Who we are
Our website address is: http://globalsustainyearbook.org.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
General Global Sustain Personal Data Protection Policy
- INTRODUCTION – SCOPE
- EUROPEAN GENERAL DATA PROTECTION REGULATION (GDPR) (EU) 2016/679
The General Data Protection Regulation (CIS – (EU) 2016/679) includes a single, streamlined and more stringent compliance framework for the protection of personal data in the European Union, based mainly on the principle of accountability, but also on individual authorities. The purpose of the European Regulation is to lay down the conditions for the processing of personal data to protect the rights and freedoms of individuals, in particular the right to the protection of personal data.
3. GLOBAL SUSTAIN ACTIVITY
The Global Sustain Group of companies was established in 2006, with legal entities today in the United Kingdom (Global Sustain Ltd), Germany (Global Sustain GmbH) and Greece (Global Sustain SA). It also maintains affiliates in Brussels, Zurich, Nicosia and New York. The company offers innovative services on issues related to sustainability, corporate responsibility, green economy, responsible investment, business ethics, excellence, transparency, human rights and accountability. Its members include corporations, non-governmental and non-profit organizations, municipalities and local authorities, academic institutions, media, trade unions and other public and private entities.
4. TERMS AND CONDITIONS OF GLOBAL SUSTAIN WEBSITE USE
The terms and conditions of use of the Global Sustain websites are posted on the website at the address http://www.globalsustain.org/en/terms.
5. CLAUSES IN GLOBAL SUSTAIN CONTRACTS AND AGREEMENTS WITH CLIENTS, SUPPLIERS AND OTHER PARTNERS
Regarding the fulfillment of the obligations arising from the Global Sustain contracts with its customers, Global Sustain may receive information related to certain employees who work or cooperate with the Companies (including but not limited to information of staff of the Company, customers and associates) who may be linked to personal data. On these personal data, the following apply: a) each Company -client of Global Sustain is the controller and Global Sustain is the processor, b) Global Sustain, as the processor, will comply with the obligations under the relevant legislation concerning the protection of personal data and commits not to take any action that will constitute breach of privacy legislation from each company’s part and c) Global Sustain guarantees that the Contractors, its employees and / or agents that have access to personal data for fulfilling contractual obligations will receive the Personal Data and treat them according to the law on personal data protection. If Global Sustain provides the respective Company with personal data, it warrants that it has the right to provide them regarding the provision of services and that the personal data are processed in accordance with the applicable law. The Company may process personal data in accordance with the applicable laws of the various jurisdictions in which the Company operates.
6.INTERNAL CODE OF CONDUCT FOR PERSONNEL
All staff (employees) of the Global Sustain Group have signed and are bound by principles and provisions of the internal Code of Conduct, which includes, among other things, provisions on the use of personal data. An abstract from the Code is given below in relation to these terms. «…When handling financial and personal information about customers or others with whom Global Sustain has dealings, observe the following principles: i. Collect, use, and retain only the personal information necessary for Global Sustain business. Whenever possible, obtain any relevant information directly from the person concerned. Use only reputable and reliable sources to supplement this information. ii. Retain information only for as long as necessary or as required by law. Protect the physical security of this information. iii. Limit internal access to personal information to those who are seeking that information for a legitimate business reason. Use personal information only for the purposes for which it was originally obtained. Obtain the consent of the person concerned before externally disclosing any personal information, unless legal process or contractual obligation provides otherwise. iv. Comply with relevant confidentiality and / or non-disclosure agreements…»
7.BRIEFING AND STAFF TRAINING ON PERSONAL DATA
Employees of the Global Sustain Group are briefed and trained, when required, for GDPR provision and for the collection and use of personal data, through seminars, webinars as well as workshops. The Company itself organizes and supports, through its specialized partners, informative events for the GDPR and for personal data and maintains a file for its employees’ education and update.
