SHL Website Privacy Statement
Data privacy is important to the SHL Group, which includes SHL Global Management Limited and its affiliates (“SHL”, “we” or “us”). This Web Privacy Statement (“Web Privacy Statement”) describes the personal information we collect about you as a visitor to our websites such as www.shl.com, or other SHL websites that link to this Web Privacy Statement (“Sites”), how we use it, who we share it with and describes your choices regarding certain types of processing. If you have any questions regarding this Web Privacy Statement, contact us at email@example.com or see the “Contact Us” section at the end of this Web Privacy Statement.
By visiting our Sites or providing us with your personal information, you consent to the collection, processing, and storage of your personal information as described in this Web Privacy Statement.
What does this Web Privacy Statement do?
This Web Privacy Statement explains SHL Group’s information processing practices. It applies to any personal information you provide to SHL Group and any personal information we collect from other sources. This Web Privacy Statement is a statement of our practices and of your rights regarding your personal information. This is not a contractual document, and it does not create any rights or obligations on either party, beyond those which already exist under data protection laws.
This Web Privacy Statement does not apply to your use of a third party site linked through the Sites.
Who is responsible for your information?
Throughout this Statement, “SHL Group” refers to SHL Global Management Limited, including its affiliated companies and subsidiaries. The SHL Group entity responsible for your personal information (and the controller for the purposes of data protection laws) will be the member of SHL Group that originally collects information from or about you. This may also be explained in separate privacy notices made available when your personal information is first collected by that SHL Group entity, for example where you or the company you work for engages us to provide a service.
Some of the services which SHL Group provides to its customers are provided as a processor, which means that the customer remains primarily responsible for your information. In these circumstances, we may re-direct a query about our use of your information to our customer.
When and how do we collect your information?
We collect personal information in the following ways:
- When you request a service from us. For example, if you contact us as a representative of your employer to enquire about a product or professional service you would like us to offer to your company.
- When you register with or use any of our Sites.
- When you attend an SHL site or event. You may provide this information directly, or it may be provided by your employer or colleagues.
- When you apply for a position with SHL. You may provide this information directly (through an online recruitment portal, careers site or via correspondence), or it may be provided via an agency.
- If you contact us with a complaint or query.
- When you engage with us over social media.
- When you or your employer are interested in becoming a business partner with SHL.
- When we perform services for our customers.
What information do we collect?
Information you provide to us
We ask that you provide accurate and necessary information that enables us to respond to your request. When a visitor provides us with personal information, we use it for the purposes that it was provided to us for. The purpose will be as stated at the point of collection, or as necessary from the context of the collection, e.g. creating a profile on a Site, applying for a position SHL or requesting other information from us.
Information we collect from customers or third parties
Our services and products include cloud-based Talent Assessment systems, professional and consulting services, managed services and customer and technical support. Personal information collected through SHL Group’s Talent Assessment systems (available here) and end user support site (available here) are governed by the terms of the separate privacy notices or policies referenced at such sites.
As part of providing customers with technical support, we may collect information such as your name, contact details, geographic location and technical information, for example, information required to log a support ticket.
We will not collect any sensitive information through our Sites unless this is required by our customers. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature unless we specifically request this information.
If you provide us with sensitive personal information, you understand and give your explicit consent that we may collect, use and disclose this information to appropriate third parties for the purposes described in this Web Privacy Statement. If you provide personal information about other individuals, such as employees, you must obtain their consent prior to your disclosure to us.
Information we collect over the Sites, social media and mobile
We may ask you for some or all of the following types of information when you register for events, request services, manage accounts, access various content and features or directly visit our Sites. This includes, but is not limited to:
- Contact information, such as name, e-mail address, postal address, phone number and mobile number;
- User name, password, password reminder questions and password answers;
- Communication preferences, such as which emails, notices and newsletters you would like to receive;
- Search queries;
- Contact information about others when you refer a friend to a particular site or service (note: this information is used solely to facilitate requested communications); and
- Information posted in discussions and other interactive online features.
You can engage with us through social media websites or through features such as plug-ins or applications on the Sites that integrate with social media sites. You may also choose to link your account with us to third party social media sites. When you link your account or engage with us on or through third party social media sites, plug-ins, or applications, you may allow us to have ongoing access to certain information from your social media account (e.g., name, e-mail address, photo, gender, birthday or the posts or ‘likes’ you make).
