+34934182331 info@freelancecra.com
Last update: 25th of May 2018

Effective the 25th of May 2018, the General Data Protection Regulation (EU) 2016/679 comes into effect. It states that your specific, clear, freely given and unambiguous consent is needed to store your Personal Data on our systems.

FCRA Network S.L., better known as FCRA or FreelanceCRA.com, has previously actively obtained or received your Consent to store and process your Personal Data under these conditions. We will continue to do so until this Consent is withdrawn, or for as long we are required to save it for a clear legal, contractual or administrative reason.

We are proud to have you as part of our network.

Therefore, we are very committed to keeping your data updated. Please take a moment to send us your latest Curriculum Vitae or Project requirements via our Contact page.

Please know that you are always free to exercise your privacy rights to access, review, modify, and delete your Personal Data that we have saved, or to object to or restrict processing of your Personal Data, or request portability of your Personal Data, in accordance with the General Data Protection Regulations (EU) 2016/679.

We will gladly assist you in exercising your privacy rights. You can contact our Data Protection Officer at dataprotection@freelancecra.com or via our Personal Data Query Request Form

Updated Data Protection & Privacy Notice.

We have reviewed our current Standard Operating Procedures, and have updated our policies and databases to be compliant with the new General Data Protection Regulation.

We have concluded that your Personal Data is safe with us and has always been handled in line with the intent of the new General Data Protection Regulations.

  • Up to now, we have worked in accordance with the current Data Protection Regulation (Directive 95/46/EC), and stored your Data on encrypted servers or behind lock and key in offices with no public access.
  • We have always respected your right to access, review, modify, and delete your Personal Data that we process in accordance with European and Member State Laws.
  • We have been available to exercise your right to object to or restrict processing of your Personal Data, or request portability of your Personal Data.
  • We have always, and will always, reach out to you to verify accuracy of the Personal Data we have stored.
  • We have without fail obtained your Personal Consent before sharing your Personal Data, or a part thereof, with our Clients or any other third-party.

As from the 25th of May 2018, the General Data Protection Regulation will be applied throughout our business processes. We cordially invite you to read our updated Data Protection & Privacy Notice for Personal Data, and welcome any questions you might have for us.

Sincerely,

Eduard de Wolf

CEO FCRA Network S.L.

Introduction

Introduction

FCRA Network S.L. (hereinafter “FCRA”, “us”, “we”, “our”) is aware of the General Data Protection Regulation (Regulation (EU) 2016/679) valid as of the 25th of May 2018, which replaces the Data Protection Regulation (Directive 95/46/EC), and has implemented all known requirements in its internal management system (“IMS”).

The purpose of the GDPR is to provide a set of standardised data protection laws across all the Member States of the EEA. This should make it easier for EU citizens to understand how their data is being used.

FCRA Network S.L. and its network of worldwide consultancy Service Providers are committed to protecting your Personal Data, as we recognize your privacy rights as a data subject, and your right to confidentiality as a data controller or processor.

In this Data Protection & Privacy Notice (“Notice”), we explain our data protection and privacy practices and provide information on how and why we collect, use and share your Personal Data through our interaction with you, our clients and third parties, to carry out our services and processes with the aim to fulfil our legitimate business interests.

We aim to be transparent by providing information to individuals and organizations about how we will collect and use their Personal Data in our organisation.

We assure you that any cases of a breach of your Personal Data will be reported to you within 72 hours of FCRA becoming aware of a breach, and we commit to informing an applicable independent Supervisory Data Authority concerned, if and when mutually agreed with you, or legally obliged by applicable law(s).

Legal information about the General Data Protection Regulation (GDPR), which regulates the privacy rights of Personal Data can be found on https://gdpr-info.eu/

General Provisions

FCRA’s general provisions

 We appreciate the trust that you place in us by sharing your Personal Data with FCRA.

  • We aim to be transparent by providing information to individuals about how we will collect and use their Personal Data in our organisation.
  • We aim to always process your Personal Data in accordance with our mutual agreement, and with due diligence, maintaining the highest level of confidentiality.
  • We aim to always provide clear and fair information on how your Personal Data is used, and we will be transparent about what information we collect and how it is, or will be processed.
  • Within available organizational and technological means, we will take measures to protect your Personal Data from being used without your consent and will keep it secure from the moment it arrives, as part of our business processes.
  • We aim to comply with all applicable data protection laws and regulations. In case of any data loss we will inform relevant supervisory authorities in the applicable country.

This Notice and accompanying procedures form an integral part of FCRA’s Integrated Management System.

Basic Definitions

Basic definitions

 Data controller: the organization (a legal person, agency, public authority, etc.) or the natural person which, alone or depending on the organization and Personal Data processing activity, in collaboration with others defines what needs to happen with the Personal Data (and also collects Personal Data) and obviously is key in Personal Data protection.

Data processor: By contracts, a Data processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller (excluding the data controller’s own employees).

Data Subject: A Data subject means a person or organization whose personal or confidential details are collected and processed for various purposes.

Receiving Party: means, with respect to particular Personal or Confidential Data, the Party that receives such data.

Confidential Business Data: data that an institution, company or individual should not reveal to a third party without the consent of the client or data controller or a clear legal reason, such as, but not limited to, proprietary business data or sensitive market information with regards to pending projects, which can include secret formulas, processes, and methods used in production. Confidential Business Data might contain Personal Data.

Consent: “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

EEA:  means the “European Economic Area”

Personal Data: means any Personal Data or data that could allow you to be identified. Personal Data is, for instance, data or information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers and marketing contacts.

Examples of Personal Data we gather may include, but are not limited to: individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, CVs and other information a data subject might share with FCRA.

Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Sensitive Personal Data: means any Personal Data or data that could allow you to be identified that is of a more sensitive nature. Examples of Sensitive Personal Data are for instance an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), genetic or biometric data, physical or mental health or condition, criminal offences, or related proceedings.

