SHL Websites & Business Contact Privacy Notice
Effective Date: 20 November 2023
CHANGES TO THIS NOTICE: To address the adequacy granted to Data Privacy Framework (DPF) by the European Commission along with the UK and Swiss extension of the DPF.
1. THIS PRIVACY NOTICE
1.1 Our Privacy Notice
SHL takes its obligations to protect privacy and personal information very seriously. Please read this Privacy Notice (the Notice) carefully as it sets out important information relating to how we handle your personal information.
1.2 SHL companies issuing the Notice
In this Notice, references to “we “, “us“, or “SHL” are references to SHL Global Management Limited and all its group companies. This Notice sets out how we, as data controller, will collect and use personal information, and the choices and rights available to you in connection with our use of your personal information.
SHL US LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
1.3 To whose personal information does this Notice apply?
This Notice describes our practices when using the personal information of:
- employees of corporate customers and of suppliers to all our group companies and other third parties (business contacts); and
other persons who (1) may visit our websites such as shl.com, or other SHL websites that link to this Privacy Notice including users that sign up for SHL’s Talent Assessment systems (Talent Central , Talent Central +, MFS 360 and Insights) or (2) who may visit our SHL pages on social media sites including all our domains.
This Notice will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.
Our websites contain business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect personal information from or about individuals under the age of 18 years.
This Privacy Statement does not apply to data collected via SHL’s Talent Assessment systems which are governed by the terms of the specific Data Protection Notice (“DPN”) available at the beginning of each assessment and specifies where the collected personal data is stored and how it is used.
2. BUSINESS CONTACTS
2.1 Sources of business interaction information
We collect personal information from our business contacts directly or from the following sources:
- Third-party referrals;
- Our vendor on-boarding process;
- Client checking and verification processes such as due diligence checks;
- Marketing materials such as newsletters, white papers, training sessions and other events;
- Public resources such as social media sites, telephone directories, newspapers, internet sites, registries, or public records.
2.2 What personal information we collect about business contacts
The categories of information we collect about business contacts includes:
- Personal details including name, office address, work telephone numbers and work email addresses, position title, level, function, and area of interest, and employer details such as organisation name, industry;
- Financial details including annual revenue and payment details;
- Services provided or purchased;
- Testimonials;
- Communications with our business contacts;
Log-in and similar account credentials and information about use of these services;
- Image capturing, such as photos taken at events, videos, and CCTV footage;
- Information provided from publicly available sources; and
- Any other personal information our business contacts provide in correspondence with us.
2.3 How we use the personal information we collect about business contacts
We use this information for certain activities, including:
- Facilitating smooth running of the business through communication with corporate customers, for example, to communicate about the services we provide or to respond to inquiries;
- Creating, maintaining and building upon customer and supplier relationships;
- Business planning;
- To fulfil a transaction initiated by a business contact;
- To fulfil a transaction initiated by a member of the SHL Group such as the purchase of supplies or equipment;
- Keeping accounts and financial records related to any business or other activity carried on by SHL;
- Deciding whether to accept any person as a customer or supplier;
- Business development including to send information that we believe may be of interest to business contacts, such as newsletters and details of upcoming events and to post customer testimonials on our websites;
- For internal analysis and research to help us improve our products and services;
- Sending administrative information such as notices related to product, service, or policy changes; and
- Preventing, detecting, mitigating, and investigating fraudulent or illegal activity.
2.4 Why we use the personal information of business contacts
We use this information because:
- It is necessary for performing our obligations, or exercising our rights, under our contracts with customers or suppliers;
- It is necessary for compliance with any legal or regulatory obligations that we are subject to;
- We have a legitimate business interest to:
- manage our business and brand;
- provide and improve our products and services;
- operate our business;
- keep our business contacts updated on products and services which may be of interest to them.
In limited circumstances, such as in the case of marketing, a business contact’s consent is required under applicable law. Where we rely upon a business contact’s consent, they will have the right to withdraw their consent by contacting SHL’s Global Data Protection Officer (DPO).
If a business contact requires further information regarding our legitimate interests as applied to their personal information, they may contact the DPO on the contact details below.
In certain circumstances, where a business contact does not provide personal information which is required, we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the business contact.
3. WEBSITE USERS AND WEB-RELATED PRIVACY ISSUES
3.1 What personal information we collect about website users and visitors to SHL’s social media pages
The categories of information we collect about users of our website and SHL webpages on social media sites such as Facebook, YouTube, LinkedIn, WeChat, and Twitter include:
- Information users provide when they enter information on our website, such as when they make an online purchase (e.g. their name, address, phone number, email address and payment details) or when they apply for a role (further details on data collected during our recruitment process are set out in our Recruitment Notice);
- Information users post on blogs, public forums on our sites, including our social media sites;
- Information users provide when they correspond with us over WeChat (e.g., name, email address, details of any queries they may have);
- Information users provide when they create a profile where required in order to post on online blogs and public forums (e.g., their name and email address);
- Technical Information including your IP address, hardware and browser type/settings and operating system information and details of the webpages you visit and links you click on (including actions you take when accessing our website, services or emails) in accordance with our Cookies Notice;
- Advertising information (such as size/type of ad, ad impressions, location/format of ad, data about interactions with ad);
3.2 How we use the personal information of website users and visitors to SHL social media pages:
We use personal information of users of our website and SHL webpages on social media sites such as Facebook, YouTube, LinkedIn, and Twitter for certain activities, including:
- Personalising the experience of our website;
- Providing products and services that website users have requested;
- Responding to any queries that website users have;
- Administering the website, diagnosing website technical problems, investigating any complaints and providing customer services;
- Providing website users and individuals accessing our web pages on social media sites with information and offers on products or services that may be of interest to them; and
- Monitoring social media content to manage relations with our customers and promote our business and brand; and
- Performing statistical and trend analysis to improve the user experience and performance of our website.
