Global Infrastructure Solutions Inc.
Supplemental EEA+ Privacy Statement
We address this Supplemental EEA+ Privacy Notice to you if you are located in the European Economic Area (EEA), United Kingdom (UK) or Switzerland (collectively EEA+). This Supplemental EEA+ Privacy Notice should be read in conjunction with the GISI Website Privacy Notice.
If you are located in the EEA, the EU General Data Protection Regulation may apply to the processing of your personal data. If you are located in the UK, the UK General Data Protection Regulation may apply to the processing of your personal data. If you are located in the EEA or UK, references to the “GDPR” below are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the provisions of the Swiss Federal Data Protection Act (the “FDPA”) may apply to you, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
A. Who Is the Data Controller?
Your personal data is controlled by GISI, 660 Newport Center Drive, Suite 940, Newport Beach, CA 92660, USA, whose representative pursuant to the GDPR is GISI Asia Holdings Limited (Ireland), 10 Earlsfort Terrace, Dublin 2, Dublin D02 T380, Ireland.
B. What Are the Legal Bases for Processing?
To the extent required by applicable law, we collect and process personal data of individuals located in the EEA+ only where there exists a legal basis for doing so. Such legal bases are as follows:
- It is in accordance with your consent, per Art. 6(1)(a) of the GDPR.
- It is necessary for us to perform a contract with you, including our website terms and conditions, or take steps at your request prior to entering into a contract including to manage our job application process, per Art. 6(1)(b) of the GDPR.
- It is necessary to comply with our legal obligations, per Art. 6(1)(c), such as if we are required by law to disclose personal data to law enforcement agencies or governmental authorities.
- It is necessary for us or third parties to pursue legitimate interests that are not outweighed by your privacy and other fundamental interests, per Art. 6(1)(f) of the GDPR. Those legitimate interests are to provide you and other users of our services and products with a good and safe experience, administer and enforce our contractual and legal rights, develop new services and products that we can offer to you and others, manage our business operations and relationships with you and third parties, and to manage our job application process, exercise our legal rights or defend legal claims, to give effect to a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider.
C. On What Basis Do We Transfer Personal Data Across Borders?
GISI is headquartered in the United States and is governed by United States law. Your personal data will be transferred to, stored, and processed in the United States. Any transfer outside the EEA, Switzerland, Andorra, Argentina, non-public organizations in Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan (for the EEA and UK), Jersey, New Zealand, the UK, or the Republic of Korea (for the EEA and UK) (or any other country deemed “adequate” by the European Commission, UK authorities, or under Swiss laws, as applicable) will be safeguarded by appropriate safeguards including by concluding contractual measures based on approved standard contractual clauses.
D. Do You Have to Provide Personal Data?
There is no law or contract stating that individuals in the EEA+ have to use our services or products or apply for a job with us. We will try to tell you what personal data we need from you to provide certain services or products or a certain level of quality of services or products to you. In those cases, if you do not provide the personal data that we request from you, we will not be able to provide you with the services or products, or level of quality of services or products, that you request from us.
E How Long do we Retain Personal Data?
Your personal data will be retained for as long as necessary to provide you with the services requested. When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your information, including personal data, to comply with statutory retention periods e.g. for tax purposes for a legally prescribed time period thereafter, or if we need it to preserve evidence within statutes of limitation.
F. Your Rights
Under applicable law, you may have the following rights in relation to your personal data. These may be limited under applicable data protection law.
(i) Right to request from us access to personal data: You have the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients. You have the right to obtain a copy of the personal data undergoing processing. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
(ii) Right to rectification: You have the right to obtain from us rectification of inaccurate or incomplete personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to erasure of your personal data (right to be forgotten): You have the right to ask us to erase personal data concerning you.
(iv) Right to restriction of processing: In limited circumstances, you have the right to request that we restrict processing of your personal data.
(v) Right to data portability: You may have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that personal data to another entity without hindrance from us.
(vi) Right to object: Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, by us and we can be required to no longer process your personal data.
Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. In this case your personal data will no longer be processed for such purposes by us.
You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:
- EEA: https://edpb.europa.eu/about-edpb/board/members_en
- United Kingdom: https://ico.org.uk/global/contact-us/
- Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
You can exercise your rights by emailing privacy@GISI.com or sending postal mail to:
GISI Legal Department
660 Newport Center Drive, Suite 940
Newport Beach, CA 92660, USA