Note:

  • Please note that FCRA does not actively use, collect, determine or disclose Sensitive Personal Data without your consent, other than as required by law.
  • We prefer you do not share Sensitive Personal Data with FCRA, unless
    1. it could legally or physically impact your ability to perform the services we, or our clients, request from you, or that you offer to FCRA and/or its client.
    2. Sharing of sensitive data is needed to provide services for a specific project.

In case we are the Receiving Party to Sensitive Personal Data, we will process this sensitive data in accordance with this privacy Notice.

Supervisory authority concerned: means a supervisory authority which is concerned by the processing of Personal Data because:

  • the controller or processor is established on the territory of the Member State of the EEA of that supervisory authority;
  • data subjects residing in the Member State of the EEA of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or a complaint has been lodged with that supervisory authority
Who are we and what is our legitimate interest ?

Who are we and what is our legitimate interest (our “Services”)?

 FCRA Network S.L. is a commercial network of independent clinical research consultants, such as, but not limited to, Clinical Research Associates, Regulatory Submission Specialists, Clinical Trial Liaisons or smaller local CRO companies (our “Service Provider”).

FCRA aims to match staffing request of, amongst others, Research Institutes, Pharmaceutical Sponsors and Contract Research Organizations (our “Client”) with potential Service Providers in its network, based on Personal Data stored in its databases (our “Business”), and progress to develop a consultancy agreement with both client and Service Provider for a specific project. FCRA is available to assist both Client and Service Provider throughout the project, but the project management and the project communication and information flow is usually direct between the client’s project manager and FCRA’s Service Provider.

Legitimate business interest

As a consultancy agency our core business is knowing the capacity that specific consultancy resources have available in certain geographical areas, and under which local market conditions, and to match this to a Client’s requirement. Therefore, the exchange and storage of Personal Data and the management and retention thereof, is at the heart of our business, and fundamental for our continued existence and the continuity of our Services.

In order maintain, expand and further develop our business, and to be able to support the needs of our Clients and our Service providers, we assess that it is our legitimate business interest to record and retain larger amounts of Personal Data of prospective and current Service providers, as well as Client contacts, current and past projects, requirements, and Confidential Business Data (as described in a separate policy, and governed by signed Confidentiality agreements, or contract); all for prolonged periods of time.

Historical file version tracking provides us with means to track a candidate’s talent development and experience over the years, as well as detect fraud. Having a current and continuously updated HR database enables us to meet our Client’s and Service Provider’s needs. Retaining Client data allows us to analyse our business processes, to stay competitive and on the cutting edge of each local resource market where we operate. This is all useful business data that is used regularly.

The Personal Data we retain is continuously refreshed and is not in our databases for the off-chance it might be useful one day. It is an essential part of our daily process of assessing requirement, selection, contracting and placement of Service Providers on the projects of our Clients.

Data we collect

Data we collect

FCRA may with legitimate interest actively or passively collect, or be the Receiving Party of, Personal Data about you from different sources, including:

Data you give us directly

We may collect, or be the Receiving Party of, Personal Data from you directly when you send an email to FCRA or register on our FCRA website (www.FreelanceCRA.com) and provide your CV and other documents, sign up to receive information, use applications, buy service from us, fill out a survey, or make a comment or enquiry. The types of Personal Data we may collect from you directly include, but may not be limited to: name, address, email address, user name, contact details, bank account number or other payment information, age, date of birth, gender, Curriculum Vitae, and any other Personal Data you voluntarily provide to us.

We may collect information from you directly when you provide us with personal information, e.g. when you register for prize draws or competitions, sign up to receive information, use applications, buy a product or service from us, fill out a survey, or make a comment or enquiry. The types of information we may collect from you directly include your:

  • name
  • address
  • email address
  • user name
  • telephone number
  • credit card or other payment information
  • age
  • date of birth
  • gender
  • user-generated content, posts and other content you submit to Unilever Sites
  • any other personal information you voluntarily provide to us

Data collected automatically when you use the FCRA sites

We (and third-party service providers acting on our behalf) may use, or be the Receiving Party of, cookies and other tools (such as web analytic tools and pixel tags) to automatically collect Personal Data about you when you use FCRA Sites, subject to the terms of this Data Protection and Privacy Notice and applicable data laws and regulations. The types of Personal Data collected automatically as the Receiving Party may include: information about the type of browser you use, details of the web pages you have viewed, your IP address, the hyperlinks you have clicked, your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites.We (and third party service providers acting on our behalf) use cookies and other tools (such as web analytic tools and pixel tags) to automatically collect information about you when you use Unilever Sites, subject to the terms of this Privacy Notice and applicable data laws and regulations. The types of information collected automatically may include:

  • information about the type of browser you use
  • details of the web pages you have viewed
  • your IP address
  • the hyperlinks you have clicked
  • your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook or the +1 functionality on Google+)
  • the websites you visited before arriving at a Unilever Site

Data we collect from other sources

We may request, or be the Receiving Party of, Personal Data about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. For instance, FCRA cooperates with platforms which allow FCRA to place their advertisements and allow people to submit contact data, their CVs and other documents, to be used by FCRA for legitimate business interests.

Data we use, Purpose Limitation and Legal basis

Data we use

Purpose limitation

The Purpose Limitation principle prevents FCRA from using Personal Data for any other reason than it was intended for at the time of collection. The only exception to this is if the new purpose is compatible with the old one.

A large part of FCRA’s database contains, amongst other information, Personal Data of potential Service Providers as well as Confidential Business Data of pending or running clinical, observational, epidemiological or medical device registries, studies, trials or market research projects (“project” or “projects”).

