1 Aim of this policy
This policy also tells you about your privacy rights and how you are protected by the General Data Protection Regulation (GDPR) and all other relevant and applicable data privacy and data protection laws in the countries in which we operate.
2 Scope of this policy
This policy applies to all personal information that OASIS holds on its clients, prospective clients, prospective Team Members, suppliers, consultants and any other interested parties, either in physical or electronic format, including online.
It also includes other information that we collect about you that does not directly personally identify you, for example the pages you have visited on our website.
It does not relate to any information that we process on behalf of our clients when providing services to you which are outlined in your contract with us, such as collecting items and placing them into storage, scanning items into digital format or shredding items that you have asked us to destroy..
Team Member privacy
Links to third-party websites
3 Policy statement
3.1 Our privacy promise
- to keep your data safe and private
- never share your information outside of the OASIS group, unless required to do so by law or to fulfil our contract with you
- not to sell your data
- to give you ways to manage and review your marketing choices at any time.
Your privacy is also protected by applicable data privacy and data protection laws including the GDPR. For further details of how we protect and safeguard your information, please refer to our GDPR Statements of Compliance on our website.
3.2 Who we are and how to contact us
OASIS is a leading Records and Information Management (RIM) provider. Our head office address is: Unit 3 Swords Business Campus, Balheary Road, Swords, Co. Dublin, K67 TY09, Ireland.
OASIS Group Compliance department. Email: email@example.com or OASIS Group Data Protection Officer: GRCI Law. Email: firstname.lastname@example.org Tel: m:+ 44 1353 494369
3.3 The information we collect from you and how we use it
The GDPR says that we are allowed to use personal information only if we have a proper reason to do so. It says we must have one or more of these reasons:
- when you consent to it
- to fulfil a contract we have with you
- when it is our legal duty
- when we are acting in the public interest
- when it is in our legitimate interest (this means we have a business or commercial reason of our own to use your information).
The table below shows how we may use your personal information (where applicable in each country in which we operate) and the reasons we rely on to do so. If we ever intend to use your information for different purposes or reasons, we will provide you with further information before we make those changes.
|The information we collect||What we do with it||Our reasons (legal basis for processing)||Who we share it with|
|Contact information (For example names, email addresses and telephone numbers)||Serving you as a client To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your ordersTo communicate with you about our products and services including service-related announcements, billing, changes to servicesTo respond to your enquiries and provide client care or supportTo invoice you for our services Serving you as a prospective client To respond to your enquiriesTo communicate with you about our products and services To welcome you to our premises To ensure that all visitors to our sites are recorded for health and safety and information security purposes To promote our products and services To make decisions about what products, services and offers we think you may be interested in To requests products or services from you To check your credentials before we hire you as our supplier, contractor, consultantTo place an order or ask questions about a product or service you provide to us To improve our products and services To request feedback on products and services, for example through client surveys||Your consentLegitimate interestsFulfilling contracts||OASIS internal teams including Client Care, Commercial Marketing, Procurement and Compliance teamsAny relevant regional sites Telemarketing agencies (to communicate with you)|
|Medical information (For example your temperature or a description of any symptoms or signs of infection of illness, such as the Coronavirus/Covid-19)||To manage any health and safety risks To identify if there is any risk of any visitors or contractors carrying any serious infections such as the Coronavirus (Covid-19) and passing this onto our Team Members or any other persons visiting our sites.To protect the health and safety of our Team Members, any other visitors and contractors at our sites, and/or the wider community.To reduce the spread of any infections either at OASIS or in the wider community.||ConsentPublic interest||Our regional sitesOASIS Compliance team where there are any health and safety risks or issues|
|Contractual information (Details about the products and services we provide to you or those you provide to us)||Serving you as a client To fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders and requests for changes to our products and servicesTo manage the invoicing of your account Hiring you as our supplier/consultant/contractor To check that you meet our information security, quality, environmental and business continuity requirements||Legitimate interestsFulfilling contracts||OASIS Client care teamsOur regional sites|
|Account information (Account number, contact information, sales and purchase information, details of pricing, fees and charges relating to your account, transactions on your account including payments)||Serving you as a client To invoice you for our products and servicesTo manage fees and charges on your accountsTo send communications relating to your account To promote our products and services To make decisions about what products, services and offers we think you may be interested in To buy products and services To pay you for products and services that we have purchased||Legitimate interestsFulfilling contracts||OASIS Client Care teamsOASIS Finance and commercial teams|
|Registration information (Security details you create and use to connect to our services, these could include one or more of the following: username, password, email address, IP addresses if restricted access is required)||To give you access to our online services for our products and services||Legitimate interestsFulfilling contracts||OASIS IT departmentOASIS Client Care teams|
|Complaint information (identity of complainant and any other individuals involved)||To investigate and resolve complaints||Legitimate interests||To the individual who the complaint is about|
|CCTV (Images of you on our premises)||To protect the security of our premisesTo protect the security of information held on our premises||Legitimate interests||Our IT and Facilities management teams|
|Cookies||To ensure that our website functions correctly To improve your experience of using our website||Legitimate interests||Our Marketing department|
|Consents Any permissions, consents or preferences that you give us||To allow us to contact you about our products and services||Consent||Our marketing department|
|Usage information Information about when you interact with our websites and services, the pages you visit, what you click on, when you perform those actions||When someone visits www.oasisgroup.com we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We use third-party providers to deliver our e-newsletters. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter.||Legitimate interests||Our IT and marketing departmentsData centres|
|Log data User account activity and events within OASIS applications, such as email addresses, the files viewed, orders placed, the date and timestamps of activities, changes made by the user to their account, such as description of boxes.||To fix bugs and troubleshoot product functionalityTo create new services, features, content or make recommendationsTo track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our services||Legitimate interests||Our IT department|
3.4 Where we collect information from
Your personal information is collected from any of these sources:
- from the data you give us, as described in the table above
- from business partners in order for us to fulfil our contractual obligations
- from vendors whose businesses we purchase
- from event logs on user activity within our applications as described in the table above
- from outside organisations such as companies who introduce you to us through marketing lists, if you have given your permission to those organisations to share your information with us
- we gather statistics around email opening and click through rates via Pardot. You can unsubscribe at any time. For more information please see Pardot’s privacy notice.
