Privacy Notice

This policy provides details on how OASIS Group protect data and personal information

1 Aim of this policy

 

This privacy notice explains how OASIS Group (OASIS) uses and protects any personal information that we receive or collect from you when you visit our website www.oasisgroup.com  or contact us via telephone or email, when we promote or deliver our products and services to you, when you apply for a role with us via our website, or when we communicate or deal with you on any other matter. This includes personal information about you and your choices about what marketing information you would like us to share with you.

This notice also tells you about your privacy rights and how you are protected by the General Data Protection Regulation (GDPR) and all other relevant and applicable data privacy and data protection laws in the countries in which we operate.

 

2 Scope of this policy

This notice applies to all personal information that OASIS holds on its clients, prospective clients, prospective Team Members, suppliers, consultants and any other interested parties, either in physical or electronic format, including online.

It also includes other information that we collect about you that does not directly personally identify you, for example the pages you have visited on our website.

It does not relate to any information that we process on behalf of our clients when providing services to you which are outlined in your contract with us, such as collecting items and placing them into storage, scanning items into digital format or shredding items that you have asked us to destroy.

Team Member privacy

This notice does not cover personal information relating to OASIS Group Team Members. This is covered in a separate Data Protection Privacy Notice (employment)which can be downloaded from our internal document management system.

Links to third-party websites

The OASIS website contains links to other websites hosted by third parties. If you click on links to other websites, you should read their own privacy policies or notices. This privacy notice only applies to the OASIS website.

 

3 Policy statement

 

3.1 Our privacy promise

OASIS is committed to safeguarding your privacy and it is of utmost importance to us. If we ask you to provide certain personal information, you can be assured that it will only be used in accordance with this privacy notice.

We promise:

  • to keep your data safe and private
  • never share your information outside of the OASIS group, unless required to do so by law or to fulfil our contract with you
  • not to sell your data
  • to give you ways to manage and review your marketing choices at any time.

Your privacy is also protected by applicable data privacy and data protection laws including the GDPR. For further details of how we protect and safeguard your information, please refer to our GDPR Statements of Compliance on our website.

 

3.2 Who we are and how to contact us

The primary purpose of OASIS is to store information and records on behalf of its clients and ensure that their confidentiality, integrity and availability are protected and maintained at all times. The OASIS Group aims to be the trusted information management partner of choice by securely managing our clients’ information whilst providing a reliable and efficient service. Our head office address is: Unit 3 Swords Business Campus, Balheary Road, Swords, Co. Dublin, K67 TY09, Ireland.

If you have any queries about this privacy notice or the information we hold about you, please contact:

If you are based in the EU

OASIS Group Compliance team at: compliance@oasisgroup.com.

or

GRCI Law at: eurep@itgovernance.eu.

If you are based in the UK

OASIS Group Compliance team at: compliance@oasisgroup.com.

or

OASIS Group Data Protection Officer, GRCI Law at: dpoaas@grcilaw.com. Tel: + 44 3338007000.

or

ukrep@grcilaw.com

 

3.3 The information we collect from you and how we use it

The GDPR says that we are allowed to use personal information only if we have a proper reason to do so. It says we must have one or more of these reasons:

  • when you consent to it
  • to fulfil a contract we have with you
  • when it is our legal duty
  • when we are acting in the public interest
  • when it is in our legitimate interest (this means we have a business or commercial reason of our own to use your information).

The table below shows how we may use your personal information (where applicable in each country in which we operate) and the reasons we rely on to do so. If we ever intend to use your information for different purposes or reasons, we will provide you with further information before we make those changes.

Wherever Legitimate Interests have been selected as our legal basis for processing (Our reasons), the Legitimate Interests Balancing Test[1] has been carried out to check and confirm that the legitimate interests do not conflict with the data subjects’ rights.

[1] This can be broken down into three parts:

  1. Purpose test: are you pursuing a legitimate interest?
  2. Necessity test: is the processing necessary for that purpose?
  3. Balancing test: do the individual’s interests override the legitimate interest?
The information we collect What we do with it (our purpose) Our reasons

(legal basis for processing)

Who we share it with
Contact information

(For example names, email addresses and telephone numbers)

Serving you as a client.

·     To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders

·   To communicate with you about our products and services including service-related announcements, billing, changes to services

·   To communicate with you about our partners’ products and services

·     To respond to your enquiries and provide client care or support

·     To invoice you for our services

Serving you as a prospective client.