3.3 Why we use the personal information of website users and visitors to SHL social media pages:
We use personal information of users of our website and SHL webpages on social media sites such as Facebook, YouTube, LinkedIn, and Twitter because:
- It is necessary for compliance with any legal or regulatory obligations we are subject to;
- We have a legitimate business interest to:
- Promote our brand and business through our website and through social media tools;
- Monitor, investigate and report any attempts to breach the security of our websites;
- Provide support services and respond to any queries;
- Improve the performance and user experience of our websites;
- Manage and administer our sites and social media pages.
If a website user or individual accessing our web pages on social media sites requires further information regarding our legitimate interests as applied to their personal information, they may contact the DPO.
In certain circumstances, where a website user does not provide personal information which is required (for example, in relation to our online services), we will not be able to perform our obligations under the contract with them or may not be able to provide them with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the website/social media site user.
4. SHL’s Talent Assessment system USERS
4.1 What personal information we collect about users
The categories of information we collect about users of SHL’s Talent Assessment system include:
- Account Registration information – When you register to use SHL’s Talent Assessment system, we will collect personal information as necessary to register - (including name, email-address and password)
- If you complete SHL assessment through SHL’s Talent Assessment system, you may also be required to provide us with additional personal information. You will be provided a further data protection notice for the collection of any additional personal information.
4.2 How we use the personal information of users
We use personal information of users of SHL’s Talent Assessment system for certain activities, including:
- Providing our products and services as offered over our product interfaces; and
- To allow users to have single identity on SHL’s Talent Assessment system.
4.3 Why we use the personal information of users
We use personal information of users of SHL’s Talent Assessment system because:
- we collect your Account Registration information to operate the SHL’s Talent Assessment system site and provide our services to you including
- Authenticate your access to SHL’s Talent Assessment system account.
- Communicate with you about SHL’s Talent Assessment system account. o Where you have so elected, create an account connection between your SHL’s Talent Assessment system account and a third-party website (such as Facebook or Google or LinkedIn
- We collect your Country of Residence Information because we have a legitimate interest to comply with legislation applicable to the SHL, in particular US Trade Sanctions law.
In certain circumstances, where a website user does not provide personal information which is required (for example, in relation to registering for a SHL’s Talent Assessment system account), we will not be able to provide them with access to SHL’s Talent Assessment system. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for the SHL’s Talent Assessment system users.
4.4 Information we collect from third party sites
We may also get information about you from other sources. For example, if you create or log into your SHL’s Talent Assessment system account through another third-party website such as Facebook, Google, or LinkedIn. We will receive information from your selected third- party service provider (such as name and email address) via the authorization procedures used by such third-party service provider. The information we receive depends on which services you authorize and any options that are available.
By accessing SHL’s Talent Assessment system through your Facebook, Google, or LinkedIn account, you understand that Facebook, Google, or LinkedIn will share certain data detailed in the above paragraph with SHL for the purposes of authentication to permit you to SHL’s Talent Assessment system in a secure manner. You may stop this at any point from your Facebook, Google, or LinkedIn account. This information will be considered SHL account information for purposes of your use of the SHL’s Talent Assessment system.
You have the ability to disable the connection between your Facebook, Google or LinkedIn account and your SHL’s Talent Assessment system account at any time by accessing your privacy settings on your Facebook, Google or LinkedIn account. Facebook, Google, or LinkedIn may also ask for your permission to share certain other details with SHL, including but not limited to your name, profile picture, public profile information, and email address. Once you give this permission, the requested information will be shared with SHL, SHL may use this information to provide Services to you. The shared information will remain associated with your SHL’s Talent Assessment system profile until you modify or delete it.
PLEASE NOTE THAT YOUR RELATIONSHIP WITH FACEBOOK, GOOGLE OR LINKEDIN, OR ANY OTHER THIRD-PARTY WEBSITE IS GOVERNED SOLELY BY YOUR AGREEMENT WITH SUCH THIRD-PARTY WEBSITE.