Any Personal Data provided by you to FCRA through, but limited to, registration, administration, contract data, project data or CV submission, with and use of, the website or our applications (“Apps”), such as e-mail, Docusign Platform, or other third-party technological service providers, will only be used for the following purposes by FCRA:

  • updating and enhancing database records and those of other related FCRA activities; and
  • defining areas of interest to you and improving the services to meet clients’ and providers’ requirements, including compiling information relating to users’ movements across the website; and
  • handling orders, delivering products and services, processing payments and invoices, communicating with you about orders, products and services and generally maintaining your account; and
  • advising you of other products and services which may be of interest; (v) providing, only with your clear, unambiguous and freely given consent, your contact details and other facilitating information (such as Blinded CVs and Open CVs, or company and project information) to interested parties; and
  • administer, operate, protect and maintain the Website, Apps or Services, and improve the use, service and support thereof by clients, providers and other interested visitors investigate; and
  • prevent fraudulent activities and data entries, unauthorized access to the Website, Apps or Services, and other illegal activities; and respond to inquiries and requests; and
  • to provide you with information and access to resources that you have requested or might interest you; and
  • register you to become part of the supporting services FCRA provides to its Clients and Service Providers, such as training, or ad-hoc consultancy.
  • Any other service we might develop in the future, and will explain to you at that time.

We and our third-party marketing service providers may also use the Personal Data which data subjects send to us for our marketing purposes, if this is in accordance with applicable law and/or agreements we have in place. However, you may opt out of our marketing by contacting us.

Legal basis for processing Personal Data (EEA only)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

There are 6 lawful bases for processing Personal Data.

Data processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

 If you are from outside the EEA, please check with a local lawyer what the local lawful bases of processing local data are. It is important to remember that no matter what your location of business is, IF you process the data of a citizen living within the EEA, you are bound to abide by the GDPR rules and regulations.

If we collect and use your Personal Data in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “Data We Use” section), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” section below.

Consent

Consent

 Consent to share Personal Data

FCRA will only collect, use or disclose your Personal Data in accordance with the intent of the GDPR legislation and with your clear consent (see definition below).

In every case your direct Personal Data is shared with third parties, we will ask for your specific consent explicitly.

In case we would like to use your indirect Personal Data for various or several occasions, such as for the use of a blinded CV, we will ask for a specific consent for a prolonged period of time.

Details regarding the processes for obtaining consents are covered in FCRA’s management system.

Consent to share Personal Data via the website

By using a FCRA Network website or third-party platforms for placing your Personal Data, you are consenting to FCRA collecting, using and disclosing your Personal Data in accordance with this Data Protection and Privacy Notice.

Before submitting, FCRA will ask you to actively consent to the use as per our purpose limitations as described in this Notice.

If you do not agree clearly, freely and unambiguously to the collection, use and disclosure of your Personal Data via the website, please do not use the contact page of www.FreelanceCRA.com, or any other websites owned by FCRA Network S.L.

If you already gave a specific and informed consent, but later decided differently, please take affirmative action and let us know via a clear statement, and we will remove all your data from our systems and databases, within legal limits in accordance with the GDPR legislation.

Joint Data controllers of Personal Data.

If Personal Data has two or more controllers jointly determining the purposes and means of processing, they shall be joint controllers. A concrete example for our business segment might be a Sponsored study, performed by a CRO, where the CRO processes Personal Data together with the Sponsor, as well as our Service Providers. Sponsor, CRO and Service Provider might use existing Personal Data, or create new Personal Data of data subjects participating in a data-generating project they jointly manage for different purposes.

The joint controllers shall in that case in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR relations, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by law to which the controllers are subject.

The arrangement may designate a contact point for data subjects.

Your privacy rights

Your privacy rights

 What can you do with your Personal Data?

Most countries which enforce a data protection legislation, including the EEA, provide you, the data subject, with the rights and opportunity to access, review, modify, and delete your Personal Data which is collected via our Website, Apps or via our Services for our legitimate interest, our account management, billing or marketing purposes and where required by applicable law. If you live outside of the EEA, please check your privacy rights locally.

Your additional Privacy Rights as a citizen of the EEA.

In addition to your rights to access, review, modify, and delete your Personal Data, if you are from the EEA, you may have broader rights to access and delete your Personal Data, to object to or restrict processing of your Personal Data, or request portability of your Personal Data, in accordance with the European and local GDPR legislation.

Duration of your rights

If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time, should you choose to do so. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

To make such requests, you can send an email to dataprotection@freelancecra.com or write to us at the mailing address in the “Contact Us” section below. We will consider and handle all requests in accordance with applicable laws.

You also have the right to complain to your local data protection supervisory authority at any time.

Unsubscribe from our mailing list

You may at any time ask us to remove you from our mailing list by sending us an email at dataprotection@freelancecra.com. We will remove you from our mailing list in accordance with applicable laws.

To request that your phone number be removed from future sales calls, please email dataprotection@freelancecra.com.

Sharing and disclosure of Personal Data

Sharing and disclosure of Personal Data

Sharing and disclosure of Personal Data (with third parties, sites or data sources)

FCRA provides staffing services to Clients, as well as to Service Providers in this business segment. With your consent, we may share your Personal Data with our trusted business partners based in Europe and out of Europe.

We may share your personal information with:

  • our advertising, marketing and promotional agencies to help us deliver and analyse the effectiveness of our advertising campaigns and promotions
  • third parties required to deliver a product or service to you, such as a delivery or postal service delivering a product that you have ordered
  • law enforcement or government authorities where they have followed due legal process to request us to disclose the information
  • third parties who wish to send you information about their products and services, but only if you have given us consent to do so
  • third party providers of services, such as data processing, to Unilever
  • web analytics tool providers, such as Google or Unica

If we do share your personal information with another Unilever Group company or with trusted third parties, we shall use our best efforts to ensure that they keep your information secure, take all reasonable steps to protect it from misuse and only use it in a manner consistent with our instructions, this Privacy Notice and applicable data protection laws and regulations.

We may also share your Personal Data with other companies, organisations or individuals in relation to the services we provide, ensuring that the disclosure of the Personal Data is only necessary to meet our legal requirements and obligations.

