GENERAL DATA PROTECTION REGULATION
GDPR
WHO IS PROCESSING YOUR DATA?
North Star Support Group („NSSG”) is an international risk-management company globally providing a wide range of risk-mitigation and crisis support services.
We value and respect the privacy of your data thus we integrated privacy principles and policies in our daily work flow. Our privacy policies focus on legally processing, stocking and, if needed, accordingly exchanging personal data.
NSSG declares as Headquarter the Bucharest Office in 26, Grigore Alexandrescu Street, Bucharest Romania, P.O. Box 030582, contact info +40 21 795 7601, servicedesk@nssg.global.
PRINCIPLES
NSSG privacy policy is based on data protection principles listed below:
- Personal data processing will be done in a legal, correct and transparent manner.
- Personal data collecting will be done only in legitimate, explicit and specified purposes and data will not be further processed in any other manner that does not comply to these purposes. Data will be collected in a relevant and proper manner.
- Personal data have to be correct and updated when necessary.
- All necessary measures will be taken in order to assure that incorrect data will be deleted or corrected as soon as observed.
- Personal data will be kept in an ordered manner and not longer than the purpose mentioned requires or longer than specified.
- All personal data will be kept confidential and stored in a secured manner.
- Personal data will not be revealed to any third parties if not required and in agreement’s purpose only.
- Persons concerned have the right to request access to personal data, as well as correction and deletion of their data. Moreover, persons can request a processing and transfer restriction of their data.
WHAT PERSONAL DATA WE PROCESS
Generally, NSSG collects the following personal data: name, date of birth, address, contact info (e-mail, phone number), identity data (passport number, identity card number, driver’s licence) from our personnel and global collaborators.
Type of processes that require data processing are in relation to our clients, our partners, our local providers, as well as the employees and collaborators of NSSG. Each process uses different ways of data collection that are helping to improve our services in implementing our security services, facilitating a secure journey management and improving our communication and relation towards our clients, providers and other collaborators. Other purposes may include business statistics, administrative procedures, IT and cybersecurity procedures, authentication systems, physical security, support systems as well as usual processes that are requested in our day-to-day work flow.
Processed data will only follow the mentioned purpose, which is legitimate and explicit, or for a requested and transparent purpose accordingly to local laws required by the national legislature in the jurisdictions where we are operationally active.
WHICH ARE THE AIMED PERSONS
Among the aimed persons that NSSG collects and processes different types of personal data we list employees, partners, collaborators, clients and general public.
Any of the listed cases are following the privacy policy and technical procedures to collect, store and delete the personal data of the persons mentioned above.
PERSONAL DATA PROCESSION PURPOSES
Personal data will be processed only in the following cases that requires it:
- Business projects management and implementation
- Employees, collaborators and providers management
- Contracts management and implementing process Informing
- Site’s management and running
- Clients communication and informing both in project’s implementation and preparation and in providing requested information prior to project’s debut.
- Implementing a common project will require contractual and financial exchange of data that we will process and store according to our privacy policy.
We request from our partners and collaborators to follow our privacy policy principles so that common data processes and exchanged with them in the required processes are safely managed and stored.
Your data won’t be provided to any 3rd parties except the situation requires it and not prior to ensure that the partner and collaborator acknowledges our privacy policy and implements its principles. Moreover, we have developed a Non-Disclosure Agreement (NDA) that helps us secure our clients sensitive information regarding business activities and staff safety. The NDA is part of our usual documentation when we open a new collaborator relation and when we develop a new partnership. Through this measure we take the necessary prevention steps to anticipate any sensitive information leak.
HOW LONG ARE PERSONAL DATA STORED?
NSSG stores personal data on a determined period of time that is legitimate, transparent, and that is corresponding with our common activities and projects implementation. After projects implementation and activities completion, data will be kept for a reasonable period of time, having the clients approval and maintaining a safe management storage.
PERSONAL DATA PROCESSING GROUND
NSSG bases personal data processing on the following grounds that the data protection regulation provides:
- Execution of contracts – personal data are required in order to generate a contract between NSSG and clients/collaborators/partners and employees
- Legal obligations – personal data will be part of financial documentation that state’s fiscal authorities require in order to prove the legitimacy of our company activities.
- Consent – the legal ground based on which we collect, store and process personal data is the explicit consent of the interested person whether it is our client/ collaborator/ partner or employee.
- Situations that require consent and personal data providing are:
- Communication and information providing to our clients/ collaborators/ partners and employees while implementing common activities.
- Response management when required by our clients/ collaborators/ partners and employees regarding our common activities and their data procession.
- Common activities will require use of data in line with the implementation process of our project’s objectives. Local, national and international authorities might require proof of contracts and other type of documentations in order to proceed with our project’s activities.
