Golder Associates is committed to complying with applicable laws, regulations and mandatory government standards regarding the protection of Personal Data (“Data Protection Laws”).
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party, other than Contractors, that collects or uses Personal Data under the instructions of, and solely for, Golder or to which Golder discloses Personal Data for use on Golder’s behalf.
“Contractor” is a third party that is under contract with Golder to provide specified services, products or other deliverables.
“Covered Person” is any individual whose Personal Data is collected, used, processed, shared or retained by Golder, including, without limitation, employees of Golder and individuals affiliated with Golder’s customers, and suppliers.
“Golder” means Golder Associates Corporation, its subsidiaries, affiliates, divisions and groups.
“Information Services” includes the combination of Golder owned or leased technologies and systems and the agents (its administrators and users including Golder employees, Customers and Third Party resources) using those technologies and systems to support Golder operations. Information Services include the collection, management, storage and retrieval/provision of information to agents.
“Personal Data” includes any personally identifiable information or data of or about a Covered Person that is the subject of protection under the Data Protection Laws, including, without limitation, a Covered Person’s social security number, phone numbers, residence addresses, financial information such as bank account information and credit card numbers and information that constitutes “Protected Health Information” as defined under The US Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns physical or mental health or condition, sexual life and/or orientation, or criminal history. In addition, Sensitive Personal Data shall include any information received from a third party where that third party treats and identifies the information as sensitive.
“Third Parties” are persons and entities other than Golder or Golder’s subsidiaries or affiliates.
4. GENERAL PRIVACY PRINCIPLES
This Policy is based on the following principles:
Where Golder collects Personal Data, it will inform Covered Persons about the purposes for which it collects and uses their Personal Data and the choices and means, if any, Golder offers Covered Persons for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when Covered Persons are first asked to provide Personal Data to Golder, or as soon as practicable thereafter, and in any event before Golder uses or discloses the Personal Data for a purpose other than that for which it was originally collected or discloses information to a Third Party that is not a Contractor or an Agent.
Where Golder receives Personal Data from its subsidiaries, affiliates or other entities, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Data relates.
Golder will offer Covered Persons the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a Third Party that is not an Agent or a Contractor, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Covered Persons.
For Sensitive Personal Data, Golder will give Covered Persons the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a Third Party that is not an Agent or Contractor or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Covered Person.
Golder will provide Covered Persons with reasonable mechanisms to exercise their choices.
4.3 Onward Transfer
Any Personal Data obtained for a business transaction may be processed by a third party service provider Contractor under the conditions set forth above.
4.4 Data Security
4.5 Data Integrity
Golder will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the Covered Person. Golder will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. Golder will only collect and store Personal Data where there is a business requirement to fulfil the purpose of the request and will retain such information no longer than appropriate to fulfil the purpose of the request.
Golder may contact a Covered Person to request that he or she update his or her Personal Data on a regular basis to ensure its integrity for the purposes of ongoing data management. Covered Persons also have the right on their own initiative to access, modify, supplement or update their Personal Data at any time. Covered Persons may also contact Golder to request access, modification, or deletion of Personal Data. Contact details are provided in Section 7 of this Policy.
Golder will internally assess compliance to this Policy as part of our self-audit process. Any Golder employee who violates this Policy may be subject to disciplinary action, up to and including dismissal and civil and/or criminal prosecution.
Any person that believes that his or her Personal Data has been processed in violation of this Policy may report the concern to Golder via our secure and confidential global compliance reporting process, which is available at https://golder.alertline.com. As part of this process, Golder will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy.
For complaints that cannot be resolved between Golder and the complainant, Golder will resolve the dispute according to local law; for example in Europe we are committed to cooperating with the European data protection authorities or their authorized representatives.
4.8 Limitations on Application of Principles
Adherence by Golder to these principles may be limited (a) to the extent required or permitted by law or legal process, such as to respond to or investigate a legal or ethical obligation or request or pursuant to court orders, subpoenas, interrogatories or similar directive carrying the force of law; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
5. EU-U.S. PRIVACY SHIELD
This Section 5 applies to Golder’s participation in and certification under the EU-U.S. Privacy Shield Framework (the “Privacy Shield Framework”) and governs Golder’s sharing of Personal Data of Covered Persons residing in the European Economic Area (“EEA”) with Golder entities operating in the United States (“Golder U.S. Entities”). The provisions of this Section 5 may cover data privacy concepts covered also in Section 4. In the event of an inconsistency between a provision in this Section 5 and a provision in Section 4, as it applies to Golder’s obligations under the Privacy Shield Framework, the provisions of this Section 5 shall govern.
