Personal data and confidential information are key assets for Integration Consulting Group, and for its clients and suppliers. Integration is committed to ensuring the security and protection of personal information and is also committed to maintaining compliance and consistency in the approach to data protection.
Integration complies with all regulatory requirements and any other legislation regarding data protection in the countries that we hold subsidiaries, such as the EU General Data Protection Regulation 216/679 act (“GDPR”), a regulation approved by the European Union (EU) regarding data protection and privacy for all residents within the EU, as well as the Law number 13.709/2018, a legislation approved by the Brazilian Government regarding data protection and privacy for all residents within Brazilian territory. Except where this policy explains otherwise, each Integration subsidiary maintains individual control in relation to the personal data collected from its employees, clients and suppliers, being considered the “controller” of the respective personal data in accordance with the definition established on both legislations herein mentioned.
Integration is a management consulting organization with headquarters in Brazil and subsidiaries in United Kingdom, Germany, United States of America, Mexico, Chile and Argentina.
2. Personal information we collect
3. How we use personal data
4. Updates and communication
5. Who may receive your information
6. Where and how we store personal data
7. How we protect personal information
8. Individual rights related to personal information
9. Integration’s contact information
2. Personal information we collect
2.1 Integration does not collect and process personal data without consent, except when the information is necessary due to a contractual or legal obligation or when Integration has a legitimate interest in collecting the information to accomplish its management consulting activities. Thus, we may collect data from you if:
- You are a prospective client, existing client or supplier of Integration;
- You work or have worked for a client or supplier of Integration;
- You are an employee, partner or associate of Integration;
- You are candidate for a job position within Integration, or a prospective partner or associate of Integration;
- You work for a company to whom Integration wants to advertise or market its services or events.
2.2 Integration may use all available methods to collect information, including but not limited to, in-person communications, communication by phone, email, letter or notice, other paper-based communication methods, etc. Our primary means of obtaining personal data is directly from the person. Data that is not collected directly from the person may be obtained through:
- Your employer in connection with work that relates to us;
- Third parties we work closely with, such as personal contacts, trustees, business partners, subcontractors, or analytics and public information providers;
- Government bodies;
- Websites or other applications and platforms operated by Integration that are utilized by the individual too.
2.3 We collect basic information that identifies each person as an individual and the company the person represents, such as:
|Business contacts of clients or suppliers||a. full name;
b. the name of the company you represent;
c. your job function and department;
d. business address;
e. business email;
f. private email;
g. business telephone and mobile phone;
h. month and day of your birth;
i. information to fulfill legal or contractual obligations.
|Employees, job candidates, students, trainees, associates and partners||All information necessary to complete the contractual obligation as a partner or associate of Integration, as well as all personal data necessary to completing the employment agreement.|
2.4 Sensitive Personal Data: We may collect and process sensitive personal data when it is relevant and necessary to the consulting management services Integration provides, or required to fulfill a legal or contractual obligation; for example, life insurance policies or specific activities of a client that require Integration to obtain
2.5 Technical Data: Integration may store also the IP addresses of clients who access Integration’s website and other platforms. Also, we store the navigation data from internal users for audit purposes, including URLs, date/time and browsing time, application type and protocols such as HTTP and FTP.
3. How we use your personal data
3.1 Integration does not use personal data without first obtaining the consent of its owner. Exceptions to this rule may occur if: (i) we are obliged by law; (ii) it is necessary to completing a contractual obligation or to defending our rights; or (iii) it is necessary to exercising Integration’s legitimate interest in processing your data to provide management consulting services.
3.3 Regarding business contacts, the processing of personal data is done for the purpose of delivering and providing management consulting services, or to accept services from the suppliers the individual represents. Personal data may also be processed to make available relevant content to the owner of the information, such as:
- Institutional messages;
- Event-related materials—invites, reminders and thank you notes;
- Congratulatory, holiday and birthday cards;
- Event materials produced by Integration;
- Client feedback surveys.
