In certain cases, we also operate as a data processor and we collect and process personal information on behalf of our business customers in the provision of our services and products. In these circumstances, Workflow Asset Management Ltd is acting as a data processor and our business customers remain the data controller in respect of personal information they provide to us.
Our business customers remain the data [information] controllers with respect to any customer information that they provide to us for our provision of services. To the extent that we are acting as data processor, we therefore act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of customer information, as well as other matters such as the provision of access to and rectification of customer. We will only use such personal information for the purposes of providing the services and products for which our business customers have engaged us.
Our business customers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their own privacy policies who their personal information is being shared with and processed by.
As a data processor, we may share personal information where instructed by our business customer. Where authorized by the business customer, we may also share personal information with third party service providers who work for us and who are subject to security and confidentiality obligations.
Where Workflow Asset Management Ltd is acting as a data processor, we will refer any request from an individual for access to personal information which we hold about them to our customer. We will not respond directly to the request.
We will retain personal information which we process on behalf of our customers for as long as needed to provide services and products to our customers and in accordance with any agreement in place with our customers.
Disclosure Of Your Personal Data To Third Parties
Internal third parties
We may share your personal information with our group companies, affiliates, subsidiaries or contractors as necessary to carry out the purposes for which the information was supplied or collected (i.e. to provide the services and products you have requested from us).
External third parties
Personal information will also be shared with our third party service providers and business partners who assist with the running of the Sites and our services and products including [hosting providers, email service providers, insert others]. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.
We may also post links to third party websites as a service to you. These third party websites are operated by companies that are outside of our control, and your activities at those third party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.
In addition, we may disclose information about you when we believe, in good faith, that such use or disclosure is reasonably necessary to:
- comply with law
- enforce or apply the terms of any of our user agreements
- protect our rights, property or safety,, or the rights, property or safety of our users, or others
- in the event that we become involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of our business, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if all or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation;
- if necessary to protect the vital interests of a person; and
- to enforce or apply our terms and conditions or to establish, exercise or defend the rights of
Workflow Asset Management Ltd, our staff, customers or others.
If you are based in the EU or EEA
We share your personal data within the Jonas Group. This will involve transferring your data outside the European Economic Area (EEA) to Canada the USA, Australia and New Zealand. Canada and New Zealand have been deemed by the EU as having an adequate level of protection for personal data.
Many of our external third party service providers and business partners are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA to the countries identified above which have not been deemed by the EU to have an adequate level of protection for personal data, and specifically to the US, we ensure a similar degree of protection is afforded to it by using standard data protection clauses approved by the European Commission (as permitted under Article 46(2)(c)) that are designed to help safeguard your privacy rights.
You can contact us as provided in “Contacting us” above if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Security of Your Personal Data
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We use appropriate measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding the safeguarding of any such information under our control. In addition, in some areas of our Sites, we may use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
If you have any questions about security on our Site, you can contact us as provided in “Contacting us” above.