ANS Digital Transformation commitments
ANS DT entities and employees who access, collect, delete, retrieve, store, or otherwise use personal data for any purpose, are “processing” that data and are responsible for understanding how data privacy impacts their role and their use of personal data using the data privacy resources ANS DT provides.
- Being lawful: defining purposes and limiting use of personal data to those purposes
- Being fair and transparent: providing notice, consent and choice
- Processing of personal data ethically
- Following the rules on processing sensitive data
- Protecting personal data general arrangements
- Ensuring compliance with cross-border transfer requirements
- Ensuring compliance with cross-border transfer requirements
- How we minimize data collection, keep data accurate, up to date and follow retention schedules
- Respecting individuals’ rights
Being lawful: defining purposes and limiting use of personal data to those purposes
ANS DT processes personal data for specified and lawful purposes which are clearly explained to individuals when we process their data. Lawful processing means that ANS DT will not process personal data, unless one of the following conditions applies: (i) the individual concerned has consented to the processing; (ii) ANS DT processes the data to: (a) perform, or take steps with a view to enter into, a contract with the individual concerned, (b) protect the vital interests of individuals in a `life or death’ situation; or (c) perform a task in the public interest or to exercise official authority; (iii) ANS DT needs to carry out such processing to pursue ANS DT’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual concerned; or (iv) in circumstances permitted by applicable data privacy laws. ANS DT will not use personal data for new purposes without following our internal procedures to verify that such processing can take place lawfully.
Being fair and transparent: providing notice, consent and choice
ANS DT provides individuals with information (for example, in a data privacy notice or privacy statement) to explain how their data will be processed by ANS DT to ensure fair and lawful processing.
The information is made easily accessible to individuals and is provided in a clear, transparent manner using plain and intelligible language.
An individual has the right to know about ANS DT’s processing of their personal data and to verify whether that processing is lawful. The information ANS DT will provide to individuals shall include the following:
a) the name of the relevant data controller and their contact details, b) the contact details of the data privacy officer or designated data privacy contact, c) the purposes for which we intend to use such data including the legal basis for processing the data, d) the recipients or categories of recipients of the data, e) any relevant information about international transfers of the data, in particular; the existence/absence of an adequacy decision/safeguards in place and where to obtain a copy of a relevant decision, if available, f) the retention period and/or any relevant retention criteria, g) information about the individuals’ rights (e.g. Access, rectification, erasure, restriction, objection and portability), h) information about any automated decisions / profiling including the logic involved and significance of such processing for the individual, i) the individual’s right to withdraw consent, if applicable, j) the right to lodge a complaint with the supervisory authority, k) the consequences of failing to supply data where the processes relate to a statutory or contractual requirement, and, l) any additional information ANS DT deems necessary to process the data fairly and lawfully.
Processing of personal data ethically
Following the rules on processing sensitive data
Certain categories of personal data referred to as “sensitive” or “special” are subject to additional legal requirements because they carry higher risks for an individual if misused or processed incorrectly. The definition of sensitive data varies by country but can include: ethnic or racial origin, political opinions, religious or other similar (philosophical) beliefs, trade union and similar memberships, physical/mental health or disability details (including pregnancy or maternity information), gender identity or expression, sexual orientation, biometrics and genetics data, criminal or civil offenses; geo-location data, communications data, financial data, government, social security and similar ids.
Protecting personal data general arrangements
ANS DT maintains organisational, physical and technical security arrangements for all the personal data it holds. ANS DT has protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
Measures to control access there are protocols in place to prevent unauthorised access and where appropriate, we have access control procedures to limit access to personal data to authorized individuals. Where relevant, we observe restrictions on disclosures applicable under relevant laws, contractual arrangements or relevant to ANS DT’s processing including when we share data with vendors, suppliers and partner organisations.
Data security breaches ANS DT has policies, procedures and protocols in place for managing and responding to data security breaches. All instances of suspected or known breaches where there may have been inappropriate access to, or an unauthorised disclosure of personal data must be reported immediately to the ANS DT data privacy officer.
Arrangements with vendors, suppliers and other third parties ANS DT recognises that adequate security is important where it arranges for outside service providers (also known as “data processors”) to process personal data on our behalf. ANS DT entities, as the data controllers, will enter into contractual arrangements with all our service providers that process personal data on our behalf, in compliance with any specific processor obligations, relevant security provisions and requirements as per any applicable data privacy laws.
Ensuring compliance with cross-border transfer requirements.
Data privacy laws place restrictions on transfers of personal data across borders for any type of processing (collection, use, storage, etc.). These restrictions also apply to internal transfers of personal data within ANS DT across the countries where we operate, and to transfers of personal data to vendors, suppliers, partners or other third parties located in different countries. ANS DT has guidance in place to ensure that appropriate safeguards including contractual arrangements where needed, are put in place for transfers of personal data to countries which do not have data protection laws or whose laws do not provide a level of protection which corresponds to the standards recognised by or offered within the European Union.
