1. The Impact of the General Data Protection Regulation (GDPR) on Shield GEO
2.1 Information We Collect and Receive From Employees
2.2 Data Storage and Processing of Employee Information
2.3 How We Use and Share Employee Information
3.1 Information We Collect From ShieldGEO.com Visitors
3.2 How We Use Visitor Information
4. Data Security and Protection for All Data
6. Contacting ShieldGEO
The GDPR went into effect on 25th May 2018 and it introduces obligations for all organisations that handle EU citizens’ personal data, regardless of where the organization is located. Penalties for non-compliance with the GDPR are severe – up to 4% of annual global turnover for a breach.
As an Employer of Record, ShieldGEO collects and processes personal data on our GEO employees, many of whom are EU citizens. ShieldGEO acts as both a data processor, from handling data given to us by the employee or end client, and a data controller, through passing data to the end client or to our local partners in the host country.
Our responsibilities under the GDPR legislation include:
1. Ensuring we only process data when we have the right to do so;
2. Notifying individuals within 72 hours of any breach; and
3. Complying with the employee’s right to have their data amended or deleted unless this is prevented by other legislation.
To this end, we ensure that the employee or client provides us with permission before we collect personal data and we also inform the recipient of their responsibilities before personal data is shared with them. We maintain a detailed record of all data processing activities that we carry out.
In performing our services, ShieldGEO may collect and receive employee data. This section will outline the the personal information that we collect from the employees whom we on-board for our clients. Information will only be collected with the full consent of the party whose data is being shared and processed. All persons authorised to process the personal data have committed themselves to confidentiality, or are under a statutory obligation of confidentiality. Employee data that we collect may include, but is not limited to the following:
This section outlines how ShieldGEO stores and processes employee information. ShieldGEO is committed to protecting any personal information that we hold. Employee information is stored in Salesforce and Dropbox with all confidential and sensitive information being password protected. Information on the privacy policies of Salesforce and Dropbox are available here: Salesforce (https://www.salesforce.com/au/company/privacy/), Dropbox (https://www.dropbox.com/privacy2016). Additionally, your name and email address will be shared and stored with Drip and Mailchimp, which are third party automated marketing providers that will send you ShieldGEO country guides and newsletters in line with your needs and preferences. Information on the privacy policies of Drip and Mailchimp are available here: Drip (https://www.drip.com/privacy), Mailchimp (https://mailchimp.com/legal/). If you would like to amend your personal information or remove it from our databases, please contact ShieldGEO at our email address listed below. For additional information on how ShieldGEO protects your data, please see the Data Protection and Security section below.
ShieldGEO and the client are obligated to maintain records of all processing activities carried out on behalf of the employee involving their data. This includes the following:
ShieldGEO adopts a policy of ‘Least Privilege’ when it comes to using and sharing employee information. This means that Shield GEO will only share the personal data of employees with third parties that absolutely must have it to perform their responsibility in the provision of services to the Client and the Employee. The personal data may only be collected by Shield GEO with the employee’s consent, and/or where it is necessary for the performance of a contract to which the employee is party, and/or if it is necessary for compliance with a legal obligation to which Shield GEO is subject. Shield GEO is prohibited from using this personal information for any purpose other than to fulfil the service requirement for which the Client has engaged Shield GEO.
Shield GEO may use employee data:
ShieldGEO may collect and receive Personal Data, Company Data and Other Information when you subscribe to our newsletter, send us an enquiry or subscribe to our articles via our website. The data is collected in various ways:
This section describes how ShieldGEO may process and use the information that we collect from our site visitors. Any information we collect from our visitors will only be used in accordance with this section. ShieldGEO uses visitor information in furtherance of our legitimate interests in operating our website and business. More specifically, ShieldGEO uses visitor information:
Internally, ShieldGEO restricts access to personal information to employees or parties who need access to the information in order to perform their jobs. Limited access is granted and employees who are granted this access are committed to maintaining confidentiality.
As a ShieldGeo.com site visitor, it is important for you to protect against unauthorized access to your password and to your computer. No security measures are perfect and we cannot promise to be able to withstand security threats in all circumstances.
ShieldGEO may change our Privacy Policies from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will update any changes to this page. If we make changes that significantly alter your privacy rights, ShieldGEO will notify you via email. If you disagree with the changes to the Privacy Policies, you should contact us to request the removal of the collected information that is under our control.
This policy was last updated on 13 May 2019.
Level 15, 5 Martin Place
Sydney, NSW, 2000