In each case when your Personal Data is shared with a third-party, we will inform you about the purpose for which your data will be used, with whom the data will be shared, how long it will be kept in our databases/ systems.

We may share and disclose your information we collect with the following third parties:

  • FCRA or any of its Service Providers within or outside of the EEA, consistent with this Notice for data processing, or signed agreements;
  • Business partners, contractors, vendors, and authorized third party agents, to:
  • Operate, deliver, improve and customize our Services
  • Provide support and technical services;
  • Send marketing and other communications related to business;
  • Enforce our policies;
  • Law enforcement agencies, regulatory or governmental bodies, or other third parties to respond to legal process, comply with any legal obligation; protect or defend our rights, interests or property or that of third parties; prevent or investigate wrongdoing in connection with the Website, Apps or our Services;
  • Any third parties in connection with prospective or actual, sale, merger, acquisition, financing or reorganization of our business

This Notice does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which our Website links, including but not limited to, social media sites. The inclusion of a link on the Website does not imply our endorsement of the linked site or service.

Exercising privacy rights by third parties

In general, when processing Personal Data to provide our Services, we do so only when legally or administratively required to do so, and on behalf of our Clients and Service providers in accordance with their instructions. This means that if you wish to access, review, modify or delete any Personal Data we process on behalf of a Client or Service Provider under applicable EEA law or otherwise, you should contact that Client or Service Provider with your request. We will then help them to fulfil that request in accordance with their instructions.

Security and automated processes

Security and automated processes

Security

We assure you that all the Personal Data submitted to FCRA will be kept confidential and secure once it reaches our hosted servers. For our website and business processes we aim to contract third-party providers that use reliable point-to-point encryption methods for data transfer, are GDPR compliant and based within the EEA.

The Personal Data will be processed (by means of a computer database or otherwise) by FCRA in accordance with the provisions of the General Data Protection Regulation effective 25th of May 2018, or our signed mutual agreements.

We take all reasonable technical and organizational precautions to keep your Personal Data secure and require any third parties that we work with who handle or process your Personal Data for us to do the same. Access to your Personal Data is restricted to prevent unauthorised access, modification or misuse and is only permitted among FCRA and any third parties strictly related to our business processes and the services we provide.

FCRA has no control over or responsibility for the security or privacy policies or practices of other sites on the Internet you might visit, interact with, or from which you might buy products or Services, even if you visit them using links from our Website.

Please note that no website, mobile app or service is completely secure and so, while we endeavour to protect your Personal Data using the measures described above, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will not occur.

Automated processes.

Your Personal Data is classified based on the data you share with us, and a parsing system might be used to file your data to be able to match searches to output requirements. Most of data handling and data assessment is performed by FCRA employees or qualified Service Providers, and not performed by any automated systems.

Data retention

Data retention

Personal Data storage

We inform you that FCRA sees it as a legitimate interest of the potential and existing candidates, clients and FCRA to maintain Personal Data in our system from the moment a data subject gives Consent until this Consent is withdrawn, or for as long as there is a legal, contractual or administrative reason to store and process Personal Data. Data is deleted the moment Purpose limitation applies, or if it is no longer being stored according to our Legitimate interest.

For existing clients, we are often required to keep confidential and Personal Data on file for anywhere between 5 and 15 years, depending on the contractual agreement.

For further explanations of our legitimate business interests to store Personal Data for prolonged periods of time, please refer to the legitimate interest section.

Personal Data contained in legal and administrative documents

Personal Data contained in legal and administrative documents can be accessed, rectified and updated, but not transferred, erased, objected to, or restricted in processing. Contracts will be kept on file as long as FCRA is legally required to, or for as long as any clause of a contracts remains active or FCRA has a legitimate interest to save these contracts.

Data minimization of all other data

All other data will be processed as per GDPR´s intent of Data minimization.

GDPR states that when data is no longer needed for the purpose it was collected, it should be deleted, and that we shouldn’t keep hold of data on the off-chance that it may be useful in the future.

Therefore, FCRA will store data needed for its processes for as long as both FCRA and the data subject agree there is a legitimate interest in doing so, or for as long as FCRA is legally or administratively required to do so.

Our Integrated Management System describes business processes to continuously delete or update data that has become outdated or obsolete.

International data transfers

International data transfers

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, Personal Data collected in the European Economic Area (“EEA”) or the Rest of the World (“ROW”), may be transferred to and stored on third-party servers in the United States, Canada, Australia, United Kingdom (anticipating Brexit in 2019), Switzerland, and potentially in other countries where our third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country or the EEA (and in some cases, may not be as protective). For our business processes we aim to contract third-party providers that are trusted and well-established, use reliable point-to-point encryption methods for data transfer, and that are GDPR compliant.

Changes to this Notice

Changes to this Notice

If we change our Notice, we will post those changes on this page with 30 days’ notice in addition to updating the “Last Updated” date at the top of this webpage. If we make changes, we will notify you more directly, for example by posting a notification or message on the Website or by emailing you prior to such changes taking effect. We encourage you to review this Notice regularly to stay informed of the latest modifications.

Should we see a legitimate interest to use your Personal Data in a manner different from that stated at the time of collection your data, we will notify you, and you will have a choice as to whether we can use or process your Personal Data in such a way.

Contact us

Contact us

 Given that our core activities consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a larger scale, we have assigned a Data Protection Officer.

If you have any questions, comments or concerns about how we handle your Personal Data, please please fill in the form (see: Personal Data Query Request Form) or send your clear request to FCRA’s Data Protection Officer (“DPO”)

Please remember that you have, amongst others, the following rights without explaining the reasons:

  • To request us to correct, update, or delete your Personal Data in our records.
  • To report any misuse of your Personal Data
  • To request not to be contacted by us in the future
  • To request to receive a copy of your Personal Data which we keep in our systems.
  • To request help from us in case of any other questions related to your Personal Data that we might hold in our systems.

