UPDATED: OCTOBER 2018
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the ‘GDPR’), the data controller is Oikos or the relevant Challenger Limited group entity.
- Information Oikos may collect and process about you
However Oikos uses personal data it ensures that the usage complies with law and the law allows and/or requires it to use personal data for a variety of reasons. These include where Oikos:
- has obtained your consent;
- has legal and regulatory obligations that it must discharge (including recording of telephone calls);
- needs to do so in order to establish, exercise or defend its legal rights or for the purpose of legal proceedings;
- is fulfilling contractual obligations;
- is using your personal data for the legitimate business interests of Oikos and the Challenger Limited group, such as:
- allowing it to effectively and efficiently manage and administer the operation of its business;
- maintaining compliance with its internal policies and procedures;
- monitoring the use of its copyrighted materials;
- the purposes outlined elsewhere in this document;
- offering optimal, up-to-date security solutions for mobile devices and IT systems; and
- obtaining further knowledge of current threats to network security in order to update its security solutions.
- Sensitive data
Oikos does not seek to collect sensitive personal data (such as data revealing political opinions, religious beliefs or data concerning health or sex life). If Oikos does seek to collect such data, your explicit prior consent will be sought.
- International transfers and storage of personal data
Oikos is owned by Challenger Limited group, based in Australia. As a result, the data that Oikos collects from you may be transferred to, and stored at, destinations inside or outside the European Economic Area (“EEA”). It may also be processed by staff operating inside or outside the EEA who work for Oikos or the Challenger Limited group, or for one of its agents. Such staff may be engaged in, amongst other things, the provision of support services.
Where Oikos transfers your personal data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:
- the country that Oikos sends the data to might be approved by the European Commission as offering an adequate level of protection for personal data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data;
- where the recipient is located in the US, if it is a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit Oikos to otherwise transfer your personal data outside Europe.
You can obtain more details of the protection given to your personal data when it is transferred outside Europe (including a copy of the standard data protection clauses which Oikos have entered into with recipients of your personal data) by contacting us as described in paragraph 10 below.
Unfortunately, the transmission of information via the internet is not completely secure. Although Oikos will do its best to protect your personal data, Oikos cannot guarantee the security of your data transmitted to its website; any transmission is at your own risk.
- Purposes of processing
Oikos uses information held about you in the following ways:
- to provide you with information, services or benefits where you have consented to be contacted for such purposes (or in the other circumstances described in this paragraph 4);
- compliance with legal obligations (eg comply with diversity disclosures or anti-money laundering and anti-terrorism financing purposes);
- compliance with contractual obligations; or
- to notify you about changes to products or services.
If there is any change to your personal data which you have submitted to Oikos, please contact Oikos at the address in paragraph 10 so that it may ensure its records of your personal data are accurate and, where necessary, kept up to date. Personal data shall not be retained for longer than is necessary for the purpose for which it is held.
- Disclosure of your information
Oikos may disclose your personal information to the following categories of third parties and for the following purposes:
- with our business partners. Personal data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- if substantially all of Oikos’s assets or business are acquired by a third party, in which case personal data held by it may be one of the transferred assets; or
- How long Oikos keeps your personal data
How long Oikos will hold your personal data for will vary and will be determined by the following criteria:
- the purpose for which Oikos is using it – Oikos will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulations may set a minimum period for which Oikos has to keep your personal data.
- Your rights
In all the above cases in which Oikos collects, uses or stores your personal data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which Oikos holds about you;
- the right to withdraw your consent to the processing of your personal data at any time. Please note, however, that Oikos may still be entitled to process your personal data if it has another legitimate reason for doing so. For example, it may need to retain personal data to comply with a legal obligation;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that Oikos transmits those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided directly to Oikos;
- the right to request that Oikos rectifies your personal data if it is inaccurate or incomplete;
- the right to request that Oikos erases or puts beyond reasonable use your personal data in certain circumstances. Please note that there may be circumstances where you ask Oikos to erase or put beyond reasonable use your personal data but it is legally entitled to retain it;
- the right to object to, or request that Oikos restricts, its processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask Oikos to restrict, its processing of your personal data but it is legally entitled to refuse that request; and
- the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by Oikos.
You can exercise your rights by contacting Oikos at the address given below.
Oikos may use third party web analytics providers to collect information on how people use our website and to help us know what our customers find interesting and useful in our website. Our web analytics providers use “cookies” to collect information.
- How to contact Oikos
Data Protection Officer
Holehaven Wharf, Haven Road,
Canvey Island SS8 0NR
Telephone: 01268 682206
or via e-mail at email@example.com.
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Data Protection Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, Oikos’s Data Protection Officer will provide you with the contact information for that regulator.