Privacy Notice
(Business Associates)

Privacy Notice (Business Associates)

Document ID: TIG_AUG_PRN_BUA
Release Date: 09-01-2024
Version: 2.0

1. Purpose

This Privacy Notice describes how Personal Information of clients, prospective clients, visitors, vendors and other third parties if applicable that we interact with who are termed as (“External Individuals”) is collected, managed and processed by TIG. We are committed to handling the Personal Information of all External Individuals in an appropriate and lawful manner. This Notice sets out the minimum requirements for ensuring that the Personal Information of External Individuals is collected, used, retained and disclosed in a secure and compliant manner.

Personal data: any information which are related to an identified or identifiable natural person. Ex: Name, age, National identification number, location, Bank account details etc

2. Scope

This Privacy Notice covers clients, prospective clients, visitors, vendors and other third parties if applicable that TIG interact with who are termed as (“External Individuals”) is collected, managed and processed by TIG.

3. Terms & Abbreviations

TIG – Total IT Global

4. Roles and Responsibilities

DPO – To Ensure effective implementation of the policy

5. Procedure

5.1 How we collect and use your Personal Information

TIG collects the Personal Information relating to Individuals to the extent that it is required for a particular purpose or purposes, in the context of its Organizational Services.

We may collect or Process any or all the subsequent types of Personal Information as part of our Organizational activities: (Examples, list not exhaustive):

Identity information: Title, name, gender, an identification number, location data.

Contact details: Employer details, job title, work address, phone number(s) and email address(es).

Marketing information: – Contact history, interactions and communications, events, company information and materials (e.g., Blogs, Whitepapers) provided, contact preferences.

Relationship management information: Communication and meetings, references, professional experience, complaints, and feedback.

Data related to use of and access to facilities and corporate assets: Time and location of entry and exit to premises, access to restricted zones and security camera footage data related to access to and usage of office equipment and corporate assets, computer systems, email and the intranet/internet and contact management.

We receive Personal Information directly obtained from you, via our websites and portals, at events you attend, business networks and agencies, publicly available sources such as LinkedIn, media outlets, referrals etc.

5.2 Why do we collect personal data

We collect personal data from you for one or more of the following purposes:

  • To provide you with information that you have requested.
  • To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
  • To fulfil a contract that we have entered with you or with the entity that you represent.
  • To provide access to our products and to deliver a range of materials on request.
  • To ensure the security and safe operation of business infrastructure.
  • To manage client and vendor relationships.
  • To manage marketing activities and research purpose.
  • To organise meetings and networking events.
  • To develop resource plans for business requirements.
  • To manage mutual business communication.
  • To investigate complaints and issues.
 
 

In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

  • Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
  • Your login information, browser type and version, time zone setting, browser plugin types and versions.
  • Operating system and platform.
  • Information about your visit, including the URL (Uniform Resource Locator) clickstream to, through and from our site.
 

5.3 Legal Basis for Processing personal data

TIG follow lawful basis for processing under one of the following as applicable

  • Consent
  • Contract
  • Legitimate Interests
  • Vital Interests
  • Public Task
  • Legal Obligation
 
 

TIG Process personal Information where it is, necessary for the performance or management of a contract, or where it has a legitimate business interest in doing so.

We obtain your consent to process your Personal Information through applicable contracts, processing agreements, where it is required to do so and, for any new or additional purpose. To the extent that Processing is based on consent, they may be entitled to withdraw consent to the Processing of their Personal Information.

Some of our primary legal basis of processing is set out as mentioned below:

Information category

Purpose of Use

Lawful basis for processing

For vendor and client relationship management

  • Managing requests from clients on work, invoicing clients, investigating complaints and other issues, To provide appropriate information about products and services on request.
  • Delivery of products or services, in physical or digital form.
  • Determining eligibility of vendors and others including verification of references and qualifications and other background screening checks.
  • To manage invoice transactions for products and services with clients.
  • Legitimate interest-(to run a successful and efficient business)
  • Contractual agreement

Marketing and Communication

Personal contact information as provided through website forms or at events or via any social media platforms, while accessing information on our blogs, white papers etc.