- Legitimate interest – legal ground in processing personal data of our clients/ collaborators/ partners and employees is legitimate interest of NSSG regarding our common activities.
- Communicate and inform our clients on their best interest solutions in current projects and activities, as well as, other type of activities that regard our client interest.
- Communicate and inform our partners and collaborators about any opportunity or change that directly affects our common projects and activities or that might develop new common projects.
PERSONAL DATA TRANSFER
NSSG data are mainly processed and store in Romania, part of the European Union (EU) and obeying to the European Union’s legislation. Our international partners are aligned with our privacy policy so that when situations require us to transfer data outside the EU space, we are taking the required safety measures over data protection. Part of our regular data protection management is the NDA that protects sensitive information from being displayed by our foreign partners and collaborators. The NSSG NDA is both ensuring our data safety and our clients personal data protection, as well as, providing an easy framework to align our international activities to GDPR requirements.
COMPLAINTS
NSSG clients have the right to request information about their personal data collect-process-storage activities and we ensure to provide an answer in appropriate time and following our privacy policy procedures. The same procedure is available for our partners and collaborators both from EU space and international parties. In the improbable case in which our clients have suffered damage by eventual gaps in managing data protection privacy policy and NSSG did not comply in a remedial action, clients have the right to appeal competent authorities in the matter.
Eventual complains can be sent to our Data Protection Officer (DPO), Alexandra Traian, e-mail: dataprotection@nssg.global.
HOW DOES NSSG PROTECT PERSONAL DATA?
NSSG takes technical and procedural measures to ensure that collected, processed and stored data are safely managed. By this we prevent any cases of loss, falsification, destruction of information, or illegitimate access to data. Both employees, partners, and collaborators of NSSG are obliged to conform to our privacy policy regarding data management and have the information required to do so. Technical security measures are taken to ensure that data cannot be abusively accessed. Our website’s firewall and control procedures contribute to a safe display of public information and data gathering.
NSSG team follows secure procedures while using and analysing data by ensuring a security over their operating systems hardware and software. While printed information is stored only in organised manner and inside NSSG office. Our office has tailored security measures, including a surveillance system and access policies differentiating between staff members and visitors.
WHAT ARE MY PERSONAL DATA RIGHTS?
According to GDPR, personal data has the following rights protected and assured.
Right of access: this right assures access to informing whether personal data are collected and processed and, if so, the right to be sent a copy of data that is used by NSSG regarding your personal data.
Right of correction/rectification: if by consulting your data stored by NSSG, you encounter incorrect or incomplete data, you have the right to inform us how to correct or complete the data regarding your personal data profile. If you already have access to modify or complete your personal data profile, while using any of our applications, please do so in order to receive a best solution from our team.
Right of partial or complete deleting of data: data that are no longer necessary and that are no longer used in the expressed objective of our common projects and activities, can be partial or complete deleted based on a direct request.
Right of usage limitation: personal data gathered can be accessed and, if needed, can be further used in a limited or restricted manner through a direct request at our data protection e-mail address.
Right of portability: personal data stored online are under the effect of portability right and can be requested through a direct message to be provided in a formatted and accessible way.
Right of opposition: personal data can be restricted from processing based on the right of opposition, even when processing regards legitimate right of NSSG or is of public interest. In such a situation, NSSG will act on your request, except the cases where there are explicit requests from a competent authority or the data is already part of claiming request and response procedure.
Automated individual decisions: automated processing of data can be restricted by request, exceptions can be made if the automatised process is required by the common contract signed with NSSG where data protection is assumed.
Right of complaint: complaits can be forwarded to our DPO through our dedicated e-mail address: dataprotection@nssg.global. Your request will be processed and might require a proof of identity, in order to verify that the request is made by the legitimate person. If necessary, you have the right to deliver a complaint to National Supervision Authority of Personal Data Processing (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal) that has office in Bucharest, Romania at Blvd. General Gheorghe Magheru, 28-30, sector 1 or following procedures of its website: www.dataprotection.ro.
WEBSITE COOKIES POLICY
NSSG website collects and process data through cookies in order to ensure a better quality of information and promotion of our security services and methods. Improving public experience while navigating through NSSG site might require a constant adaptation to our public’s choices when it comes to online informing behaviour. This process helps us develop tailored services and informing products that can deliver the best security solution for our international public.
Cookies tool collects and analyse the following data while navigating our website: Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), visited pages, exit pages, operating systems, data and hour of visit, time spent on our website, clicks done on our website. These information helps us understand what are the services that respond to the international market needs over security products and what is our client’s profile overview. Based on this analysis we further develop and improve our services, products and our communication and informing style.
Further information and specific questions can be directly requested to our dedicated address: dataprotection@nssg.global.