3.5 Sharing information
- to entities or individuals within the OASIS Group of companies who have a legitimate interest in the information
- to third parties who use your personal information to provide certain services such as OASIS sales and marketing campaigns or recruitment agencies during recruitment activities
- to business partners in order to fulfil our contractual responsibilities to deliver products and services, such as fulfilling your orders
- to any buyer in the event that we sell any part of our business or its assets
- to any regulatory, statutory or legal enforcement body when we are required to meet any applicable law, regulation, legal process or enforceable government request
We enter into confidentiality and data processing terms with any third parties or business partners to ensure that they comply with high levels of confidentiality and best practice in privacy and security standards.
We will not:
- sell or trade your personal information
- share or transfer your personal information outside of the EU without adequate protection. If we do share any personal information outside of the EU, we will ensure that this is protected by an appropriate legal mechanism such as the Privacy Shield framework, a data processing agreement, standard contractual clause agreements or any other relevant standards or agreements that will ensure that the information is adequately protected in line with the relevant legislation in the countries in which we operate.
3.6 How long we keep your personal information
We will only keep your personal information for the following time periods:
- for as long as you have given your consent (where consent is the lawful basis on which we are using your information)
- for as long as is necessary for the performance of the contract or service, and in accordance with our own retention policy
- for up to one year after you stop being a client in order to respond to a question or complaint. We may also keep your data for longer than one year if we are required to do so for legal or regulatory reasons or to adhere to our own retention policy.
Information that we hold on behalf of our clients
If you have an account with OASIS, we do not delete or destroy any information that we hold on your behalf unless we receive a written instruction from you. You are responsible for setting and managing your own time periods for the retention of information which OASIS might store, hold or process on your behalf.
3.7 Your rights
You have certain legal rights relating to the personal information we hold on you. These include the right to:
- access the personal information we hold on you
- request that we restrict how we use your personal information
- withdraw your consent or object to how we process your personal information
- request that it is corrected, updated, amended or deleted in appropriate circumstances
- request that it is transferred to another location.
If you would like to exercise any of your rights, please contact our Group Compliance team or Data Protection Officer using the contact details above, see 3.2 Who we are and how to contact us.
We will respond to your request within one month of receiving your request.
Keeping your information accurate and up to date
We want to ensure that your personal information is accurate and up to date. Please inform us if any of your personal information is inaccurate or needs updating.
We would like to send you information about our products and services which might be of interest. If you have consented to receive marketing information from us, you may opt out at any time by contacting our Group Compliance team or Data Protection Officer. You also have the opportunity to opt out via the link included in every marketing email you receive from us.
OASIS meets the highest standards when collecting and using personal information. For this reason, we take any complaints about this very seriously.
If you are dissatisfied with how we have handled any aspect of your privacy or personal information, please contact our Group Compliance team in the first instance. We also welcome any suggestions for improvement.
You may also contact the regulator in the country in which you reside.
UK: Information Commissioner’s Office (ICO) www.ICO.org.uk
ROI: Data Protection Commission (DPC) www.dataprotection.ie
Belgium: Data Protection Authority (DPA) https://www.privacycommission.be/
Netherlands: Autoriteit Persoonsgegevens (Dutch Data Protection Authority) https://autoriteitpersoonsgegevens.nl/en
If you choose not to give us your personal information
If we are requesting your personal information because it is necessary and relevant to the product or service we are delivering, and you withhold this information, it is likely that we will not be able to deliver the product or service, or there will be a delay in doing so.
We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won’t affect the products or services you have with us.
We will always ask for your consent before we send you marketing information, you can refuse this or opt out at any time.
What are Cookies?
Cookies are small text files which are placed on the device you are using to browse our website. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. They make the interaction between you and the website faster and easier.
Most web browsers allow some control of most cookies through the browser settings. You can manage the settings of Cookies including blocking or deleting them, through your browser settings. However, in a few cases some of our website features might not function as a result. If you need help and support to manage Cookies, visit www.aboutcookies.org.
This policy is reviewed at least annually for appropriateness and effectiveness, or whenever significant changes occur.
We will inform you whenever we make any changes to this policy.