Legitimate interest-(to run a successful and efficient business) through Consent as applicable

Monitoring and examining compliance

For organizing and maintaining our business structure

  • To protect our websites and infrastructure from cyber-attack or other threats and to report and deal with any illegal acts.
  • Development of repositories with respect to the Personal Information of all clients, vendor management. And business development.
  • Managing, monitoring and investigating compliance with all relevant legal, regulatory and administrative obligations and responsibilities.
  • Necessary for legal obligations as a business entity.
  • Necessary for legitimate interest for monitoring compliance with regulatory obligations.

For Security & Business Continuity

  • Management of access to and usage of office equipment and resources including but not limited to telephones, mobile phones, laptops and portable devices, multifunctional devices and more generally the computer network and applications.
  • Maintaining the security of company and its client’s networks and information and intellectual property.
  • Detecting, preventing or otherwise addressing security, fraud or technical issues.

Necessary for legitimate interests (to comply with its responsibilities to run a safe, secure and efficient business).

5.4 To whom we share your Personal Information

Disclosure to third parties. TIG may also share your Personal Information:

  • With clients and potential clients during business and business development.
  • With suppliers, subcontractors, and service providers, to maintain an efficient and commercially viable business.
  • With professional advisors and consultants.
  • With legal advisors and external auditors for legal advice and to conduct business audits.
  • With credit reference agencies and background verification agencies, to conduct credit checks and background verification and reference checks.
  • With service providers for business continuity management and contingency planning in the event of business disruptions; and
  • With prospective sellers or buyers and their advisers in the event that Company merges, acquires or sells any business or assets.
 
 

The third parties with whom we share your Personal Information may in some instances independently determine the purposes and uses of your Personal Information (e.g. legal advisers and external auditors); in such cases, the recipient’s own privacy policy will govern their use of your Personal Information.


Disclosure without notification. There may be circumstances where TIG discloses Personal Information to third parties without notifying Individuals. These circumstances could include:

  • Where the information is publicly available;
  • Where TIG is required to do so by law or by order of a court, or where such disclosure is reasonably necessary to comply with a legal obligation, process or request;
  • Where TIG is legally required to do such disclosure is reasonably necessary to protect the rights, property or safety of TIG and its employees.
 

5.5 How we protect your Personal Information

TIG applies appropriate security measures intended to prevent unauthorized Processing of Personal Information and accidental loss of or damage to Personal Information. We maintain and follow security administration policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures allocate specific data security responsibilities and accountabilities to specific individuals, include a risk management program that includes periodic risk assessment and provide an adequate framework of controls that safeguard your Personal Information.

5.6 Retention & Deletion

TIG retains Personal Information for as long as necessary for fulfilling the legitimate purpose/ interests for which it was collected. This generally means that Personal Information will be deleted at the latest 6 years after collection unless longer retention is required for other valid reasons such as compliance with legal obligations, to resolve disputes or enforce contracts.

5.7 Your rights as a data subject/PII Principal

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email to dpo@totalitglobal.com or use the information supplied in the ‘Contact us’ section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

5.7.1 The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.

5.7.2 The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

  • The purposes of the processing.
  • The categories of personal data concerned.
  • The recipients to whom the personal data has been disclosed.
  • The retention period or envisioned retention period for that personal data.
  • When personal data has been collected from a third party, the source of the personal data.
 

5.7.3 The right to rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

5.7.4 The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

5.7.5 The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

  • The accuracy of the personal data is contested.
  • Processing of the personal data is unlawful.
  • We no longer need the personal data for processing, but the personal data is required for part of a legal process.
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
 

5.7.6 The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

5.7.7 The right to object

You have the right to object to our processing of your data where:

  • Processing is based on legitimate interest.
  • Processing is for the purpose of direct marketing.
  • Processing is for the purposes of scientific or historic research; or
  • Processing involves automated decision-making and profiling.
 

6. Exception

Any exception in this policy/notice is subject to the approval of DPO under the limitation applicable data protection laws.

7. Compliance

DPO shall ensure the effective implementation of the policy/notice by various means such as internal audits.

8. Annex

N/A