If you post information when you interact with our Sites through social media sites, plug-ins or other applications, depending on your privacy settings, this information may become public on the Internet. You can control what information you share through privacy settings available on some social media sites.
If you access our Sites on your mobile telephone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device’s operating system, mobile carrier and your location information. We may also ask you to consent to providing your mobile phone number (for example, so that we can send you push notifications).
How do we use your personal information?
The following is a summary of the purposes for which we use personal information. More information about the personal information collected from customers and the end users of our services, together with the purpose and legal basis for collecting the information, is provided in separate privacy notices relevant to those services.
Contacting and marketing our current and prospective customers and business partners
We process personal information about our customers, business partners and the individual representatives of each in order to:
- Contact our customers and business partners in relation to current, future and proposed engagements;
- Send our customers and business partners newsletters, know-how, promotional material and other marketing communications;
- Invite our customers and business partners to events (and arrange and administer those events).
Performing services for our customers
We process personal information which our customers and business partners provide to us in order to perform consultancy, professional services and customer and technical support. This may impact the purposes for which your personal information is processed and will be determined by the scope and specification of our engagement with our customer, applicable laws, regulatory guidance and professional standards. It is the obligation of our customer to ensure that you understand that your personal information will be disclosed to SHL Group.
- Provide you access to our Sites, products and services;
- Provide information and services as requested by you;
- Process orders for products and services;
- Provide information and services as requested by our customers;
- Understand and assess customers’ and business partners’ ongoing needs and offer products and services to meet those needs;
- Conduct data analysis by combining personal information we collect to develop aggregate analysis and business intelligence for our business and marketing purposes;
- Execute monitoring and training and providing related materials;
- Develop new products and services;
- Market products and services (subject to appropriate consent);
- Displaying customer testimonials that may contain personal information such as names, company name and job title, and
- Conduct processing necessary to fulfill other contractual obligations for our customer.
If we wish to use your personal information for a purpose that is not compatible with the purpose for which it was collected, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.
All processing (i.e. use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that:
- The processing is necessary for the performance of a contract to which you or your employer are a party, or to take steps (at your request) to enter into a contract for our products and services;
- The processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators); or
- The processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our customers to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data, or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- Your explicit consent;
- The establishment, exercise or defense by us or third parties of legal claims; or
- A context specific exemption provided for under local laws of EU Member States and other countries implementing the General Data Protection Regulation.
Information from children
Our Sites contain business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect personal information (as defined by the Children’s Online Privacy Protection Act) from or about individuals under the age of 18 years.
How long do we retain your personal information?
How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information for the period necessary to fulfil the purposes described in this Web Privacy Statement unless a longer retention period is requested by our clients or permitted by law in accordance with our retention policies.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Do we disclose your personal information?
Within SHL Group
We may share your personal information with other SHL Group entities, brands, divisions, and subsidiaries to assist you, including with the activities listed above.
We do not sell or otherwise disclose personal information about our online visitors with unaffiliated third parties for their own marketing use. We do not share your personal information with third parties except in the circumstances described below.
We disclose personal information to business partners who provide certain specialized services to us, or who co-operate with us on projects. These business partners operate as separate controllers and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices. Examples include providing information to resellers so they may contact you about our products and services and business partners that co-host marketing and similar events.
Authorized Service Providers
We may disclose your information to service providers we have retained (as processors) to perform services on our behalf (either in relation to services performed for our customers, or information which SHL Group uses for its own purposes, such as marketing). These service providers are contractually restricted from using or disclosing the information except as necessary to perform services on our behalf, or to comply with legal requirements. These activities could include any of the processing activities that we carry out as described in the above ‘How we use your personal information’ section.
- IT service providers who manage our IT and back office systems and telecommunications networks;
- Marketing automation providers;
- Customer relationship management providers;
These third parties appropriately safeguard your data, and their activities are limited to the purposes for which your information was provided.
Legal Requirements and Business Transfers
We may disclose personal information: (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant or other legal request, (ii) in response to law enforcement authority or other government official requests, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iv) in connection with an investigation of suspected or actual illegal activity or (v) in the event that SHL Group (in whole or in part) is subject to a merger or acquisition to the new owner of the business. Disclosure may also be required for company audits or to investigate a complaint or security threat.
Do we transfer your personal information across geographies?
We are a global organization and may transfer certain personal information across geographical borders to SHL Group entities, authorized service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based locally or they may be overseas some of which have not been determined by the European Commission to have an adequate level of data protection.
