to Know, and Requests to Delete may be submitted by:

  • Submitting a request to www.wtwco.com, or, if you have reached this Privacy Notice from a website other than our Homepage, by following the appropriate links on that website.
  • By contacting us at 1-800-889-9288 (toll free)
  • By emailing us at dataaccessrequests@wtwco.com
  • By submitting a Consumer Request through this link.

We will use the following process to verify Requests to Know and Requests to Delete: We will acknowledge receipt of you Consumer Request, verify it using processes required by law, then process and respond to your request as required by law. To verify such requests, we may ask you to provide the following information:

  • For a request to know categories of personal information which we collect, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you against information in our systems which are considered reasonably reliable for the purposes of verifying a consumer’s identity.
  • For a request to know specific pieces of personal information or for requests to delete, we will verify your identity to a high degree of certainty by matching at least three pieces of personal information provided by you to personal information maintained in our systems and also by obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.

An authorized agent can make a CCPA request on a California resident’s behalf by providing either: (1) a power of attorney valid under California law; or (2) proof that the consumer gave the agent signed permission to submit the request. The consumer must also provide either: (1) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete which are outlined above; or (2) direct confirmation that the consumer provided the authorized agent permission to submit the request

We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Contacts and Comments section above.

Consumer Requests Received in 2020. In calendar year 2020, we received and responded to consumer requests under the CCPA as set forth in the table below:

*This includes requests that were denied because we were unable to verify the identity of the requestor.
Request Type Number of Requests Received Number of Requests With Which We Complied (in whole or in part) Number of Requests Denied Average Response Time (Number of Days)
Requests to Know 0 0 0 N/A
Requests to Delete 8 8 0 3
Requests to Opt-Out of the Sale of Personal Information 0 0 0 N/A

B. European Union / European Economic Area

Residents of the European Union (EU) and the European Economic Area (EEA) have the following rights, under the GDPR, regarding their personal information:

  • Right of access: You have the right to obtain from us confirmation as to whether or not personal information concerning you is being processed, and where that is the case, to request access to the personal information. The accessed information includes – among others - the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipient to whom the personal information have been or will be disclosed. You have the right to obtain a copy of the personal information undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
  • Right to rectify and complete personal information: you can request the rectification of inaccurate data and the completion of incomplete data. We will inform relevant third parties to whom we have transferred your data about the rectification and completion if we are legally obliged to do so.
  • Right to erasure (right to be forgotten): You have the right to obtain from us the erasure of personal information concerning you in limited circumstances where:
    • it is no longer needed for the purposes for which it was collected; or
    • you have withdrawn your consent (where the data processing was based on consent); or
    • following a successful right to object; or
    • it has been processed unlawfully; or
    • the data has to be erased in order to comply with a legal obligation to which The Coalition is subject.

    We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for:

    • compliance with a legal obligation; or
    • the establishment, exercise or defense of legal claims.
  • Right to restriction of processing: You have the right to obtain from us restriction of processing your personal information. In this case, the respective data will be marked and only be processed by us for certain purposes. This right can only be exercised where:
    • the accuracy of your personal information is contested, to allow us to verify its accuracy; or
    • the processing is unlawful, but you do not want the personal information erased; or
    • it is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
    • you have exercised the right to object, and verification of overriding grounds is pending.

    We can continue to use your personal information following a request for restriction, where:

    • we have your consent; or
    • to establish, exercise or defend legal claims; or
    • to protect the rights of another natural or legal person.
  • Right to data portability: You have the right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another entity without hindrance from us, but in each case only where the processing is (a) based on your consent or on the performance of a contract with you, and (b) also carried out by automated means.
  • Right to object: You have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
  • Right to object to our use of your personal information for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
  • Right to withdraw consent: if you have given us your consent for the processing of your personal information, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
  • Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.

C. Asia and Australasia

Depending on the local laws, residents of Asia/ Australasia have some rights regarding their personal information. Some of these rights are similar to the rights accorded to a Resident of the European Union (EU) and the European Economic Area (EEA), as described in B above. Please contact us if you would like to know the specific rights under the specific local laws. In addition, residents of the Philippines may also claim compensation if damages are suffered due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information, considering any violation to the rights and freedoms as a data subject.

Contact us