Thank you for your attention.

Sincerely,

The Management Team of FCRA Network S.L.

Full text of our Policy

Data protection & Privacy Notice for Personal Data.

Agenda:

  • Statement 25th of May 2018
  • Introduction
  • FCRA’s general provisions
  • Basic definitions
  • Who are we and what is our legitimate interest?
    • Legitimate business interest
  • Data we collect
    • Data you give us directly
    • Data collected automatically when you use the FCRA sites
    • Data we collect from other sources
  • Data we use
    • Purpose limitation
    • Legal basis for processing Personal Data (EEA only)
  • Consent
    • Consent to share Personal Data
    • Consent to share Personal Data via the website
    • Joint Data controllers of Personal Data.
  • Your privacy rights
    • What can you do with your Personal Data?
    • Your additional Privacy Rights as a citizen of the EEA.
    • Duration of your rights
    • Unsubscribe from our mailing list
  • Sharing and disclosure of Personal Data
    • Sharing and disclosure of Personal Data with third parties, sites or data sources
    • Exercising privacy rights by third parties
  • Security and automated processes
  • Security
    • Automated processes
  • Data retention
    • Personal Data storage
    • Personal Data contained in legal and administrative documents
    • Data minimization of all other data
  • International data transfers
  • Changes to notice
  • Contact us

 

Statement with regards to GDPR as per the 25th of May 2018:

Effective the 25th of May 2018, the General Data Protection Regulation (EU) 2016/679 apply. It states that your specific, clear, freely given and unambiguous consent is needed to store your Personal Data on our systems.

FCRA Network S.L., better known as FCRA or FreelanceCRA.com, has previously actively obtained or received your Consent to store and process your Personal Data under these conditions. We will continue to do so until this Consent is withdrawn, or for as long we are required to save it for a clear legal, contractual or administrative reason.

We are proud to have you as part of our network.

Therefore, we are very committed to keeping your data updated. Please take a moment to send us your latest Curriculum Vitae or Project requirements via our Contact page.

Please know that you are always free to exercise your privacy rights to access, review, modify, and delete your Personal Data that we have saved, or to object to or restrict processing of your Personal Data, or request portability of your Personal Data, in accordance with the General Data Protection Regulation (EU) 2016/679.

We will gladly assist you in exercising your privacy rights. You can contact our Data Protection Officer at dataprotection@freelancecra.com or via our Personal Data Query Request Form

Updated Data Protection & Privacy Notice.

We have reviewed our current Standard Operating Procedures, and have updated our policies and databases to be compliant with the new General Data Protection Regulation.

We have concluded that your Personal Data is safe with us and has always been handled in line with the intent of the new General Data Protection Regulation.

  • Up to now, we have worked in accordance with the current Data Protection Regulation (Directive 95/46/EC), and stored your Data on encrypted servers or behind lock and key in offices with no public access.
  • We have always respected your right to access, review, modify, and delete your Personal Data that we process in accordance with European and Member State Laws.
  • We have been available to exercise your right to object to or restrict processing of your Personal Data, or request portability of your Personal Data.
  • We have always, and will always, reach out to you to verify accuracy of the Personal Data we have stored.
  • We have without fail obtained your Personal Consent before sharing your Personal Data, or a part thereof, with our Clients or any other third-party.

As from the 25th of May 2018, the General Data Protection Regulation will be applied throughout our business processes. We cordially invite you to read our updated Data Protection & Privacy Notice for Personal Data, and welcome any questions you might have for us.

Sincerely,

Eduard de Wolf

CEO FCRA Network S.L.

 

Introduction

FCRA Network S.L. (hereinafter “FCRA”, “us”, “we”, “our”) is aware of the General Data Protection Regulation (Regulation (EU) 2016/679) valid as of the 25th of May 2018, which replaces the Data Protection Regulation (Directive 95/46/EC), and has implemented all known requirements in its internal management system (“IMS”).

The purpose of the GDPR is to provide a set of standardised data protection laws across all the Member States of the EEA. This should make it easier for EU citizens to understand how their data is being used.

FCRA Network S.L. and its network of worldwide consultancy Service Providers are committed to protecting your Personal Data, as we recognize your privacy rights as a data subject, and your right to confidentiality as a data controller or processor.

In this Data Protection & Privacy Notice (“Notice”), we explain our data protection and privacy practices and provide information on how and why we collect, use and share your Personal Data through our interaction with you, our clients and third parties, to carry out our services and processes with the aim to fulfil our legitimate business interests.

We aim to be transparent by providing information to individuals and organizations about how we will collect and use their Personal Data in our organisation.

We assure you that any cases of a breach of your Personal Data will be reported to you within 72 hours of FCRA becoming aware of a breach, and we commit to informing an applicable independent Supervisory Data Authority concerned, if and when mutually agreed with you, or legally obliged by applicable law(s).

Legal information about the General Data Protection Regulation (GDPR), which regulates the privacy rights of Personal Data can be found on https://gdpr-info.eu/

 

FCRA’s general provisions

 We appreciate the trust that you place in us by sharing your Personal Data with FCRA.

  • We aim to be transparent by providing information to individuals about how we will collect and use their Personal Data in our organisation.
  • We aim to always process your Personal Data in accordance with our mutual agreement, and with due diligence, maintaining the highest level of confidentiality.
  • We aim to always provide clear and fair information on how your Personal Data is used, and we will be transparent about what information we collect and how it is, or will be processed.
  • Within available organizational and technological means, we will take measures to protect your Personal Data from being used without your consent and will keep it secure from the moment it arrives, as part of our business processes.
  • We aim to comply with all applicable data protection laws and regulations. In case of any data loss we will inform relevant supervisory authorities in the applicable country.

This Notice and accompanying procedures form an integral part of FCRA’s Integrated Management System.

