Ensuring privacy, control & security of data is paramount
Protecting both our data and the data of those we work with is our number one priority
If, how & why we collect, store, use and share information including corporate & personal data should be explained, transparent and entirely approved by the owner of the data
We are guided and always adhere global regulatory policies and laws
POLICY
CLARITY is committed to respecting and protecting the privacy of individuals and keeping Personal Information secure by complying with applicable data protection, privacy and information security laws and regulations.
This Policy describes CLARITY’s methods regarding the necessary collection, use, disclosure, and safeguarding of Personal Information for business related purposes. CLARITY shall protect Personal Information and ensure that such information remains secure and available.
SCOPE
This Policy applies to all CLARITY lines and departments globally, including all corporate office locations, lines of business, shared services and operational business units. It also applies to independently operated subsidiaries.
DEFINITIONS
1. Personal Information
Any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual regardless of any attributes or status of such individual.
2. Sensitive Personal Information
A subset of Personal Information, which due to its nature has been classified by law, contract, or by CLARITY policy as requiring additional privacy protections and Enhanced Safeguarding.
Examples of Sensitive Personal Information may include:
-
(i) government-issued identification numbers,
-
(ii) financial account numbers (including payment card information and Cardholder Data, as defined by the Payment Card Industry Data Security Standard),
-
(iii) individual medical records (including Protected Health Information, 45 CFR § 160.103) and biometric information,
-
(iv) data obtained from a consumer reporting agency (including employee background investigation reports, credit reports, and credit scores),
-
(v) data elements revealing race, ethnicity, national origin, religion, trade union membership, sex life or sexual orientation, and criminal records or allegations of crimes, and
-
(vi) any other Personal Information designated by CBRE as Sensitive Personal Information.
3. Enhanced Safeguarding
The implementation of more stringent physical, technical, and administrative measures against the risk of inadvertent or unauthorized disclosure of Sensitive Personal Information than the safeguards generally required because the inadvertent or unauthorized disclosure of Sensitive Personal Information may create a risk of substantial harm to the individual (for example, identity theft or financial fraud).
4. Privacy Officer
The individual appointed by the CLARITY for the oversight of CLARITY’s Global Privacy Program
GOVERNANCE
-
The Privacy Officer is responsible for the oversight of this Policy, the enterprise strategy to address operational and information privacy management risk, and the support of compliance with all applicable data protection, privacy and information security laws and regulations.
-
Each individual business line and department is responsible for following this Policy in order to address its specific activities involving the collection, use, disclosure and safeguarding of Personal Information
COLLECTION
-
CLARITY may collect Personal Information for business related purposes, which may include providing customer service, managing the services we provide to clients, complying with legal requirements, payment processing, and for marketing our products and services.
-
If required by contract, CLARITY policy, or applicable law or regulations, CLARITY shall obtain consent to collect Sensitive Personal Information.
-
CLARITY may collect Personal Information from publicly available sources, including, but not limited to, public internet websites and databases, public or government sources, and news or open source reporting.
USE
-
CLARITY may use and process Personal Information for providing information on products and services, promoting and marketing products and services, and for statistical and research purposes.
-
Any use or processing of Personal Information to generate de-identified, statistical, summary, or aggregated information shall be deemed an allowable use compliant with this Policy; provided that such information cannot be used to identify any individual.
-
CLARITY shall retain Personal Information only for as long as necessary to fulfil the business related purposes described in this Policy or as may be required by applicable laws or regulations. In addition, such retention of Personal Information shall be consistent with CLARITY policies regarding the storage of business records.
DISCLOSURE
CLARITY may disclose Personal Information to outside organizations, including CLARITY’s affiliates, partners or other third parties that provide CLARITY with various outsourced business functions, including, but not limited to, employee benefits administrators or credit card vendors.
-
i) When CLARITY discloses Personal Information to a third party, it is authorized to use and further disclose the related Personal Information only as necessary to provide their services to CLARITY or as required by law.
-
ii) CLARITY shall take appropriate actions to ensure that a third party protects Personal Information that CLARITY discloses to it.
-
iii) CLARITY may disclose Personal Information when required by applicable law or regulation, as well as when CLARITY has reason to believe that disclosure is necessary to protect CLARITY’s rights, protect the safety of individuals or others, investigate fraud or other criminal activity, or respond to a government request.
SAFEGUARDS
-
CLARITY shall collect, use, maintain, disclose (internally and externally), and destroy Personal Information in a manner that reasonably limits the risk of loss, theft, misuse, or unauthorized access.
-
CLARITY shall appropriately dispose of Personal Information upon expiration of required retention periods or when no longer needed for the business related purposes.
FURTHER GUIDANCE
Any exceptions and interpretations of this Policy should be submitted to the Privacy Officer. The Privacy Officer is responsible for interpreting any portions of this Policy as they may apply to specific situations.