• Solutions
  • Technology
  • PRIVACY POLICY

    Review date: February 21, 2020

    INTRODUCTION

    The ORS GROUP (“we”, “us”, “our”) believe in Personal Data governance. We are committed to protecting the privacy and security of the Personal Data of all individuals who come in contact with us, as provided by the EU General Data Protection Regulation 2016/679 (“GDPR”) and by all the applicable laws.

    Personal Data (“Data”) is any information relating to an identified or identifiable natural person.

    The ORS GROUP is a Personal Data Controller. This Privacy Policy (“Policy”) contains information about how we collect, store, hold, process, use, record, consult, disclose, erase, make decisions based upon, destroy and, in some instances, transmit Personal Data about you (the “Data Subject”). These activities are referred to as “Processing” or “Process.”

    Additional Privacy information may be provided in offer descriptions, contractual terms, supplemental Privacy statements or notices provided prior to or at the time of data collection.

    The person responsible for overseeing Data protection compliance issues within the ORS GROUP is the Company’s Data Protection Officer (“DPO”), who can be reached by email at DPO@orsgroup.ai

    For questions about anything contained in this Policy please contact the DPO.


    DATA PROTECTION PRINCIPLES

    We will comply with Data Protection Law and Principles, which means that your Data will be:

    • Used lawfully, fairly and in a transparent way.
    • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    • Relevant to the purposes we have told you about and limited only to those purposes.
    • Accurate and kept up to date.
    • Maintained only for as long as necessary for the purposes we have told you about, i.e. in relation to the recruitment exercise.
    • Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.

    WHAT DATA WE COLLECT AND WHY

    You may choose to give us Data directly in a variety of situations. For example, you may want to give us your name and contact information to communicate with you, to have information about one or more of our products or solutions, to process an order or to do business with us. You may also share a description of your education and work experience in connection with a job opening at ORS GROUP for which you wish to be considered. See our Candidate Privacy Statement

    When you wish to receive information, we may ask you to provide your name and business contact information, as well as other information in connection with your request. We use this information in connection with your request and to communicate with you.

    When you provide us with your business contact information (such as by handing over a business card) we may use this to communicate with you.

    We will retain your information for potential future interactions with you.
    If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.


    Data Collection through the Website: Cookies and Similar Tracking Technologies

    We use only session cookies for technical purposes, and we do not use Tracking Technologies. See our Cookies Policy


    LEGITIMATE INTEREST

    We may process your Personal Data:

    • For the purpose of this Privacy Policy.
    • To perform a contract or carry out a pre-contractual request.
    • For compliance with legal obligation to which the ORS GROUP is subject.
    • You reasonably expect the Company to use your Data.

    The list provided above is not exhaustive.


    CONSENT TO PROCESS YOUR DATA

    In general, as long as we are using your Data as set out in this Policy, your consent to the Processing is not required. In limited circumstances, we may request specific written consent to allow the Processing of certain Personal Data. If we do so, we will provide full details of the information requested and why it is needed, so that you can carefully consider whether to give consent.


    SHARING DATA WITHIN ORS GROUP AND WITHIN THIRD PARTIES

    Your Data may be shared between legal entities within the ORS GROUP. In addition, we may share your Data with third parties, including service providers.

    All legal entities and third parties to whom Data is transferred are required to take appropriate security measures to protect your Data, in line with the ORS GROUP’s policies. We do not allow third-party service providers to use your Data for their own purposes. They are only permitted to process your Data for specified purposes and in accordance with our instructions.


    PROTECTING THE RIGHTS AND PROPERTY OF ORS GROUP AND OTHERS

    We may also use or share your personal information to protect the rights or property of ORS GROUP, our business partners, suppliers, customers, or others when we have reasonable grounds to believe that such rights or property have been or could be affected. In addition, we reserve the right to disclose your personal information as required by law and/or to comply with a judicial proceeding, court order or legal process.


    PROVIDING SUPPORT

    We may use your personal information to support products or solutions you have obtained from us, such as notifying you of a product/solution update or fix. We may combine your information with information from other interactions with you to provide you with more valuable suggestions in relation to product and solutions support.

    In the course of providing technical support to you, we may sometimes have incidental access to data that you have provided to us or data that is located on your system. This data may contain information about you, your organization’s employees, customers, partners, or suppliers. This Policy does not apply to our access to or handling of this personal information; the conditions regarding the handling and processing of this data is covered by the applicable Terms of Use or other agreements between you and the ORS GROUP.