8.INTERNAL AND EXTERNAL ELECTRONIC COMUNICATION/MAIL POLICY
All staff (employees) of the Global Sustain Group are bound by principles and provisions of Internal and External Electronic Communication / Mail Policy with customers and stakeholders, where part of this communication may contain personal data. The following is a section of this Policy regarding these terms. «…All emails sent from or received at globalsustain.org server email accounts are considered Global Sustain property and asset and contain valuable information that maybe confidential and subject to disclosure under law. Therefore, it is expected that all employees and associates treat, store, and keep records of their globalsustain.org server email accounts according to corporate policy. Whenever requested, all globalsustain.org server email account users must be able to retrieve emails and relevant information (i.e. attachments) within reasonable course and time (no later than 24 hours) and provide them to persons or entities that have a right to know (i.e. Global Sustain management, clients, partners, legal representatives, etc.). Global Sustain shall provide sufficient means and infrastructure of keeping record and back up of emails for this purpose (i.e. personal computers, filling systems and storage, cloud-based applications, etc.) …»
9. DEFINITION OF PERSONAL DATA BASED ON ACTIVITY – COLLECTION TYPES – TYPES OF PERSONAL DATA (FROM CLIENTS, PARTNERS, PERSONNEL AND OTHER PARTNERS)
The Company has developed the website www.globalsustain.org to provide communication, networking and marketing services to individuals, companies, organizations or agencies. For this purpose, the Company has developed three (3) online directories: Sustainability, Non-Governmental Organizations (NGOs) and Social Organizations, available on the Company’s Web site (www.globalsustain.org). The Client assigns to the Company and the latter accepts a) the provision of services for the communications of the Client’s activity on the website maintained by the Company on the Internet; and b) the recording of the Customer’s data and activities in the electronic directories developed by the Company, information to be provided by the Customer. Global Sustain collects, stores and processes personal data of customers, employees, suppliers, other partners required to fulfill contractual agreements. Global Sustain, as part of its customer service promotion services on its website and based on its contractual obligations, uses name, position, professional contact information, education (when available). Also, photos of individuals are used in: Websites (globalsustain.org, sustainabilityforum.gr sustainabilityforum.de, globalsustainyearbook.org), special editions of the Company, (e.g. Yearbook) under relevant contracts, Social Media, Forms (Global Sustain Annual Group Report and Promotional Material) presentations and annual customer reviews. The Customer grants the Company all the material that wishes to display in textual form (articles, press releases, corporate announcements, presentations, annual reports, executives’ interviews and speeches, etc.) or static/dynamic images (logo, photographic material) and / or multimedia files (video, recordings) able to renew this during the contract. Global Sustain may require the Customer to send this material as an electronic file, setting limits on its size. Under a contractual obligation, Global Sustain proceeds to registration and communicates the Customer activities through the creation and management of a Customer’s microsite on the website www.globalsustain.org containing the following: Corporate Logo, Name, Address (Display and Google Map), Phone, Fax, Email / URL, Address / Department Manager, Corporate Profile, Social Profile, Other Desired Profile, Picture Archive and Video. The Company also maintains the following data which may contain personal data: (a) the Global Sustain Human Resources Department, a detailed file for each employee in the framework of labor law provisions and an annual employee performance assessment. (b) Database with e-mail addresses for the newsletter sent by the Company to any interested party. It is noted that all recipients have provided a written consent for receiving the newsletter maintained in a separate file / database. The personal data collected include: email address, name, surname, organization, job title, country.
10.REGISTRATION / STORAGE OF PERSONAL DATA – MEANS OF REGISTRATION – DATA CLEARANCE – PREVENTIVE MEASURES FOR DATA BREACH
Global Sustain ensures that any personal data is collected for a specific and legitimate purpose, as well as to serve the company’s business purposes based on contractual obligations. Only necessary and accurate information is collected and updated if possible. The information is maintained for as long as it is required and processed in such a way as to ensure its safety. Any individual or legal entity has the option to opt in / opt out and revoke its consent at any time. Regarding the personal data transmitted, when a job seekers’ CV is concerned, the minimum necessary processing of personal data takes place as long as it is necessary for the assessment of the CV and only if it corresponds to the specific job opening. Once the position is filled, the CV data will be stored by Global Sustain for future use / evaluation purposes in case of future jobs in Global Sustain. Unless consent has been received, CV data, after a relevant job opening is filled, is deleted unless Global Sustain is legally entitled or required to maintain it. Global Sustain has adopted and maintains measures to avoid and prevent personal data breach. All personal data is kept in a database maintained by the Company in cloud-based services that ensure the highest level of security at a global level. Global Sustain may retain personal data necessary for its activity and the achievement of its purposes and for historical records in electronic media. From time to time, Global Sustain may delete these data, and any individual may request the deletion of these data for a specific reason at any given time.
11. PROCESSING/MODIFICATION OF PERSONAL DATA NOTIFICATION / TRANSMISSION TO THIRD PARTIES
As part of the clients/members’ networking, Global Sustain usually sends the participants’ lists of events (such as the Brunch, Sustainability Forum, Stakeholder Panels) that it organizes with its customer network. These lists include the name, job title, the company that the participant is employed, email and business phone number. Again, there is consensus on the processing and dissemination of this data, as this is covered by relevant Global Sustain contractual obligations to its customers. The Company never transfers (commercial or not) personal data without consent.
12. RIGHTS OF ACCESS AND OBJECTION
All those who have a legitimate interest in the activities of Global Sustain have the right to: (a) know whether personal data concerning them are or have been processed by Global Sustain and (b) at any time raise objections to the processing of the data concerning them, expressly including the possibility of requesting the deletion of personal data. For any rights of access and objection to the processing of personal data, anyone may contact firstname.lastname@example.org, or write to Global Sustain at: United Kingdom Address: 10 John Street, London WC1N 2EB, Germany Address: FriedrichStr. 191, 10117 Berlin, Greece Addrees: 35 Antiopis, 17343 Agios Dimitrios, Athens, Attica.
13. DATA PROTECTION OFFICER
A key provision in the European Regulation is the definition of a Data Protection Officer (DPO), if and when required. This obligation applies to organisations whose main activity is the systematic monitoring of individuals on a large scale, or the processing of specific categories of personal data (which the former regime referred to as sensitive personal data) on a large scale. The role of the Data Protection Officer is primarily advisory and supportive. Taking into account the risk associated with the processing operations, the nature, scope, context and purposes of the processing, the protection officer must inform and advise the controller or the data processor and the employees for the undertaking on the new data protection legislation, as well as monitor compliance with the Regulation in order to minimize the risk of breach, resulting in high fines. The appointment of a DPO is a tool for Global Sustain since, having the role of mediator in addition, it can also assist in the accountability and communication with the Supervisory Competent Authority and consult with it when required. Global Sustain has entrusted the compliance and supervision of data protection policy, along with DPO duties to its Financial Department.