 

Basic definitions

 Data controller: the organization (a legal person, agency, public authority, etc.) or the natural person which, alone or depending on the organization and Personal Data processing activity, in collaboration with others defines what needs to happen with the Personal Data (and also collects Personal Data) and obviously is key in Personal Data protection.

Data processor: By contracts, a Data processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller (excluding the data controller’s own employees).

Data Subject: A Data subject means a person or organization whose personal or confidential details are collected and processed for various purposes.

Receiving Party: means, with respect to particular Personal or Confidential Data, the Party that receives such data.

Confidential Business Data: data that an institution, company or individual should not reveal to a third party without the consent of the client or data controller or a clear legal reason, such as, but not limited to, proprietary business data or sensitive market information with regards to pending projects, which can include secret formulas, processes, and methods used in production. Confidential Business Data might contain Personal Data.

Consent: “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

EEA:  means the “European Economic Area”

Personal Data: means any Personal Data or data that could allow you to be identified. Personal Data is, for instance, data or information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers and marketing contacts.

Examples of Personal Data we gather may include, but are not limited to: individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, CVs and other information a data subject might share with FCRA.

Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Sensitive Personal Data: means any Personal Data or data that could allow you to be identified that is of a more sensitive nature. Examples of Sensitive Personal Data are for instance an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), genetic or biometric data, physical or mental health or condition, criminal offences, or related proceedings.

Note:

  • Please note that FCRA does not actively use, collect, determine or disclose Sensitive Personal Data without your consent, other than as required by law.
  • We prefer you do not share Sensitive Personal Data with FCRA, unless
    1. it could legally or physically impact your ability to perform the services we, or our clients, request from you, or that you offer to FCRA and/or its client.
    2. Sharing of sensitive data is needed to provide services for a specific project.

In case we are the Receiving Party to Sensitive Personal Data, we will process this sensitive data in accordance with this privacy Notice.

Supervisory authority concerned: means a supervisory authority which is concerned by the processing of Personal Data because:

    • the controller or processor is established on the territory of the Member State of the EEA of that supervisory authority;
  • data subjects residing in the Member State of the EEA of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or a complaint has been lodged with that supervisory authority

 

Who are we and what is our legitimate interest (our “Services”)?

 FCRA Network S.L. is a commercial network of independent clinical research consultants, such as, but not limited to, Clinical Research Associates, Regulatory Submission Specialists, Clinical Trial Liaisons or smaller local CRO companies (our “Service Provider”).

FCRA aims to match staffing request of, amongst others, Research Institutes, Pharmaceutical Sponsors and Contract Research Organizations (our “Client”) with potential Service Providers in its network, based on Personal Data stored in its databases (our “Business”), and progress to develop a consultancy agreement with both client and Service Provider for a specific project. FCRA is available to assist both Client and Service Provider throughout the project, but the project management and the project communication and information flow is usually direct between the client’s project manager and FCRA’s Service Provider.

Legitimate business interest

As a consultancy agency our core business is knowing the capacity that specific consultancy resources have available in certain geographical areas, and under which local market conditions, and to match this to a Client’s requirement. Therefore, the exchange and storage of Personal Data and the management and retention thereof, is at the heart of our business, and fundamental for our continued existence and the continuity of our Services.

In order maintain, expand and further develop our business, and to be able to support the needs of our Clients and our Service providers, we assess that it is our legitimate business interest to record and retain larger amounts of Personal Data of prospective and current Service providers, as well as Client contacts, current and past projects, requirements, and Confidential Business Data (as described in a separate policy, and governed by signed Confidentiality agreements, or contract); all for prolonged periods of time.

Historical file version tracking provides us with means to track a candidate’s talent development and experience over the years, as well as detect fraud. Having a current and continuously updated HR database enables us to meet our Client’s and Service Provider’s needs. Retaining Client data allows us to analyse our business processes, to stay competitive and on the cutting edge of each local resource market where we operate. This is all useful business data that is used regularly.

The Personal Data we retain is continuously refreshed and is not in our databases for the off-chance it might be useful one day. It is an essential part of our daily process of assessing requirement, selection, contracting and placement of Service Providers on the projects of our Clients.

Data we collect

FCRA may with legitimate interest actively or passively collect, or be the Receiving Party of, Personal Data about you from different sources, including:

Data you give us directly

We may collect, or be the Receiving Party of, Personal Data from you directly when you send an email to FCRA or register on our FCRA website (www.FreelanceCRA.com) and provide your CV and other documents, sign up to receive information, use applications, buy service from us, fill out a survey, or make a comment or enquiry. The types of Personal Data we may collect from you directly include, but may not be limited to: name, address, email address, user name, contact details, bank account number or other payment information, age, date of birth, gender, Curriculum Vitae, and any other Personal Data you voluntarily provide to us.

We may collect information from you directly when you provide us with personal information, e.g. when you register for prize draws or competitions, sign up to receive information, use applications, buy a product or service from us, fill out a survey, or make a comment or enquiry. The types of information we may collect from you directly include your:

  • name
  • address
  • email address
  • user name
  • telephone number
  • credit card or other payment information
  • age
  • date of birth
  • gender
  • user-generated content, posts and other content you submit to Unilever Sites
  • any other personal information you voluntarily provide to us

Data collected automatically when you use the FCRA sites

We (and third-party service providers acting on our behalf) may use, or be the Receiving Party of, cookies and other tools (such as web analytic tools and pixel tags) to automatically collect Personal Data about you when you use FCRA Sites, subject to the terms of this Data Protection and Privacy Notice and applicable data laws and regulations. The types of Personal Data collected automatically as the Receiving Party may include: information about the type of browser you use, details of the web pages you have viewed, your IP address, the hyperlinks you have clicked, your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites.We (and third party service providers acting on our behalf) use cookies and other tools (such as web analytic tools and pixel tags) to automatically collect information about you when you use Unilever Sites, subject to the terms of this Privacy Notice and applicable data laws and regulations. The types of information collected automatically may include:

  • information about the type of browser you use
  • details of the web pages you have viewed
  • your IP address
  • the hyperlinks you have clicked
  • your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook or the +1 functionality on Google+)
  • the websites you visited before arriving at a Unilever Site

Data we collect from other sources

We may request, or be the Receiving Party of, Personal Data about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. For instance, FCRA cooperates with platforms which allow FCRA to place their advertisements and allow people to submit contact data, their CVs and other documents, to be used by FCRA for legitimate business interests.