5.1 Golder Privacy Shield Commitment
5.2 Type of Data Processed and Purposes for Processing
Golder shares Personal Data of Golder employees residing in the EEA (“Golder EEA Employee Information”) with Golder U.S. Entities for the purpose of facilitating Golder U.S. Entities’ management of the employment relationship of Golder’s EEA employees, including, without limitation, their compensation and benefits. Golder may sometimes collect or receive Personal Data from Golder’s actual and prospective customers/clients, suppliers and other third parties working with Golder, Golder may occasionally acquire or be provided such information (“Third Party Information”) and for purposes of managing third party business relationships or customer/client and prospective customer/client relationships, Golder may share such Third Party Information with Golder U.S. Entities. Environmental surveys conducted on behalf of Golder clients may contain Personal Data of EEA citizens.
5.3 Transfer of Personal Data to Certain Third Parties
Golder generally discloses Personal Data of EEA Covered Persons only to Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. The recipient Third Parties must agree to abide by confidentiality and data privacy and security obligations. Golder may provide such Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under Golder’s instructions. For example, Golder may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Golder and they must either: (i) comply with the Privacy Shield Principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data; or (ii) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy. Please be aware that Golder may be required to disclose a Covered Person’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Golder is liable for appropriate onward transfers of personal data to third parties.
5.4 Inquiries and Complaints
This provision supplements Section 4.7 (Enforcement). If you believe Golder maintains your personal data in one of the services within the scope of Golder’s Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to https://golder.alertline.com. Golder will respond to you within 45 days. If we fail to respond within that time, or if our response does not address your concern, you may contact TRUSTe, which provides an independent third-party dispute resolution body based in the United States. TRUSTe has committed to respond to complaints and to provide appropriate recourse at no cost to you. If neither Golder nor TRUSTe resolves your complaint, you can request binding arbitration through the Privacy Shield Panel. If you are a Golder employee and you are not satisfied with Golder’s response to your concerns with regard to the handling of any Golder EEA Employee Information, you are advised to contact the state or national data protection or labor authority in the jurisdiction where you reside. Golder commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
5.5 Your Rights to Access, to Limit Use and to Limit Disclosure
This provision supplements the rights provided to you in Section 4 of this Policy. You have the right to know what Personal Data about you is included in Golder’s databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Golder collected it. You may review your own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Golder policies. Upon reasonable request and as required by the Privacy Shield principles, Golder allows EEA Covered Persons access to their Personal Data, in order to correct or amend such data where inaccurate. EEA Covered Persons may limit the Personal Data that Golder maintains about them or request deletion of certain Personal Data by contacting Paul Beswick, Golder’s Global Chief Information Security Officer [email protected] or at the following phone number: + 44 115 937 1125. Golder will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.
5.6 U.S. Federal Trade Commission Enforcement
Golder’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Golder may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
6. PERSONAL INFORMATION OF USERS OF GOLDER WEBSITES AND ASSOCIATED INFORMATION SERVICES (EMPLOYEES AND THE PUBLIC)
Access to and use of:
- Any material on internet or intranet sites hosted by Golder;
- Sites hosted by third parties on behalf of Golder; and/or
- Information Services used for Golder business (including but not limited to Financial and HR systems, Customer Management systems and other online systems for the submission and retrieval of information) (hereinafter referred to as “Information Services”)
constitutes your acceptance of, and agreement to comply with, the provisions within this Policy. Submission of Personal Data to Golder, serves as consent for disclosures referred to in this Policy. If you disagree with this Policy or refuse to provide consent for the use of your Personal Data as referenced in this Policy, then you should not use Golder’s Information Services or provide Personal Data to Golder.
6.2 Use of Personal Data
- If during use of the Information Services, a form is completed or other information is submitted to Golder, Personal Data may be collected and used in order to:
- Respond to queries or requests;
- Process orders or applications;
- Administer or otherwise carry out our obligations in relation to an agreement ; and/or
- Maintain an internal mailing list for future communications.
From time to time Personal Data may be used for purposes other than as set out above, if it is Golder’s belief that these additional uses will be beneficial. However, Golder will not use Personal Data for the purposes set out below if a Covered Person, when initially submitting Personal Data to Golder, expressly instructed Golder not to use such Personal Data in such a manner.
Subject to the immediate preceding sentence, Personal Data may be used in the following additional ways:
- For example, to provide information relating to applications for jobs, seminars, etc.
- Marketing or research purposes. For example, to conduct market research or to disseminate information about products, services or promotions Golder may offer.
Legal requirements. Golder may be obligated by law to disclose Personal Data to certain authorities or other third parties. For example, Golder may disclose Personal Data to law enforcement agencies in the countries where Golder (or third parties acting on Golder’s behalf) operate. Golder may also disclose and otherwise process Personal Data in accordance with applicable law to defend Golder’s legitimate interests, for example, in civil or criminal legal proceedings.