3.4 Regarding Integration professionals (employee, associate, partner, ex-employee, ex-associate or expartner) their data are stored and is subject to processing for the purpose of managing the employment relationship, contractual obligation or due legal obligation in accordance with Integration’s Internal Policies and/or local legislation.
3.5 Candidates for jobs at Integration, as well as students and trainees engaged for the purposes of recruitment, may also have their data, such as, but not limited to resumes, profile, collected and stored by Integration to enable communications, interviews and offers of employment. Integration will not store this information for any longer than two years from the date of the initial interview or receipt of the job application, whichever occurs later.
4. Updates and communications
4.1 Where permitted in our legitimate interest, to fulfil a legal or contractual obligation or with prior consent from the individual where required by law, we may use personal data to request updates to Integration’s internal CRM (Client Relationship Management) system.
4.2 You can opt out of receiving further marketing materials or communications from us at any time by updating your contact details within your account or indicating this preference through the “unsubscribe” link included at the end of all digital communications addressed to you.
5. Who may receive your information
5.2 We may also share personal data with Integration business partners, suppliers and subcontractors for the delivery of a contract we enter into under normal business circumstances with you or the company you represent, with our auditors and with our legal advisors when it is necessary.
5.3 Integration may disclose your personal data to appropriate third parties if it sells any business or assets, in which case Integration must disclose personal data to the prospective buyer of such business or assets.
5.4 Integration may disclose or share your personal data to comply with any legal obligation, judicial or any authorities order.
6. Where and how personal data is stored
6.1 The personal data that Integration collects might be transferred, stored and processed in Integration’s headquarters located in Brazil. In addition, Integration may also process data outside the EU either directly or by use of third parties contracted by us. When necessary, Integration may transfer personal data to:
- Enable Integration to provide services and fulfill its contract with an individual or a company they represent;
- Operate the business, where it is in Integration’s legitimate interests and the company has
concluded there is no risk of infringement of individual rights surrounding the information.
7. How personal data is protected
7.1 We have put in place internal procedures that restrict access to personal data except to those individuals who have a relevant business need. All individuals who have contact with personal data are subject to Integration’s confidentiality policy.
7.2 We have also implemented security measures to prevent personal data from being lost, used, altered, disclosed or accessed by unauthorized individuals.
7.3 The transmission of information via the internet is protected through best practice-based technology, and continual updates to our platform. Transmission of information through the internet is never 100% secure, but we are committed to protecting the transmission of information through all reasonable measures; for example, use of advanced encryption (AES 256, HTTPS, Bitlocker), internet links segmentation, SSL certificates from external companies (DIGICERT), recurrent penetration tests in all systems, and Wi-Fi and Endpoint protection such as Antivirus, Intrusion Prevention System and Data Leak Prevention features.
7.4 We will only retain your personal data for as long as it is necessary to complete the purpose we collected the information for, and to fulfill legal or contractual obligations.
7.5 Depending on the circumstance, we may anonymize personal data to avoid any association with an individual.
8. Individual rights related to personal data
8.1 Integration will ensure your personal data is up to date and accurate. When permitted by applicable legislation, you can request the correction, updating or deleting of your personal data in part or total. In this situation, the individual shall contact us by email at firstname.lastname@example.org. We will make all reasonable efforts to comply with your request.
8.2 When permitted by local legislation and submitted by individual request, Integration may provide the person with a copy of the respective personal data stored and information on how the data has been processed. The individual may request that Integration restrict or object to the sharing of personal data, and where the sharing of data is based on consent, the individual has the right to withdraw consent at any time.
8.3 An individual can exercise their rights by contacting Integration at email@example.com. To comply with a request, Integration may need to request specific information to confirm their identity, as well as take additional appropriate security measures.
9. Integration’s contact information
9.1 Integration has designated a special team to develop and implement compliance measures surrounding the new privacy and data regulations that are being introduced throughout the EU, Brazil and globally. We understand that continuous employee awareness and education is essential to compliance with these legal requirements that ensure the protection of personal information worldwide.