Need-to-know is the default…

  • Within the company: only those individuals within our company or the third parties listed under the ‘With Whom’ column of the At-a-Glance table can see or access your Personal Data, and they only Process the specific data they need to fulfil their tasks. We have implemented internal measures to enforce this need-to-know access and to ensure those who do Process it do so on our instructions and under a duty of confidentiality
  • With our service providers and vendors: we do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit Processors to Process your Personal Data for specified purposes and in accordance with our instructions. We minimise how much of your Personal Data needs to be transferred to ensure this objective is met

Wherever we Process your Personal Data jointly with another Controller (Joint Controller), we establish clear lines of accountability to ensure your rights are respected and our obligations are met, and we adhere to the principles and approach we mentioned earlier to minimise how much Personal Data we use.

In all cases, we require third parties to respect the security of your Personal Data and to treat it in accordance with DP Law through binding contracts.