This privacy notice (“notice”) applies to the processing of personal data by Blue Horizon in connection with any:
References in this notice to “you” or “your” are references to individuals whose personal data Blue Horizon processes in connection with client services, supplier services, visitor services or recruitment activities. “Blue Horizon”, “our”, “we”, or “us” refers to the Blue Horizon Group entity processing your personal data. “Blue Horizon Group” means Blue Horizon Corporation and its affiliates. For the avoidance of doubt, any reference in this notice to our “clients” or “suppliers” includes their employees or other staff whose personal details we process.
This notice describes the context in which we process your personal data and it explains your rights and obligations. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements other notices and is not intended to override them.
2. The personal data we collect about you
Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymised data).
Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of personal data about you. Please see below in this section for details of these circumstances and Section 4 (How we use your personal data) for further details.
In limited circumstances, we will collect information about your criminal convictions and offences. This happens where we are required to do so for legal or regulatory purposes (for example, where required pursuant to anti-money laundering laws) or where you have provided us with such information as it is necessary for a specific service we are providing.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us:
3. How your personal data is collected
We use different methods to collect personal data from and about you, including through the channels set out below.
Such direct interactions include, for example, instances when you:
4. How we use your personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. We use your personal data in the following circumstances:
We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data.
With limited exceptions (for instance, in relation to some of our electronic marketing or existing client relationships), generally we do not rely on consent as the legal basis for processing your personal data.
You are under no obligation to provide Blue Horizon with your personal data. However, if you fail to provide personal data when requested which is necessary for us to manage our relationship with you or your employer as a service provider or supplier (e.g., information necessary to evaluate you qualifications or meet our regulatory and legal obligations), we may not be able to retain your services.
5. Purpose of the processing
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process your personal data to:
If we need to use your personal data for any other purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Marketing and exercising your right to opt-out of marketing
We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.
You have the right to withdraw consent to electronic marketing at any time. We would encourage you to make such requests via the unsubscribe forms/links provided for that purpose in the marketing materials we send you or by contacting our Media team at firstname.lastname@example.org. You may alternatively make any such request to your usual contact at Blue Horizon. In any event, such request can be made at any time free of charge.
7. Who is the controller for the personal data processed?
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of Blue Horizon Corporation as controller. Unless we notify you otherwise Blue Horizon Corporation is the controller for your personal data.
8. Who has access to your personal data and to whom are they transferred?
We will never sell your personal data.
In the course of our activities and for the purposes listed in this notice, your personal data may be processed by the following categories of recipients on a need to know basis to achieve such purposes:
Such recipients are obligated to protect the confidentiality and security of your personal data. In certain limited circumstances, your personal data may be accessed by or transferred to law enforcement, regulatory bodies, or judicial authorities. This will occur only when legally required.
The personal data we collect from you may be processed, accessed, or stored by Blue Horizon in a different country than where you are located including outside of Switzerland or the European Economic Area. When we transfer your personal data for an intra-group transfer to another Blue Horizon entity located in a country that does not offer adequate protections, Blue Horizon uses the European Commission’s standard contractual clauses. Standard contractual clauses are a set of contract terms approved by certain jurisdictions and deemed to provide adequate protections for cross-border transfers.
When we transfer your personal data to an external company in a country that does not offer adequate protections, we will make sure to protect your personal data by (i) requiring that the third party apply the level of protection required under the applicable local data protection laws, (ii) requiring that the third party act in accordance with our written instructions and our policies and standards and (iii) unless otherwise specified, only transferring your personal data on the basis of an appropriate contractual mechanism (such as the standard contractual clauses approved by the European Commission).
You may request additional information in relation to such cross-border transfers and obtain a copy of the adequate safeguard put in place by Blue Horizon, as described in Section 12 titled “Who can I contact if I have any questions or concerns?”.
9. Data security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
10. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. What are your rights?
Your rights are based primarily on the data protection law of the country in which you are located, and may be limited by regulatory requirements or our lawful basis for processing.
You may have one or more of the following rights: (1) to be informed whether we process your personal data and what data is processed; (2) to access your personal data; (3) to request correction of processed data, if it is incorrect or incomplete; (4) to oppose the processing and to restrict the processing of your personal data; (5) to ask for the deletion of your personal data; and (6) to request the transfer of your personal data to a third-party.
You may exercise any of your rights at any time using the contact details set out in Section 12 below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. Who can I contact if I have any questions or concerns?
If you have any questions about how your personal data is processed (including if you are unsure of which Blue Horizon entity is the controller), or if you want to exercise one of your rights, you may contact our Data Privacy Officer by email at DPO@bluehorizon.com.
In any case, and in addition to any rights you may have, you may file a complaint with the competent data protection authority in your country. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Blue Horizon’s processing of your personal data.
13. How will you be informed of the changes to this notice?
You will be informed of any changes or additions to the processing of your personal data through updates to this notice available on our website or included in any marketing communications we may send you from this to time.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your relationship person at Blue Horizon or our Data Privacy Officer at DPO@bluehorizon.com.