Crayon protects your Personal Data and has internal Information Security rules, processes and controls in place to protect your Personal Data. Our Information Security is based on a thorough evaluation of the risks involved taking into consideration the categories of Personal Data and the types of Data Processing in question.
Location of your Personal Data:
Crayon Group operates in over 20 countries within and outside the European Union (EU) and European Economic Area (EEA). As a result, your personal data may be subject to international transfers.
Despite the limitations of the geographical scope of the General Data Protection Regulation (GDPR), we apply the same standards and principles governing data protection to every employee, contractor, consultant and agency staff employee working for any of our subsidiaries worldwide.
To ensure a consistent high level of protection, we have put in place our corporate binding rules. To request a copy of our corporate binding rules, please contact our DPO on the Contact Details listed on the top of this page.
Access to your Personal Data:
The confidentiality and integrity of data stored on our IT systems are protected by controls to ensure only authorized employees have access to those capabilities required for their duties. All employees have signed a confidentiality agreement.
We may distribute your Personal Data to any member of Crayon Group, i.e. any of our subsidiaries, if it is necessary and reasonable for the purposes set out in this Privacy Notice. We have Binding Corporate Rules in place to ensure all the same consistent level of protection. To request a copy of our corporate binding rules, please contact our DPO on the Contact Details listed here.
We do not disclose your personal data to any third parties, public or private without your prior consent, unless we are obligated to by EU or national law, or it is necessary to protect the vital interests of you or any other natural person that we process personal data concerning.
Protection of our Personal Data:
Crayon protects your Personal Data and has internal Information Security rules, process and controls in place to protect your Personal Data. Our Information Security is based on a thorough evaluation of the risks involved taking into consideration the categories of Personal Data and the types of Data Processing in question.
We have put in place technical and organizational security measures to ensure that protect your Personal Data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Additionally, we ensure that only authorized persons gain access to your Personal Data. To prevent data loss, we continuously back up all data.
In the event of a data breach, we will notify the relevant supervisory authorities. If the data breach entails any risk for you, we will notify you immediately.
Our Data Retention Policy:
Your personal data is stored only for as long as it is necessary for to fulfil the purpose for which the personal data was obtained.
In cases where it is not possible for us to specify in advance the specific data retention periods, we will determine the period of retention based on an individual evaluation of the necessity and relevance for the purposes specified in Section 3.
If you wish to have your personal data erased, please refer to section 6 below on your right to erasure.
Legal Obligations:
Notwithstanding the other provisions of this Section 5, we may retain your personal data where such it is necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of another natural person.