·     To respond to your enquiries

·     To communicate with you about our products and services

To manage job applications.

·     To communicate with you about your job application

·     To manage the recruitment process

To welcome you to our premises.

·     To ensure that all visitors to our sites are recorded for health and safety and information security purposes

To promote our products and services.

·     To make decisions about what products, services and offers we think you may be interested in

To requests products or services from you.

·     To check your credentials before we hire you as our supplier, contractor, consultant

·     To place an order or ask questions about a product or service you provide to us

To improve our products and services.

·     To request feedback on products and services, for example through client surveys

·     Your consent.

·     Legitimate interests.

·     Fulfilling contracts.

·       OASIS internal teams including Client Care, Commercial Marketing, Procurement, HR and Group Compliance teams

·       Any relevant regional sites

·      Telemarketing agencies (to communicate with you)

·       To third parties or business partners who use your personal information to provide certain services such as OASIS sales and marketing campaigns, or other OASIS approved products and services

 

Medical information (For example your temperature, vaccination status or a description of any symptoms or signs of infection of illness, such as the Coronavirus/Covid-19) To manage any health and safety risks

·     To identify if there is any risk of any visitors or contractors carrying any serious infections such as the Coronavirus (Covid-19) and passing this onto our Team Members or any other persons visiting our sites

·     To protect the health and safety of our Team Members, any other visitors and contractors at our sites, and/or the wider community

·     To reduce the spread of any infections either at OASIS or in the wider community

·       Consent

·       Public interest

·       Our regional sites.

·       OASIS Group Compliance and HR teams where there are any health and safety risks or issues.

Background information

(If you are a prospective or current contractor, supplier or consultant with access to personal or sensitive information, we might ask you to confirm that you do not have any criminal or financial convictions or any significant gaps in your employment history)

Information security

·     To protect the information that we hold on behalf of our clients

Serving our clients

·     To fulfil our client’s contractual requirements

·       Legitimate interests

·       Fulfilling contracts

·       OASIS Group Compliance team

·       Senior management who manage the relationship with the Supplier

Contractual information

(Details about the products and services we provide to you or those you provide to us)

Serving you as a client

·       To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders and requests for changes to our products and services

·       To manage the invoicing of your account

Hiring you as our supplier/consultant/contractor

·       To check that you meet our information security, quality, environmental and business continuity requirements

·       Legitimate interests

·       Fulfilling contracts

·       OASIS Client care teams

·       Our regional sites

Account information

(Account number, contact information, sales and purchase information, details of pricing, fees and charges relating to your account, transactions on your account including payments)

Serving you as a client

·       To invoice you for our products and services

·       To manage fees and charges on your accounts

·       To send communications relating to your account

To promote our products and services

·       To make decisions about what products, services and offers we think you may be interested in

To buy products and services

·       To pay you for products and services that we have purchased

·       Legitimate interests

·       Fulfilling contracts

·       OASIS Client Care teams

·       OASIS Finance and commercial teams

Registration information

(Security details you create and use to connect to our services, these could include one or more of the following: username, password, email address, IP addresses if restricted access is required)

·       To give you access to our online services for our products and services ·       Legitimate interests

·       Fulfilling contracts

·       OASIS IT department

·       OASIS Client Care teams

Complaint information (identity of complainant and any other individuals involved) ·       To investigate and resolve complaints ·       Legitimate interests ·       OASIS Group Compliance, Complaints, Client Care, Operational or other relevant teams

·       To the individual who the complaint is about

·       Professional advisers

CCTV(Images of you on our premises) ·       To protect the security of our premises

·       To protect the security of information held on our premises, infrastructure and/or systems

·       Legitimate interests ·       Our IT and Facilities management teams

·       Third party security monitoring providers

·       Any other parties as may be required for the investigation and detection of incidents

Job applicants (Personal/contact details, CV, previous experience, education, business social media account such as LinkedIn, referees, answers to application or interview questions, equal opportunities information – optional, shortlists) ·       To process your job application and keep you informed of its progress

·       To assess your suitability for the role you have applied for

·       If you are successful, to issue you with a contract and set you up in our payroll systems

·       Legitimate interests·       Fulfilling contracts ·       OASIS HR

·       Third party providers such as recruitment agencies and applicant management systems

Background information

(If you are a job applicant, where permitted, we will check that you do not have any criminal or financial convictions or any significant gaps in your employment history. This information could include your name(s), date of birth, gender, address/previous addresses, email addresses, telephone numbers, identification documents, e.g. passport, education history, employment history, unspent criminal convictions, pending prosecutions, financial convictions, global sanctions)