 

Data we use

Purpose limitation

The Purpose Limitation principle prevents FCRA from using Personal Data for any other reason than it was intended for at the time of collection. The only exception to this is if the new purpose is compatible with the old one.

A large part of FCRA’s database contains, amongst other information, Personal Data of potential Service Providers as well as Confidential Business Data of pending or running clinical, observational, epidemiological or medical device registries, studies, trials or market research projects (“project” or “projects”).

Any Personal Data provided by you to FCRA through, but limited to, registration, administration, contract data, project data or CV submission, with and use of, the website or our applications (“Apps”), such as e-mail, Docusign Platform, or other third-party technological service providers, will only be used for the following purposes by FCRA:

  • updating and enhancing database records and those of other related FCRA activities; and
  • defining areas of interest to you and improving the services to meet clients’ and providers’ requirements, including compiling information relating to users’ movements across the website; and
  • handling orders, delivering products and services, processing payments and invoices, communicating with you about orders, products and services and generally maintaining your account; and
  • advising you of other products and services which may be of interest; (v) providing, only with your clear, unambiguous and freely given consent, your contact details and other facilitating information (such as Blinded CVs and Open CVs, or company and project information) to interested parties; and
  • administer, operate, protect and maintain the Website, Apps or Services, and improve the use, service and support thereof by clients, providers and other interested visitors investigate; and
  • prevent fraudulent activities and data entries, unauthorized access to the Website, Apps or Services, and other illegal activities; and respond to inquiries and requests; and
  • to provide you with information and access to resources that you have requested or might interest you; and
  • register you to become part of the supporting services FCRA provides to its Clients and Service Providers, such as training, or ad-hoc consultancy.
  • Any other service we might develop in the future, and will explain to you at that time.

We and our third-party marketing service providers may also use the Personal Data which data subjects send to us for our marketing purposes, if this is in accordance with applicable law and/or agreements we have in place. However, you may opt out of our marketing by contacting us.

Legal basis for processing Personal Data (EEA only)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

There are 6 lawful bases for processing Personal Data.

Data processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

 If you are from outside the EEA, please check with a local lawyer what the local lawful bases of processing local data are. It is important to remember that no matter what your location of business is, IF you process the data of a citizen living within the EEA, you are bound to abide by the GDPR rules and regulations.

If we collect and use your Personal Data in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “Data We Use” section), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” section below.

 

Consent

 Consent to share Personal Data

FCRA will only collect, use or disclose your Personal Data in accordance with the intent of the GDPR legislation and with your clear consent (see definition below).

In every case your direct Personal Data is shared with third parties, we will ask for your specific consent explicitly.

In case we would like to use your indirect Personal Data for various or several occasions, such as for the use of a blinded CV, we will ask for a specific consent for a prolonged period of time.

Details regarding the processes for obtaining consents are covered in FCRA’s management system.

Consent to share Personal Data via the website

By using a FCRA Network website or third-party platforms for placing your Personal Data, you are consenting to FCRA collecting, using and disclosing your Personal Data in accordance with this Data Protection and Privacy Notice.

Before submitting, FCRA will ask you to actively consent to the use as per our purpose limitations as described in this Notice.

If you do not agree clearly, freely and unambiguously to the collection, use and disclosure of your Personal Data via the website, please do not use the contact page of www.FreelanceCRA.com, or any other websites owned by FCRA Network S.L.

If you already gave a specific and informed consent, but later decided differently, please take affirmative action and let us know via a clear statement, and we will remove all your data from our systems and databases, within legal limits in accordance with the GDPR legislation.

Joint Data controllers of Personal Data.

If Personal Data has two or more controllers jointly determining the purposes and means of processing, they shall be joint controllers. A concrete example for our business segment might be a Sponsored study, performed by a CRO, where the CRO processes Personal Data together with the Sponsor, as well as our Service Providers. Sponsor, CRO and Service Provider might use existing Personal Data, or create new Personal Data of data subjects participating in a data-generating project they jointly manage for different purposes.

The joint controllers shall in that case in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14 of the GDPR relations, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by law to which the controllers are subject.

The arrangement may designate a contact point for data subjects.

 

Your privacy rights

 What can you do with your Personal Data?

Most countries which enforce a data protection legislation, including the EEA, provide you, the data subject, with the rights and opportunity to access, review, modify, and delete your Personal Data which is collected via our Website, Apps or via our Services for our legitimate interest, our account management, billing or marketing purposes and where required by applicable law. If you live outside of the EEA, please check your privacy rights locally.

Your additional Privacy Rights as a citizen of the EEA.

In addition to your rights to access, review, modify, and delete your Personal Data, if you are from the EEA, you may have broader rights to access and delete your Personal Data, to object to or restrict processing of your Personal Data, or request portability of your Personal Data, in accordance with the European and local GDPR legislation.

Duration of your rights

If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time, should you choose to do so. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

To make such requests, you can send an email to dataprotection@freelancecra.com or write to us at the mailing address in the “Contact Us” section below. We will consider and handle all requests in accordance with applicable laws.

You also have the right to complain to your local data protection supervisory authority at any time.

Unsubscribe from our mailing list

You may at any time ask us to remove you from our mailing list by sending us an email at dataprotection@freelancecra.com. We will remove you from our mailing list in accordance with applicable laws.

To request that your phone number be removed from future sales calls, please email dataprotection@freelancecra.com.