    EMAIL AND MARKETING

    The personal information you provide to us, as well as the personal information we have collected about you indirectly, may be used by us for marketing purposes, e.g., to keep you informed about solutions that we sell and which may complement an existing solutions portfolio. Before we do so, however, we will offer you the opportunity to choose whether or not to have your personal information used in this way. You may at any time choose not to receive marketing materials from us by following the unsubscribe instructions included in each e-mail you may receive, by indicating so when we call you, or by contacting the DPO.


    COLLECTION AND USE OF NON-PERSONAL DATA

    We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. If we do combine non-personal information with Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.


    DATA RETENTION

    We will keep your Data for no longer than is necessary for the purposes for which it is collected or processed. The criteria used to determine retention periods or whether Data can be purged will depend, among other things, on the ongoing need for the information as well as the legally mandated retention periods, and whether the information is subject to a document preservation order due to current or anticipated litigation or other legal matters.

    In general, Data will be removed if it has been superseded by more relevant or up to date information, or if it is out of date, irrelevant or no longer necessary. In some circumstances we may anonymize Data so that it can no longer be associated with you, in which case we may use such Data without further notice to you.


    DATA SECURITY AND DATA BREACH

    In general, Data will be removed if it has been superseded by more relevant or up to date information, or if it is out of date, irrelevant or no longer necessary. In some circumstances we may anonymize Data so that it can no longer be associated with you, in which case we may use such Data without further notice to you.

    We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


    TRANSFERRING DATA OUTSIDE THE EEA

    We may transfer Data about you to countries outside the European Economic Area (EEA), including to legal entities outside the EEA, in order to perform a contract with you. Certain countries are deemed “third countries” by the European Commission. The European Commission states that these third countries do not offer an adequate level of Data protection, whether by the country’s domestic legislation or through the international commitments the country has entered into.

    To ensure that your Data receives an adequate level of protection, we have put in place the following protective measures:

    • EU standard contractual clauses for the transfer of Personal Data to third countries (controller to processor transfer).
    • Intercompany agreements, with EU standard contractual clauses for the transfer of personal Data to third countries (controller to controller transfer).

    YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

    Under certain circumstances, by Law you have the right to:

    • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Data we hold about you and to check that we are lawfully processing it.
    • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
    • Request erasure of your Personal Data. This enables you to ask us to delete or remove Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
    • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Data for direct marketing purposes.
    • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Data about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your Personal Data to another party.

    If you want to review, verify, correct, or request erasure of your Data, object to its Processing, or request that the we transfer a copy of your Data to another party, please contact the DPO in writing. We may need to request specific information from you to help confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.


    USE OF INFORMATION IN THE SOCIAL COMPUTING ENVIRONMENT

    We may provide some social computing tools on our website to enable online sharing and collaboration among members who have registered to use them. These include forums, wikis, blogs and other social media platforms.

    Any content you post, such as pictures, information, opinions, or any other type of personal information that you make available to other participants on these social platforms or applications, is subject to the social computing tools’ Privacy Statement.

    When downloading, registering and using the social computing tools, you may be asked to provide certain personal information. Such content is subject to the Terms of Use of those applications or platforms, and any additional guidelines and privacy information provided in relation to their use, as well as the process by which you can remove your content from such tools or get help to do so.

    Please refer to them to better understand yours, our, and other parties’ rights and obligations with regard to such content. You should be aware that the content you post on any such social computing platforms may be made broadly available to others inside and outside the ORS GROUP. Please read their Privacy Statement to understand what the tools and applications may do.


    NOTIFICATION OF CHANGES

    We may update this Privacy Policy from time to time to reflect changes to our Data governance practices. The revised Policy will be posted on the website with an updated revision date.


    PRIVACY QUESTIONS AND ACCESS

    If you have a question about this Privacy Policy or ORS GROUP’s handling of your information, you can contact the DPO in writing.

    ORS GROUP corp.

    317 George Street, 3rd Floor
    New Brunswick, NJ 08901

    EIN 47-5276654

    ORS SA

    Via S. Balestra 27

    6900 Lugano (CH)
    VAT Nr CHE-168.143.050

    ORS srl

    Via Morando 1-3

    12060 Roddi (CN), Italy
    C.F. e P.IVA IT 02508050040

    _________

    Galleria Passarella n. 1

    20122 Milano

    ORS GROUP GmbH

    Herzog-Rudolf-Str. 2
    80539 München, Germany
    VAT Nr. DE 259 281 458