One of CTG’s core functions is to take responsibility for the Duty of Care for all staff (which includes employees, consultants, local and international staff). This means being extremely well-informed of any risks, communicating risks, mitigating risks as far as possible and, finally, responding swiftly and appropriately in the event of any incidents. We consider that the work CTG carries out for the humanitarian community is highly important, but nothing comes before the safety of our staff.
CTG’s HR software is called Tayo. Tayo’s safety module provides security coverage to users who are employed to provide humanitarian services worldwide, especially in challenging environments where safety and security-related risk factors can adversely impact those who are involved. Tayo mobile app acts as an emergency communications tool that can be a lifeline during an emergency. Tayo adheres to and upholds CTG’s Data Protection Policy. It is consistently aligned with the privacy concerns of its users to ensure that personal sensitive information is absolutely protected and used only for the purpose of mitigating risks affecting user safety and security when on official missions.
PROCESSING OF PERSONAL DATA
CTG/Tayo may process personal data belonging to anyone who has expressed an interest in or made contact with CTG/Tayo, or one of its companies; these may include (but are not restricted to) the following interested parties (often referred to as ‘you’) – employees, contractors, consultants, directors, beneficiary owners, recruitment candidates, clients, and suppliers.
The data which CTG/Tayo (or its related companies) process depends upon the nature of the relationship with the interested party concerned but is likely to include (but is not restricted to) the following:
- Personal and Contact Details: Title, Name, Address, Telephone and Electronic contact details (examples are:
- Email address, Skype, Facebook, WhatsApp, Twitter, Linked-in)
- Date of Birth and Gender
- Passport details plus Nationality and citizenship
- Relationship or marital status
- Next of Kin (NOK) details
- Financial information (such as bank, tax and insurance details)
- Medical data including psychometric test results
- Criminal record checks (for example, CRB)
- CV with employment, experience, education and qualifications records – with appropriate verifications, including details of references and referees plus information provided by them.
- Marketing engagements and surveys
- Records of communications with interested parties
- Information provided by you through our website, Facebook or LinkedIn accounts and CTG’s/Tayo’s recruitment and
- HR management portal
WHY IS THIS DATA PROCESSED?
The overarching purpose for processing personal data is to facilitate, manage and, whenever possible, enhance the services provided by CTG/Tayo to our interested parties. More specifically the reasons vary, again dependent upon the nature of your relationship with us, but include (not restricted to) the following:
- To enable us to fulfil contractual requirements
- To ensure that recruitment process is efficient and provides appropriately qualified staff in terms of aptitude and attitude
- To ensure that you are properly insured, paid correctly, and that your NOK can be informed in the event of an incident.
- To meet requirements of public interest and management standards
- Compliance with legal and regulatory obligations
- To manage marketing information effectively
- To facilitate swift responses to the above
WHAT IS THE LEGAL BASIS FOR CTG/TAYO PROCESSING PERSONAL DATA?
- Under data protection laws applicable to CTG/Tayo there are several lawful reasons for processing data and those that apply to CTG/Tayo are:
- Consent: because you have given your consent (if we expressly ask for consent to process your personal data, for a specific purpose).
- Contractual: the processing of your personal data is necessary for the performance of a contract with you or to take steps at your request to enter into a contract.
- Legal Obligation: the processing of your personal data is necessary for us to comply with our legal and regulatory obligations.
- To protect your vital interests
- To meet or protect public interests
- Employment obligations: where applicable or in case of any processing of sensitive data, the processing is necessary for the purposes of carrying out our obligations prescribed by law in the area of employment.
- Legitimate interest: The processing is necessary for our legitimate interests. Using your personal information helps us to provide our services and to improve and minimise any disruption to the services we provide. We also have a legitimate interest in sending you information on the services we believe will be of interest to you.
The data, which CTG/Tayo and its component companies process is deemed to be the minimum necessary and is justified by one or more of the aforementioned legal criteria.
HOW DOES CTG/TAYO SOURCE DATA?
There are three main ways in which CTG/Tayo sources personal data, all are legal, transparent and fair:
- Information You Give Us: Information which you give us when completing registration forms and the recruitment process, requested through our due diligence procedure or during our ongoing contact with you.
- Information We Collect: CTG/Tayo collects information about you from our website, social media accounts, email and telephone contacts plus our due diligence procedures.
