GDPR Addendum (European & UK Users)
Last updated: November 9, 2023
Introduction
This addendum to TMS privacy policy applies to the processing of personal data when using our Platform within the Scope of the General Data Protection Regulation (GDPR). This is in particular the case if you are located within the European Economic Area (EEA) or the UK when participating in the Services.
Controller/Processor
Bellcastle Pty Ltd
139 Coronation Drive
Brisbane, QLD 4064 Australia
E: info@teammanagementsystems.com
Ph: +61 (0)7 3368 2333
EU Representative
PLANIT // LEGAL
Rechtsanwaltsgesellschaft mbH
Jungfernstieg 1 20095 Hamburg
Germany
E: mail@planit.legal
Ph: +49 (0)40 609 44 190
Processing Purpose and Justification
We process your personal data in order to provide the Services i.e. in order to process psychometric assessments and produce reports that aide you in your role and in interaction with your team. Please refer to the document above for a more detailed description of the processing operations. The lawful basis for us processing your personal data is contractual. You are paying us to process the personal data which you provide to us via our platform in order for you to receive our Services. Where you are based in the UK or EU and you request our Services directly (not via one of our distributors) then we explain to you that we are based in Australia so you are also required to provide us with express consent to the transfer of your personal data out of the UK or EU for us to provide our Services from Australia.
Data Recipients
Your personal data may be disclosed to persons within our group of entities and our service providers that are deployed to provide and operate the Services, to your Accredited Practitioner, to your employer’s Authorised Users in case it has engaged us for providing the Services to you, and other persons, e.g. external advisors etc. assigned by your employer for such purpose. Where required by law we may also disclose your personal data to other recipients including public authorities. We would disclose such activities as early as possible unless we are prevented to do so by law.
We operate a global IT-infrastructure to provide the Services globally. Therefore it is possible that your personal data is transferred to a third country within or outside the EEA or the UK. For extra EEA or UK data transfers we have place the means to ensure adequate protection of your personal data at the recipients end. These in particular include the EU Standard Contractual Clauses and additional safeguards as required under the respective ECJ jurisdiction.
Data Subject Rights
As a data subject, you have the right to confirmation as to whether or not we process your personal data the right to access personal data, the right to rectification of incorrect personal data, the right to claim deletion and restriction of the processing, the right to object to the processing of your personal data and to withdraw consent. Whether and to which extent these rights are in place and enforceable is subject to statutory regulations. You also have the right to contact the competent data protection authority.
Requirement to Provide Personal Data
You are neither required to provide any personal data nor to participate in the Services. In case you refuse to do so, you will not or not fully be able to participate in the Service. There would be no other consequences.
No Automated Decision-Making (including Profiling)
We do not process your personal data for the purpose of automated decision making (including profiling) under Art. 22 (1) and (4) GDPR.
We would hope that any query will be effectively resolved by us further to your notification however you always have the right to lodge a complaint with the relevant supervisory authority for data protection issues.
In Australia : The Office of the Australian Information Commissioner (OAIC) www.oaic.gov.au
In the EEA : The EU Data Protection Authority in your member state https://edpb.europa.eu/about-edpb/about-edpb/members_en
In the UK : Information Commissioner's Office (ICO) ico.org.uk