5. Data Sharing
We may disclose personal information of business contacts and website/social media site users to third parties as follows:
- to SHL group companies in order to process the data for the above mentioned purposes;
- business associates and other professional advisers (e.g., auditors and lawyers);
- to suppliers and/or providers of goods and services and other third parties who work on our behalf to service or maintain business contact databases and other IT systems, such as suppliers of the IT systems which we use to process personal information, or who provide other technical services;
- to third parties who resell the SHL service and/ or provide value added services;
- to competent authorities such as tax authorities, courts, regulators and security or police authorities where required or requested by law or where we consider it necessary;
- subject to applicable law, in the event that SHL is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such transaction;
- SHL may offer solely or jointly with third parties webinars, white paper downloads, or other services related to SHL offerings or services. We will share your contact information and product interest in these offering or services with third parties to communicate with you, subject to applicable law;
- SHL may also disclose information in special cases when we have a good faith belief that such action is necessary to: (a) protect and defend our rights or property; (b) enforce the Website Terms and Conditions; (c) act to protect the interests of our users or others; and
- SHL also may share aggregate or anonymous information with third parties, including advertisers, investors, and partners. Aggregate or anonymous information does not contain any information that can be used to directly identify you.
6. INTERNATIONAL TRANSFERS
We may transfer personal information we collect about our business contacts and website/ social media users outside the European Economic Area (EEA), the United Kingdom (UK) and/or Switzerland including to countries that do not have equivalent data protection laws to those applicable to the EU, UK, and Switzerland, and to any other country in which we have offices. Privacy laws in these countries may not provide protections equivalent to those of your country of residence. It may also be processed by staff operating outside the EEA, UK or Switzerland who work for us or for one of our affiliated companies.
However, to ensure your personal information is properly protected in line with EU, UK and Swiss data protection laws, the transfer of this information is governed by a contract including Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the European General Data Protection Regulation (GDPR).
SHL US LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (SwissU.S. DPF) as set forth by the U.S. Department of Commerce. SHL US LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. SHL US LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Once approved, the transfer of information between EU-US, UK-US and Swiss-US will take place under the Data Protection Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce which is in compliance with the regulation of GDPR.
We will only transfer data to jurisdictions outside the scope of the GDPR where the appropriate safeguards set out in the GDPR are in place. SHL will use all reasonable efforts to ensure that personal information is protected, and any such transfers comply with applicable law. For complaints from EU, UK or Swiss data subjects that cannot be resolved with SHL directly, SHL has chosen to cooperate with EU data protection authorities (DPAs), UK Information Commissioner’s Office (ICO) and Swiss Federal Data Protection and Information Commissioner (Commissioner) and will comply with information and advice the DPAs and/or Commissioner may provide in relation to such unresolved complaints. The relevant DPA may be contacted here. The UK Information Commissioner’s Office (ICO) can be contacted here. The Commissioner may be contacted here.
If you require more information on the safeguards identified above, you can contact the DPO on the contact details below.
7. RETENTION PERIODS
We will keep your information for as long as it is reasonably necessary to provide our services to you, to comply with legal, tax, accounting or reporting requirements and to protect and defend against legal claims. The time period will depend on factors such as whether you have registered an account with us or agreed to receive marketing from us.
If you wish to obtain further information about the retention periods as applied to your personal information, you can contact the DPO on the contact details below.
8. DATA SUBJECT RIGHTS
We have listed the rights you have over your personal data and how you can use them below. These rights are subject to exemptions in applicable law and will only apply to certain types of information or processing. You can exercise these rights by contacting the DPO on the contact details below.
8.1 The Rights
- Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it.
- Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected.
- Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Transfer: you may request the transfer of certain of your personal information to another party.
- Objection: where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims.
You also have a right to lodge a complaint with a supervisory authority, in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of data protection law has taken place. Under certain conditions, the website/business contact user may invoke binding arbitration.
- SHL US LLC is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to SHL US LLC and following the procedures and subject to conditions set forth in Annex I of Principles.
- SHL US LLC is liable in cases of onward transfers to third parties.
8.2 Direct Marketing
You can opt-out of receiving directing marketing from us at any time. You can do this by contacting us on the contact details below or by clicking the “unsubscribe” button within our correspondence with you.
9. MISCELLANEOUS
9.1 Security
We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We train our employees in the proper handling of personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet. If you have reasons to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us as set out below.
9.2 Links
Our Website may contain links to other “non-SHL” websites. We do not control and assume no responsibility for the content, security or the privacy policies and practices on those websites. SHL encourages all users to read the privacy policies of those sites to determine how they protect and use personal information.
9.3 Changes to this Notice
This Notice will be changed from time to time.
If we change anything important about this Notice (the information we collect, how we use it or why) we will provide a prominent link to it for a reasonable length of time following the change on the Website.
If you would like to access previous versions of this Notice, please click on the link to archived policies at the top of this page or contact us on the contact details below.
9.4 How to Contact Us
If you have any questions regarding our Notice, you can contact us at: dpo@shl.com or by regular mail addressed to:
For users in the European Union (EU), European Economic Area (EEA), and Switzerland:
SHL Nederland BV
Attn: Global Data Protection Officer,
Secoya Building 5th Floor
Papendorpseweg
99 3528 BJ Utrecht
The Netherlands
For all other users:
SHL Group Ltd
Attn: Global Data Protection Officer
The Pavilion
1 Atwell Place, Thames Ditton
England KT7 0NEUK.