6.3 Sensitive Personal Data
Golder does not seek any Sensitive Personal Data from users of Golder’s Information Services unless legally required to do so. Please do not provide Sensitive Personal Data outside of that which is required by law. However, if you provide Sensitive Personal Data, Golder considers that explicit consent to use that data in the ways described in this Policy or in the ways described when such information is disclosed.
6.4 Current Employees
The nature of Golder’s business and operations require the transfer of Personal Data to/between Golder operating companies, properties, centers of operations, data centers, or service providers that may be located internationally with different data protection laws in place than the Personal Data’s country of origin. If Personal Data is transferred in this way, Golder will take reasonable steps to protect such Personal Data. By submitting information (which may include Personal Data) to our Information Services, explicit consent is being given to these transfers.
Additionally, if Golder decides to sell, buy, merge or otherwise reorganize its businesses in certain countries, it may involve disclosure Personal Data to prospective or actual purchasers and their advisers, or receiving Personal Data from sellers and their advisers.
6.5 Prospective Employees
Personal Data submitted by candidates applying for a job at Golder may be used for reviewing applications to a specific open position and retained on file. In addition, such Personal Data and any additional information submitted or obtained otherwise in connection with a specific job posting may be transferred worldwide, where the data may be processed by a third party service provider in accordance with this Policy and laws that are applicable in each country.
6.6 Accuracy of Personal Data
It is Golder’s intent to keep Personal Data as accurate as reasonably possible. Details provided by users of Golder’s website or associated Information Services may be reviewed or changed at any time by logging in and making the appropriate modifications. If there are questions regarding the accuracy or processing of Personal Data, please refer to the Contact section of this Policy.
6.7 Email Analytics Software
Golder may from time to time use third party software products to assess the effectiveness of important email messages sent by senior Golder leadership to large groups of Golder employees. This software will enable Golder to determine, among other things: (i) if the email message was opened by the recipient; (ii) approximately how long it takes for Golder employees to open the email message; (iii) whether the email recipient clicked on certain URL links included in the email message; and (iv) whether the recipient accessed the email from a mobile or desktop device. The purpose of using this software is to make email a more efficient tool for communicating at Golder. Because Golder is only interested in using this software to monitor emails that go to large distribution lists (e.g, all staff global, all staff within a region), its use will be relatively limited.
7.1 Information Placed on Your Computer and Cookies
Some information (commonly known as a “cookie”) may be stored on a person’s computer when such person is looking at Golder’s internet facing Information Services. Golder is able to read these cookies for informational purposes when a person revisits Golder’s Information Services. The type of information collected as a result of a cookie being accepted is specific to an individual computer and includes the IP address, the date and time the PC visited the site, what parts of Golder’s websites were viewed, and whether the web pages relating to the related Information Services were delivered successfully when requested. This information is anonymous; it represents a computer rather than a person.
Cookie information is used to improve Golder’s knowledge of the use of our Information Services and to enable Golder to ascertain whether the Information Services are operating at an optimal level. This allows Golder to enhance its web offerings and to provide an enjoyable and an innovative online experience.
This information can be erased or blocked by changing the computer settings (please refer to help screens or manuals). If this information is erased or blocked, some features of the website or associated Information Services may not be accessed or utilized.
Golder does not seek, nor does it wish to obtain or receive, Personal Data directly from minors; however, the age of persons who access and use Golder Information Services cannot always be accurately determined. If a minor (as defined by applicable law) provides Golder with Personal Data without parental or guardian consent, Golder can be contacted to have this information removed and the minor unsubscribed from future Golder communications. Please refer to the Contact section of this Policy.
7.3 Links to/from Other Websites/Systems
Any linking to our Information Services, and any linking to internet pages within our Information Services or framing of content from our Information Services is prohibited without Golder’s prior written consent. Any reference on Golder’s Information Services to any product or service by trade name, trade-mark, hypertext link or otherwise is provided for convenience only and does not constitute or imply Golder’s endorsement or recommendation. To the extent Golder’s Information Services contain links to other websites, Golder does not control the availability or content of such websites, and such links do not signify that Golder endorses the websites. The use of any linked websites is at the user’s own risk.
Golder has implemented technology and policies with the objective of protecting a user’s privacy from unauthorised access and improper use and will update these measures as new technology becomes available, as appropriate.
Golder cannot and is not responsible for the privacy policies and practices of other websites even if:
- The third party web site was accessed using links from Golder’s Information Services; or
- Golder’s Information Services were linked from a third party site.
Golder recommends that the policy be checked of each website visited and that the owner or operator of such web site be contacted if you have any concerns or questions.