How we minimise data collection, keep data accurate, up to date and follow retention schedules
ANS DT has procedures in place to only collect personal data that is relevant and reasonably required to achieve a specific purpose. Where feasible and appropriate, we consider using anonymous, pseudonymized or aggregated data instead of personal data. ANS DT has controls, procedures and systems to verify that personal data is accurate, up to date and relevant to achieve a specific purpose. Relevant guidance is made available to our employees for amending data, which is inaccurate, when required. ANS DT does not retain personal data for longer than necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the purposes they were obtained or in accordance with legal / regulatory specified retention requirements. When ANS DT no longer needs to retain, there are procedures for the secure disposal of personal data.
Respecting individuals’ rights
Individuals have rights in relation to their personal data processed by ANS DT. We respect these rights and have processes in place to recognise and respond to individuals wishing to exercise these rights. Our employees have guidance to follow when handling individuals’ rights requests.
The rights include but are not limited to:
The right to be informed
The right to access their personal data processed by ANS DT
The right to rectification
The right to erasure (also known as the ‘right to be forgotten’)
This privacy statement is effective as of January 2020.
Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.
This page and its sub-pages tell you everything you need to know about how agile network systems limited (ANS DT) and/or its affiliates protect the personal data we process and control relating to you (“your personal data”; “your data”) and which rights you have in relation to the processing of your personal data.
Further information on ANS DT can be found (insert home page link)
Below, we first give a general description of how ANS DT protects your personal data. Further sections include specific information on the following:
- How is your personal data protected by ANS DT?
- How is personal data used when you visit ANS DT’s website?
- How do we use personal data when you visit our offices?
- How do we use personal data for marketing purposes?
How is your personal data protected by ANS DT?
ANS DT attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with ANS DT, your personal data are in good hands.
ANS DT protects your personal data in accordance with applicable laws and our data privacy policies. In addition, ANS DT maintains the appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and / or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.
The following sections provide further details as to how ANS DT processes your personal data:
- Data we collect
- How we use your data
- Will we share your personal data with third parties?
- What about sensitive data?
- What about data security?
- Where will your personal data be processed?
- How long will your personal data be retained by us?
- Which rights do you have with respect to the processing of your personal data?
Data we collect
ANS DT collects personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data.
If you provide us with personal data of another person (for instance, a potential employee / referral), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his / her consent for sharing the information with ANS DT.
The above categories of personal data are obtained either directly from you (for example, when you provide information to sign up for further information or register to comment on a forum website) or indirectly from certain third parties (for example, through our website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
How we use your data
ANS DT uses your personal data only where required for specific purposes as outlined in the following table:
Managing our contractual and/or employment relationship with you.
Necessary for the performance of a contract to which you are a party.
Justified on the basis of our legitimate interests for ensuring that we recruit the appropriate employees.
Facilitating communication with you (including in case of emergencies, and to provide you with requested information).
Justified on the basis of our legitimate interests for ensuring proper communication and emergency handling within the organisation.
Operating and managing our business operations.
Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.
Complying with legal requirements.
Necessary for the compliance with a legal obligation to which we are subject.
Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use).
Justified on the basis of our legitimate interests of avoiding non-compliance and protecting our reputation.
Improving the security and functioning of our website, networks and information.
Justified on the basis of our legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure.
Undertaking data analytics, i.e. Applying analytics to business operations and data to describe, predict and improve business performance within ANS DT and / or to provide a better user experience.
Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.
Marketing our products and services to you (unless you objected against such processing, as further described in the section “how do we use personal data for marketing purposes?” Below).
Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business.
Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity. Please contact us if you wish to obtain further information on this approach.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. In case of a medical emergency) to do so.
Will we share your personal data with third parties?
We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and ANS DT’s internal policies.
Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information included below). Any other non-EEA related transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and standards.
What about sensitive data?
We do not generally seek to collect sensitive data (also known as special categories) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and / or ask for your consent.
The term “sensitive data” refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
What about data security?
We maintain organisational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.
We embrace market leading security measures to protect your personal data; this includes the adoption of iso27001 standards, which indicates that we have implemented the highest and strictest information security standards within ANS DT.
Regarding your use of our websites, you should be aware that the open nature of the internet is such that information and personal data flows over networks connecting you to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
Where will your personal data be processed?
As an organisation with offices and operations throughout across multiple territories, personal data we collect may be transferred or be accessible internationally throughout ANS DT’s global business and between its entities and affiliates. Any such transfers throughout ANS DT’s business take place in accordance with the applicable data privacy laws.
How long will your personal data be retained by us?
We will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
- We retain your data as long as we have an ongoing relationship with you.
- We will only keep the data while your account is active or for as long as needed to provide services to you.
- We retain your data for as long as needed in order to comply with our legal and contractual obligations.
Which rights do you have with respect to the processing of your personal data?
