POPI | GDPA
We believe in being transparent about how we handle your personal information. This Privacy Statement (“Statement”) explains how Eurasian Resources Group (ERG) (“ERG” “we”, “us”) handles the personal information of its employees, prospective employees and contractors, customers, vendors and other external parties. ERG adheres to strict data privacy laws such as the General Data Protection Regulation (Regulation (EU) 2016/679) as well as local laws in jurisdictions where ERG is operating.
This Statement explains in detail the types of personal data we may collect about you and what we do with this personal data. It further describes what measures we take to keep your personal data safe, as well as your rights in relation to the personal data we hold about you. Please see the definitions and glossary to understand the meaning of some of the terms used in this Statement.
“Eurasian Resources Group” means Eurasian Resources Group S.à r.l. and includes all subsidiaries;
“Data Subject” means the individual to whom the personal data relates;
“Personal Data” means any information relating to an identified or identifiable natural person;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Consent” of the data subject means any freely given, specific, informed – in certain cases explicit – and unambiguous indication of the data subject`s wishes by which (s)he by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating him or her;
“Legitimate interest” is one of the lawful base of processing by GDPR. It applies whenever the company uses personal data in a way that the data subject would expect.
“Privacy Statement” means a notice that needs to be provided to data subjects when we collect, use or distribute their personal data.
“Personal Data Breach” means a breach of security leading accidental of unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
“Data Privacy Officer” (DPO) or similar means an independent data protection expert, who is member of Group Compliance and responsible for monitoring ERG`s privacy compliance, informing it and advising on its data protection obligations, and acting as a contact point for data subjects and the relevant supervisory authority.
We may process your personal information for legitimate business purposes to administer our employment, contractual or other relationship with you and to run our businesses. We may collect, use, transfer, and otherwise process your personal information through automated and/or paper-based data processing systems. We have established routine processing functions such as processing for regular payroll and benefits and supplier payments. We also process personal information on an occasional or ad hoc basis in the context of employment and vendor or customer requests for information concerning personal data or any requests from the data subject.