- Third Parties: We may collect information from third parties – in particular, we may use third party organisations to conduct background checks and verifications. Additionally, we may use the web and social media sources, all of which are publicly available and strictly open source.
STORAGE OF PERSONAL DATA
The vast majority of personal data that is processed by CTG/Tayo is stored electronically, predominantly in cloud-based systems, which are protected through encryption (both when static and in transit). Access is carefully managed and restricted appropriately. Any data that is held on servers or on hard drives is subject to restricted access and most of it is encrypted. Any hard copies of processed data are held in secure cabinets with restricted access. It must be noted that information received over the internet or from personal emails may not always be secure; CTG/Tayo is not liable for corrupted information received from such sources.
All personal data shall be stored, for the minimum time necessary, which will vary but can be defined as follows:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us
- Retention periods in line with legal and regulatory requirements and guidance.
USE AND DISCLOSURE OF YOUR PERSONAL DATA
In certain circumstances, we shall share your personal data with:
- Other Entities with Chelsea Group.
- Selected third parties with whom we work – for example, clients or potential clients, insurers, solicitors, travel agents, sub-contractors, accountants, government departments and agencies and external IT and data providers and centres.
- Where a Chelsea Group entity or third party is based outside the country in which you are residing, we would only transfer data outside that country where appropriate safeguards were in place or restrict the information being given. Such safeguards may include: entering into written contracts with the entity or third party that is based in a country that does not provide an adequate level of data protection.
- Any Chelsea Group entity or third party that you consent to giving your information to for marketing purposes (such consent will be sought prior to our sharing this data)
- Legal Requirement. Any other third parties where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system. How to reject cookies: If you do not want to receive cookies that are not strictly necessary to perform basic features of our site, you may choose to opt-out by changing your browser settings. Most web browsers will accept cookies but, if you would rather we did not collect data in this way, you can choose to accept all or some or reject cookies in your browser’s privacy settings. However, rejecting all cookies means that you may not be able to take full advantage of all our website’s features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. For more information, generally on cookies, including how to disable them, please refer to www.aboutcookies.org . You will also find details on how to delete cookies from your computer.
Geolocation data in Tayo is used only for the purpose of staff safety and security. The geolocation function in Tayo needs to be allowed by the user accessing the app and is disabled by default if not granted access. Geolocation only collects data when the user enables this feature and allows access to their location data. When enabled, the device geolocation (GPS) data is stored even when the app is closed. This is done in the background. We use this information to provide you location-based functionality within the service, such as locating you or providing assistance to you in critical situations, or to notify you of local safety security information. Only authoriSed dashboard users can view your location information with a responsibility to uphold data privacy and as authorised by your organisation. The location information may be shared with emergency services in case of an emergency to provide assistance to you.
In addition to geolocation data, we collect contact information, such as your name, phone number, and email address, which may be required to contact you in case of an emergency. This information is collected only for the purpose of providing emergency assistance and is not shared with any third parties unless required by law.
Device and usage Information that may include information specific to your mobile device (e.g., model, operating system, device name). This helps with maintenance, improvements, and new feature development. Data from your device that excludes any personal data is shared with the Firebase analytics service provided by Google, which helps us analyze and improve our mobile app for you. It is used to monitor and provide information about app crashes. Like many applications, we collect log data. This information may contain information that is specific to your device as well as date and time information. We use this data to diagnose issues and analySe the performance of our service. This data is deleted in accordance with our data retention policy.
Interested parties may have the following rights under applicable data protection laws and CTG/Tayo fully respects them:
- To be informed about the processing of your personal data
- To have your personal data corrected if it is inaccurate and to have incomplete information completed
- To object to processing of your personal data
- To restrict processing of your personal data
- To have your personal data erased (right to be forgotten)
- To request access to your personal data and to obtain information about how we process it
- The right to move, copy or transfer your personal data (data portability)
- In relation to automated decision making, which has a legal effect or otherwise significantly affect you
- To complain to the relevant data regulator in the country in which you reside.
Please note that there may be occasions where you object to, or ask us to restrict, or stop, processing of your personal data, or erase it, but we shall be unable to comply with such requests for legal reasons. To exercise any of these rights, or if you have any other questions about our us of your information, please email email@example.com and cc GDPR@chelseagroupworldwide.com
CHANGES TO THE POLICY