Information security

·       To protect the information that we hold on behalf of our clients

Serving our clients

·       To fulfil our client’s contractual requirements

·       Legitimate interests

·       Fulfilling contracts

·       Legal obligation

·       Where permitted, third parties such as DBS, Disclosure Scotland and/or Access NI

·       Where permitted and applicable, third-party service provider engaged to manage the checking process on our behalf

·       OASIS Group Compliance team

·       OASIS HR team

·       Hiring manager

Information relating to your nationality, immigration status and right to work in the country where the role is located

(This could include a passport, identity card, visas) 

·       To carry out immigration and right to work checks ·       Legal obligation·       Fulfilling contracts ·       Immigration authorities

·       OASIS Group Compliance and HR teams

Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs ·       To comply with equal opportunities monitoring obligations ·       Legal obligations ·       OASIS HR and OASIS Group Compliance teams
Cookies ·       To ensure that our website functions correctly

·       To improve your experience of using our website

·       Legitimate interests ·       Our Marketing department
Consents

Any permissions, consents or preferences that you give us

·       To allow us to contact you about our products and services ·       Consent ·       Our Marketing department
Usage information

Information about when you interact with our websites and services, the pages you visit, what you click on, when you perform those actions

When someone visits www.oasisgroup.com we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We use third-party providers to deliver our e-newsletters. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter ·       Legitimate interests ·       Our IT and Marketing departments

·       Data centres

Log data

User account activity and events within OASIS applications, such as the user name, IP addresses, login dates, device details (Operating System, Browser & Device Type), API Parameters (with passwords redacted), email addresses, the files viewed, updated or deleted, orders placed, the date and timestamps of activities, changes made by the user to their account, metadata such as description of boxes, this might include personal information

·       To fix bugs and troubleshoot product functionality

·       To support clients with queries or investigations

·       To create new services, features, content or make recommendations

·       To track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services

·       To ensure that all actions carried out by the user are auditable.

·      Legitimate interests ·       Our IT department
Information on matters raised by you through our whistleblowing mechanism The information is collected from you, other Team Members and any third parties who may be involved in the administration and/or support of matters raised through our whistleblowing policy and process ·      Legitimate interests. Information shared with relevant managers, HR personnel and with professional advisors or consultants we may engage. The third-party provider of the Speak-Up Portal has temporary access to the information that you provide via the portal (refer to the OASIS Data Retention policy for further details of how long they will keep this information).

3.4 Where we collect information from

Your personal information is collected from any of these sources:

  • from the data you give us, as described in the table above
  • from business partners in order for us to fulfil our contractual obligations
  • from vendors whose businesses we purchase
  • from event logs on user activity within our applications as described in the table above
  • from previous employers and recruitment agencies
  • from government departments and agencies
  • from outside organisations such as companies who introduce you to us through marketing lists, if you have given your permission to those organisations to share your information with us
  • we gather statistics around email opening and click through rates via Pardot. You can unsubscribe at any time. For more information please see Pardot’s privacy notice.

3.5 Sharing information

We will only share your personal information in the ways set out in this privacy notice and in the following circumstances:

  • to entities or individuals within the OASIS Group of companies who have a legitimate interest in the information
  • to third parties who use your personal information to provide certain services such as OASIS sales and marketing campaigns, OASIS approved products and services or recruitment agencies during recruitment activities
  • to business partners in order to fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders or providing OASIS approved products and services
  • to any buyer in the event that we sell any part of our business or its assets
  • to any regulatory, statutory or legal enforcement body when we are required to meet any applicable law, regulation, legal process or enforceable government request.

We enter into confidentiality and data processing terms with any third parties or business partners to ensure that they comply with high levels of confidentiality and best practice in privacy and security standards. We will ensure that all third parties and business partners will only use the personal information that they have been provided only for the purpose specified to them and as outlined in this privacy policy, they may not use the information for any other purpose.

We will not:

  • sell or trade your personal information

3.6 Do we make any international data transfers?

Information we collect from you will usually be processed in the UK or the EU.