 

Sharing and disclosure of Personal Data

Sharing and disclosure of Personal Data (with third parties, sites or data sources)

FCRA provides staffing services to Clients, as well as to Service Providers in this business segment. With your consent, we may share your Personal Data with our trusted business partners based in Europe and out of Europe.

We may share your personal information with:

  • our advertising, marketing and promotional agencies to help us deliver and analyse the effectiveness of our advertising campaigns and promotions
  • third parties required to deliver a product or service to you, such as a delivery or postal service delivering a product that you have ordered
  • law enforcement or government authorities where they have followed due legal process to request us to disclose the information
  • third parties who wish to send you information about their products and services, but only if you have given us consent to do so
  • third party providers of services, such as data processing, to Unilever
  • web analytics tool providers, such as Google or Unica

If we do share your personal information with another Unilever Group company or with trusted third parties, we shall use our best efforts to ensure that they keep your information secure, take all reasonable steps to protect it from misuse and only use it in a manner consistent with our instructions, this Privacy Notice and applicable data protection laws and regulations.

We may also share your Personal Data with other companies, organisations or individuals in relation to the services we provide, ensuring that the disclosure of the Personal Data is only necessary to meet our legal requirements and obligations.

In each case when your Personal Data is shared with a third-party, we will inform you about the purpose for which your data will be used, with whom the data will be shared, how long it will be kept in our databases/ systems.

We may share and disclose your information we collect with the following third parties:

  • FCRA or any of its Service Providers within or outside of the EEA, consistent with this Notice for data processing, or signed agreements;
  • Business partners, contractors, vendors, and authorized third party agents, to:
  • Operate, deliver, improve and customize our Services
  • Provide support and technical services;
  • Send marketing and other communications related to business;
  • Enforce our policies;
  • Law enforcement agencies, regulatory or governmental bodies, or other third parties to respond to legal process, comply with any legal obligation; protect or defend our rights, interests or property or that of third parties; prevent or investigate wrongdoing in connection with the Website, Apps or our Services;
  • Any third parties in connection with prospective or actual, sale, merger, acquisition, financing or reorganization of our business

This Notice does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which our Website links, including but not limited to, social media sites. The inclusion of a link on the Website does not imply our endorsement of the linked site or service.

Exercising privacy rights by third parties

In general, when processing Personal Data to provide our Services, we do so only when legally or administratively required to do so, and on behalf of our Clients and Service providers in accordance with their instructions. This means that if you wish to access, review, modify or delete any Personal Data we process on behalf of a Client or Service Provider under applicable EEA law or otherwise, you should contact that Client or Service Provider with your request. We will then help them to fulfil that request in accordance with their instructions.

 

Data retention

Personal Data storage

We inform you that FCRA sees it as a legitimate interest of the potential and existing candidates, clients and FCRA to maintain Personal Data in our system from the moment a data subject gives Consent until this Consent is withdrawn, or for as long as there is a legal, contractual or administrative reason to store and process Personal Data. Data is deleted the moment Purpose limitation applies, or if it is no longer being stored according to our Legitimate interest.

For existing clients, we are often required to keep confidential and Personal Data on file for anywhere between 5 and 15 years, depending on the contractual agreement.

For further explanations of our legitimate business interests to store Personal Data for prolonged periods of time, please refer to the legitimate interest section.

Personal Data contained in legal and administrative documents

Personal Data contained in legal and administrative documents can be accessed, rectified and updated, but not transferred, erased, objected to, or restricted in processing. Contracts will be kept on file as long as FCRA is legally required to, or for as long as any clause of a contracts remains active or FCRA has a legitimate interest to save these contracts.

Data minimization of all other data

All other data will be processed as per GDPR´s intent of Data minimization.

GDPR states that when data is no longer needed for the purpose it was collected, it should be deleted, and that we shouldn’t keep hold of data on the off-chance that it may be useful in the future.

Therefore, FCRA will store data needed for its processes for as long as both FCRA and the data subject agree there is a legitimate interest in doing so, or for as long as FCRA is legally or administratively required to do so.

Our Integrated Management System describes business processes to continuously delete or update data that has become outdated or obsolete.

 

International data transfers

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, Personal Data collected in the European Economic Area (“EEA”) or the Rest of the World (“ROW”), may be transferred to and stored on third-party servers in the United States, Canada, Australia, United Kingdom (anticipating Brexit in 2019), Switzerland, and potentially in other countries where our third-party service providers and partners operate. These countries may have data protection laws that are different to the laws in your country or the EEA (and in some cases, may not be as protective). For our business processes we aim to contract third-party providers that are trusted and well-established, use reliable point-to-point encryption methods for data transfer, and that are GDPR compliant.

 

Changes to this Notice

If we change our Notice, we will post those changes on this page with 30 days’ notice in addition to updating the “Last Updated” date at the top of this webpage. If we make changes, we will notify you more directly, for example by posting a notification or message on the Website or by emailing you prior to such changes taking effect. We encourage you to review this Notice regularly to stay informed of the latest modifications.

Should we see a legitimate interest to use your Personal Data in a manner different from that stated at the time of collection your data, we will notify you, and you will have a choice as to whether we can use or process your Personal Data in such a way.

 

Contact us

 Given that our core activities consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a larger scale, we have assigned a Data Protection Officer.

If you have any questions, comments or concerns about how we handle your Personal Data, please please fill in the form (see: Personal Data Query Request Form) or send your clear request to FCRA’s Data Protection Officer (“DPO”)

Please remember that you have, amongst others, the following rights without explaining the reasons:

  • To request us to correct, update, or delete your Personal Data in our records.
  • To report any misuse of your Personal Data
  • To request not to be contacted by us in the future
  • To request to receive a copy of your Personal Data which we keep in our systems.
  • To request help from us in case of any other questions related to your Personal Data that we might hold in our systems.

Thank you for your attention.

Sincerely,

The Management Team of FCRA Network S.L.

 

error: Content is protected !!