7.4 Feedback, Discussions Forums, and Notice Boards
If at any time Golder’s Information Services offer any discussion forums or notice board or feedback facilities, the information disclosed will be used in accordance with this Policy. Please note that Golder cannot and is not responsible for other parties’ use of the Personal Data which is made available to such third parties through any discussion forums or notice boards or feedback facilities via our Information Services. Please be careful about what Personal Data is disclosed in this way.
7.5 User Conduct
All users of Golder’s Information Services, including use any of the features and tools on within, (including Golder Extranet Workspace) agree not to post or otherwise submit any Information that either causes any harm to any person or that is illegal or otherwise unlawful, including without limitation any hateful, harassing, pornographic, morally offensive, racist, criminal, quasi-criminal, obscene, profane, defamatory, libelous, threatening, constitutes or may encourage conduct that would be considered a criminal offense, give rise to civil liability or otherwise violate any law or regulation. Without limiting the generality of the foregoing, all users agree that Golder’s Information Services are not to be used in any manner, including the submission, posting and uploading of Information, or to any extent, to do any of the following:
- Commit any criminal or quasi-criminal offense, including without limitation, any pornography, hate, assault, or economic crime whatsoever;
- Upload, post or otherwise submit any content that shall harm, injure, damage or detrimentally affect any person, whether by tort, negligence, defamation or injury to reputation;
- Defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others;
- Infringe, contravene, breach or otherwise interfere with or harm the rights of any other person, including without limitation, any contractual, personality, confidentiality, privacy, moral, statutory, common law or intellectual property rights;
- Falsify the origin or source of software, information or other material contained in a file that is uploaded;
- Harm minors in any way;
- Forge headers or otherwise manipulate identifiers in order to disguise the origin of any content transmitted through the Information Services or develop restricted or password-only access pages, or hidden pages or images (those not linked to from another accessible page);
- Upload, post or otherwise submit any content without the right to transmit such content under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
- Upload, post or otherwise submit any content that contains software viruses, network worms, Trojan horses, logic bombs, bugs, worms, destructive features or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment, including the Site;
- Interfere with or disrupt the content or servers or networks connected to the Information Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Information Services; or
- Promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades and other weapons, and creating “Crush” sites.
7.6 Intellectual Property Rights
Golder either owns the intellectual property rights in the underlying HTML, Java scripts, text, audio clips, video clips and other content that is made available to you via the Information Services (“Intellectual Property), or has obtained the permission of the owner of the Intellectual Property in such content to use the content in the Information Services. The display of trade-marks or trade-names within these Information Services does not convey or create any license or other rights in these marks or names. Any unauthorized use of them is strictly prohibited.
7.7 Limited License
Golder grants to users of its Information Services a limited license to display on individual computers, print, download and use the underlying HTML, text, audio clips, video clips and other content that is made available on Golder’s Information Services, for non-commercial, personal, or educational purposes only, provided that such content is not modified and any associated copyright notice(s) are included with and displayed on each copy of such content. No other use is permitted. Without limiting the generality of the foregoing, a user may not:
- Make any commercial use of such content;
- Include such content in or with any product that a user create or distribute; or
- Copy such content onto any website.
Notwithstanding the above, nothing contained in this license shall be construed as conferring any right under any copyright or any other person who owns the copyright in content provided on Golder’s website.
7.8 No Warranties
Unless otherwise stated, Golder does not warrant the quality, accuracy, completeness or suitability of any information on its Information Services. Such information is provided “as is” without representations, warranties or conditions of any kind, express or implied. Use of any information or materials on Golder’s Information Services is entirely at the user’s own risk. In no event shall Golder be liable for any damages whatsoever, including special, indirect or consequential damages, arising out of or in connection with the use or performance of information available via our Information Services.
7.9 Applicable Laws
The laws of the State of Georgia, U.S.A. shall govern use of these Information Services and the interpretation, validity and effect of this Policy, notwithstanding any conflict of laws, provisions or your domicile, residence or physical location. Except as otherwise provided in this Policy (for example, with respect to disputes over Golder’s compliance with the Privacy Shield Principles). Users of Golder’s Information Services are hereby consenting and submitting to the exclusive jurisdiction of the State Courts of Georgia (Dekalb County) and the United States District Court for the Northern District of Georgia in any action or proceeding related to our Information Services and agreeing not to commence any such action or proceeding except such courts.
8. CHANGES TO THIS POLICY
Although most changes are likely to be minor, Golder may change this Policy from time to time and in Golder’s sole discretion. Golder encourages visitors to frequently check this page for the most recent version of the Policy. If any substantial changes are made to this Policy and the way in which Personal Data is used, such changes will be posted here.
9. CONTACT INFORMATION
Any questions, comments, or concerns regarding this Policy should be directed to Golder’s Information Security Office by email to [email protected] or in writing to:
Paul Beswick | Global Chief Information Security Officer
Golder Associates Corporation
Browns Lane Business Park
NG12 5BL, UK