In certain circumstances, we may need to transfer the data to countries outside of the UK or the European Economic Area to fulfil our contract with you or for a compelling legitimate interest of OASIS in a manner that does not outweigh the data subjects’ rights and freedoms. If we do share any personal information outside of the UK or the EEA, we will ensure that the recipient of your Personal Data offers an adequate level of protection and security through an appropriate legal mechanism a data processing agreement, standard contractual clause agreements or any other relevant standards, agreements or safeguards that will ensure that the information is adequately protected in line with Art. 46 of the GDPR or other applicable regulations and legislation in the countries in which we operate.

OASIS will only process your personal data in a way that is consistent with your relationship with OASIS and the practices described in this privacy notice.

OASIS also minimises the risk to your rights and freedoms by not collecting, storing or transferring more information than is absolutely necessary to provide your requested service. Refer to How long we keep your personal information below.

3.7 How long we keep your personal information

We will only keep your personal information for the following time periods:

  • for as long as you have given your consent (where consent is the lawful basis on which we are using your information)
  • for as long as is necessary for the performance of the contract or service, and in accordance with our own retention notice
  • for up to one year after you stop being a client in order to respond to a question or complaint. We may also keep your data for longer than one year if we are required to do so for legal or regulatory reasons or to adhere to our own retention notice.

Information that we hold on behalf of our clients

If you have an account with OASIS, we do not delete or destroy any information that we hold on your behalf unless we receive a written instruction from you. You are responsible for setting and managing your own time periods for the retention of information which OASIS might store, hold or process on your behalf.

3.8 Your rights

You have certain legal rights relating to the personal information we hold on you. These include the right to:

  • access the personal information we hold on you
  • request that we restrict how we use your personal information
  • withdraw your consent or object to how we process your personal information
  • request that it is corrected, updated, amended or deleted in appropriate circumstances
  • request that it is transferred to another location.

If you would like to exercise any of your rights, please contact our Group Compliance team or Data Protection Officer using the contact details above, see 3.2 Who we are and how to contact us.

We will respond to your request within one month of receiving your request.

Keeping your information accurate and up to date

We want to ensure that your personal information is accurate and up to date. Please inform us if any of your personal information is inaccurate or needs updating.

Marketing

We would like to send you information about our products and services which might be of interest. If you have consented to receive marketing information from us, you may opt out at any time by contacting our Group Compliance team or Data Protection Officer. You also have the opportunity to opt out via the link included in every marketing email you receive from us. From time to time, we may engage with third parties or service partners to contact you about OASIS products and services. We will inform you of this in advance and you may opt out of such communications at any time.

Complaints

OASIS meets the highest standards when collecting and using personal information. For this reason, we take any complaints about this very seriously.

If you are dissatisfied with how we have handled any aspect of your privacy or personal information, please contact our Group Compliance team in the first instance. We also welcome any suggestions for improvement.

You may also contact the regulator in the country in which you reside.

UK: Information Commissioner’s Office (ICO) www.ICO.org.uk

ROI: Data Protection Commission (DPC) www.dataprotection.ie

Belgium: Data Protection Authority (DPA) https://www.privacycommission.be/

Netherlands: Autoriteit Persoonsgegevens (Dutch Data Protection Authority) https://autoriteitpersoonsgegevens.nl/en

Poland: Office of the President for Personal Data Protection kancelaria@uodo.gov.pl

If you choose not to give us your personal information

If we are requesting your personal information because it is necessary and relevant to the product or service we are delivering, and you withhold this information, it is likely that we will not be able to deliver the product or service, or there will be a delay in doing so.

We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won’t affect the products or services you have with us.

We will always ask for your consent before we send you marketing information, you can refuse this or opt out at any time.

3.9 Cookies

What are Cookies?

Cookies are small text files which are placed on the device you are using to browse our website. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. They make the interaction between you and the website faster and easier.

Most websites you visit will use Cookies in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

How do we use Cookies?

To find out more about which Cookies are used by the OASIS website and how they are used, please view our separate Cookie notice on the OASIS website (www.oasisgroup.com).

Cookie settings

Most web browsers allow some control of most cookies through the browser settings. You can manage the settings of Cookies including blocking or deleting them, through your browser settings. However, in a few cases some of our website features might not function as a result. If you need help and support to manage Cookies, visit www.aboutcookies.org.

4 Changes to our privacy notice

This notice is reviewed at least annually for appropriateness and effectiveness, or whenever significant changes occur. Any necessary changes or improvements identified through these reviews will be implemented and we will inform you whenever we make any changes to this notice.

This notice is regularly audited by a UKAS accredited certification body and the Group Compliance team. It is also subject to regular management reviews.