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
- Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the processing of your personal data: this right entitles you to request that ANS DT no longer processes your personal data.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: this right entitles you to request that ANS DT only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to ANS DT, or request ANS DT to transmit such personal data to another data controller.
To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting ANS DT’s data privacy officer please note that this will not affect ANS DT’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent. If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to ANS DT first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against ANS DT with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).
How is personal data used when you visit ANS DT’s website?
In addition to the information set out above, the following sections describe how we use personal data when you visit our website:
- Which personal data do we gather?
- Do we include (links to) websites and programs of third parties?
- How do we use personal data that we collect from our websites?
Which personal data do we gather?
ANS DT collects personal data at its website directly when you provide personal data when you complete the ‘contact us page’.
We may collect and process the following personal data:
- Personal data that you provide by filling in forms on our website. This includes registering to use the website, subscribing to services, newsletters and alerts, registering for a conference or requesting a white paper or further information. Pages that collect this type of personal data may provide further information as to why your personal data are needed and how it will be used. It is completely up to you whether you want to provide it.
- If you contact us, we may keep a record of that correspondence.
- We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Our website does not collect personal data about your computer.
Do we include (links to) websites and programs of third parties?
Our websites may include:
- Links to and from the sites of our partner networks, advertisers and affiliates.
- Certain programs (widgets and apps) of third parties. Where this is the case, note that such third parties may process your personal data collected through such programs for their own purposes.
How do we use personal data that we collect from our websites?
We use personal data for the purposes described above, as well as to provide you with information you request, process online job applications, and for other purposes which we would describe to you at the point where it is collected. For example:
- To fulfil your requests for white papers, articles, newsletters or other content.
- For surveys or research questionnaires.
- To contact you for marketing purposes where you have agreed to this.
How do we use personal data when you visit our offices?
In addition to the information set out above, this section describes how we use personal data when you visit ANS DT’s offices.
Further information on categories of personal data
The below table sets out the categories of personal data that ANS DT processes or may process in the context of individuals visiting our offices.
Category of personal data
Photograph, and images / footage captured on CCTV or other video systems, and voice recordings.
Name, preferred pronoun, all types of contact details (such as e-mail, phone numbers, physical address), gender, date of birth, age, place of birth.
Description of current position, job title, employer, location, ANS DT contact(s).
ANS DT may also collect certain types of sensitive information when permitted by local law or with your consent, such as health / medical information (including disability status and dietary requirements / allergies in the framework of the events we organise/sponsor).
System and application access data
Where you are provided with access to ANS DT’s systems, ANS DT may collect information required to access such ANS DT systems and applications such as system id, IAN id, e-mail account, instant messaging account, system passwords, access logs, activity logs, and electronic content produced using ANS DT’s systems.
In addition, for recruitment purposes, ANS DT may process the personal data set out in the below table.
Category of personal data
Documentation required under immigration laws
ANS DT may collect data on citizenship, passport data, details of residency or work permit (a physical copy and/or an electronic copy).
In addition to the personal details listed above, ANS DT may collect additional personal details for recruitment purposes, such as national identification number, social security number, insurance information, marital / civil partnership status, domestic partners, dependents, emergency contact information, military history.
ANS DT may collect certain types of sensitive information when permitted by local law or with your consent, such as health / medical information (including disability status), trade union membership information, religion, race or ethnicity, minority flag, and (where authorised by law) information on criminal convictions and offences. ANS DT collects this information for specific purposes, such as health / medical information in order to accommodate a disability or illness and to provide benefits; background checks; and diversity-related personal data (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.
Talent management information
Information necessary to complete a background check, details on performance decisions and outcomes, performance feedback and warnings, training programs, performance and development reviews (including information you provide when asking for / providing feedback, creating priorities, updating your input in relevant tools), driver’s license and car ownership information, and information used to populate biographies.
How do we use personal data for marketing purposes?
In addition to the information set out above, the following sections describe how ANS DT use personal data for marketing purposes:
- What are the sources of marketing data?
- Do we send targeted e-mails?
- Do we maintain Customer Relationship Management (CRM) databases?
- Do we combine and analyse personal data?
- What are your rights regarding marketing communications?
What are the sources of marketing data?
The bulk of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.
Do we send targeted e-mails?
We send commercial e-mail to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws.
Targeted e-mails from ANS DT may include additional data privacy information, as required by applicable laws.
Do we maintain Customer Relationship Management (CRM) databases?
Like most companies, ANS DT uses customer relationship management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. Board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail and other business information included by ANS DT professionals based on their personal interactions with you. If you wish to be excluded from our CRM databases, please contact us.
Do we combine and analyse personal data?
What are your rights regarding marketing communications?
You can exercise your right to prevent marketing communications to you by checking certain boxes on the forms we use to collect your personal data, or by utilising opt-out mechanisms in e-mails we send to you. You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our Customer Relationship Management (CRM) databases at any time by contacting us in such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.