When we do, we use a variety of legal mechanisms to ensure your rights and protections travel with your information:
- We ensure transfers within SHL Group are covered by agreements based on the EU Commission’s standard contractual clauses, which contractually oblige each member to ensure that personal information receives an adequate and consistent level of protection wherever it resides within SHL Group;
- SHL US LLC is certified to the EU-U.S. Privacy Shield Frameworks. More information can be found here;
- Where we transfer your personal information outside SHL Group or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU-US Privacy Shield for the protection of personal information transferred from within the EU to the United States, or the standard contractual clauses; or
- Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
Examples of countries we transfer personal information to include, but are not limited to, the United States, the United Kingdom, Canada, Australia, China and India.
If you require further information about whether your information will be disclosed to overseas recipients, please contact us in the manner provided below. You also have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments, which may be redacted for reasons of commercial confidentiality) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Do we have security measures in place to protect your information?
The security of your personal information is important to us and SHL Group has reasonable physical, technical and administrative security standards in place to protect personal information from loss, misuse, alteration or destruction. We protect your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.
Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.
What choices do you have about your personal information?
We offer certain choices about how we communicate with our customers and their employees and what personal information we obtain about them and share with others. When you provide us with personal details, if we intend to use those details for marketing purposes, we will, for example, provide you with the option of whether you wish to receive promotional e-mail, SMS messages, telephone calls and postal mail from us. At any time, you may opt out from receiving interest-based advertising from us by contacting us.
You may also choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing e-mails or contacting us as detailed below.
How can you update your communication preferences?
We take reasonable steps to provide you with communication about your information. You can update your communication preferences in the following ways.
If you have created a profile or account on one of our Sites, you can update your contact information after you log into your account.
If you request electronic communications, such as an e-newsletter, you will be able to unsubscribe at any time by following the instructions included in the communication.
If you previously chose to receive push notifications on your mobile device from us but no longer wish to receive them, you can manage your preferences either through your device or the application settings. If you no longer wish to have any information collected by a mobile application, you may uninstall the application by using the uninstall process available on your mobile device.
Contact us by e-mail or postal address as detailed below. Please include your current contact information, the information you are interested in accessing and your requested changes.
If we are unable to provide you with access, we will provide you with the reason for this and inform you of any exceptions relied upon.
Do Not Track
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Without a common industry or legal standard for interpreting DNT signals, SHL Group does not respond to browser DNT signals. We will continue to monitor further development of a DNT standard by the privacy community and industry.
Other rights regarding your data
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have right to access personal information which SHL Group holds about you. If we hold this information on behalf of our customers then we require their consent in order to provide you with any such access.
Right to Rectification
You have a right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, permitted by the company that it may have been collected on behalf of and we have no other legal ground for processing the information.
Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on: (i) consent; or (ii) the performance of a contract to which you or your employer (as controller) are a party.
Right to Object to Processing
You have the right to object the processing of your personal information at any time, but only where that processing has our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Decline Automated Decision Making
You have the right to not be subject to decisions based solely on automated decision making, which produce legal or significant effects for you, except where these are: (i) necessary for a contract to which you or your employer (as controller) are a party; (ii) authorized by law; (iii) based on your explicit consent.
Even where such decisions are permitted, you can contest the decision and require SHL Group (or other relevant parties) to exercise human intervention.
We currently do not use automated decision making (including automated decision making using profiling) when processing your personal information. If we ever use an automated decision making solution, you have a right to request that a decision based off your personal information cannot be solely decided via an automated process.
As noted above, you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of your privacy rights or this Web Privacy Statement, please contact our Global Data Protection Officer: firstname.lastname@example.org. Alternatively, you have the right to contact your local Data Protection Authority.
If you have any questions relating to this Web Privacy Statement, please contact us at email@example.com or:
SHL Global Management Limited
Attn: Global Data Protection Officer
The Pavilion, 1 Atwell Place
Thames Ditton, England KT7 0NE, UK
Changes to this Web Privacy Statement
We reserve the right to change or update this Web Privacy Statement at any time. Changes to the Web Privacy Statement will be posted on this website and links to the Web Privacy Statement will indicate that the statement has been changed or updated. We encourage you to periodically review this Web Privacy Statement for any changes. Your continued use of our Sites following such posts or notices will signal your acceptance of such changes.
Last Updated: May 25, 2018