Privacy Policy

Privacy Policy

We believe in being transparent about how we handle your personal information. This Privacy Statement (“Statement”) explains how Eurasian Resources Group (ERG) (“ERG” “we”, “us”) handles the personal information of its employees, prospective employees and contractors, customers, vendors and other external parties. ERG adheres to strict data privacy laws such as the General Data Protection Regulation (Regulation (EU) 2016/679) as well as local laws in jurisdictions where ERG is operating.

This Statement explains in detail the types of personal data we may collect about you and what we do with this personal data. It further describes what measures we take to keep your personal data safe, as well as your rights in relation to the personal data we hold about you. Please see the definitions and glossary to understand the meaning of some of the terms used in this Statement.

Definitions

“Eurasian Resources Group” means Eurasian Resources Group S.à r.l. and includes all subsidiaries;

“Data Subject” means the individual to whom the personal data relates;

“Personal Data” means any information relating to an identified or identifiable natural person;

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Consent” of the data subject means any freely given, specific, informed – in certain cases explicit – and unambiguous indication of the data subject`s wishes by which (s)he by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating him or her;

“Legitimate interest” is one of the lawful base of processing by GDPR. It applies whenever the company uses personal data in a way that the data subject would expect.

“Privacy Statement” means a notice that needs to be provided to data subjects when we collect, use or distribute their personal data.

“Personal Data Breach” means a breach of security leading accidental of unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

“Data Privacy Officer” (DPO) or similar means an independent data protection expert, who is member of Group Compliance and responsible for monitoring ERG`s privacy compliance, informing it and advising on its data protection obligations, and acting as a contact point for data subjects and the relevant supervisory authority.

How Do We Use Your Personal Data?

We may process your personal information for legitimate business purposes to administer our employment, contractual or other relationship with you and to run our businesses. We may collect, use, transfer, and otherwise process your personal information through automated and/or paper-based data processing systems. We have established routine processing functions such as processing for regular payroll and benefits and supplier payments. We also process personal information on an occasional or ad hoc basis in the context of employment and vendor or customer requests for information concerning personal data or any requests from the data subject.

What Personal Data Do We Collect?

From employees, job applicants and contractors we may collect as minimum necessary data for managing human resources, including:

  • Information you provide us in relation to a job vacancy, for example, personal data you send us via CVs or automated online application forms;
  • immigration, right-to-work and residence status;
  • identity information;
  • emergency contact details and a limited amount of family information
  • agency details and hours administration

From website visitors we may collect as necessary data including:

  • in relation to your visit to our websites, we will log your internet protocol (IP) address so that it is recognised the next time you visit;

From visitors to our offices and mine sites we may collect personal data to protect our security, safety and legal obligations, including:

  • Images from closed circuit television (CCTV);
  • Name, which is linked to a temporary badge, and obtained directly from you
  • Fingerprints or other visual identification features if you connect to our Wi-Fi system: IP address, MAC address, device type, duration of connection, size of uploaded and downloaded data, access point (general location)

From customers, suppliers and other external parties we collect personal data, including:

  • Details of the transactions you carry out with us;
  • personal data that you send us;
  • personal data required to conclude a contract with you.

ERG also collects personal data in the course of complying with its legal obligations (for example, to comply with government requests and to undertake due diligence).

We limit our personal data collection and processing to the amount needed for the relevant processing purpose. If your data is to be processed for a different purpose we will inform you of that new purpose and ask your permission.

Legal bases for processing personal data

  • Contractual commitments: some of our personal data processing is to meet contractual obligations to data subjects, or to take steps at their request of entering into a contract with them.
  • Legitimate interest: In many cases we are processing your personal data on the ground of legitimate interest of the company, in ways that are not overridden by the interest or fundamental rights and freedoms of the affected individuals.
  • Consent: in certain cases, - where required or allowed by law – we might handle your personal data on the basis of your permission/consent.
  • Legal compliance: we need to process, thus disclose, your personal data in certain ways to comply with our legal obligations towards different authorities.

Why we process your personal data

ERG may process personal data for the following purposes:

  • To maintain its administrative and clients/suppliers relationships management systems, such as:
    • Contract drafting;
    • Invoicing and payment of invoices;
    • Communications and public relations;
    • Event organizations and surveys;
    • Quality reviews;
    • Customer due diligence procedure;
    • Human resources matters such as recruitment etc.
  • To apply third party diligence processes(including compliance sanctions, anti-money laundering, anti-bribery and counter terrorist financing)
  • To facilitate compliance with its legal, regulatory, professional, contractual obligations
  • To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentication, security and performance monitoring);
  • To manage and monitor the presence in the buildings, the use of equipment and the interactions of the data subjects (including the management of workspaces, parking, meeting rooms as well as the implementation and the monitoring of safety, health and hygiene measures, etc.);
  • To ensure its business continuity;
  • To manage risks and litigation;
  • To process the data subjects’ requests;
  • To manage its websites; and/or
  • For any other purpose expressly indicated to the data subject at the time of collection of his/her personal data.

To share personal data with third parties

Depending on the purposes above, and besides the data subjects themselves, we may share the personal data to the following categories of recipients:

  • Subcontractors, business partners, consultants and experts;
  • Processors and sub-processors such as IT suppliers (including system administrators, cloud service providers, hosting providers etc.);
  • Other ERG entities;
  • ERG`s external counsels, agents, recruiters and auditors;
  • Entities or individuals that have relationship with the data subjects (employers, relatives, counsels, business or potential business partners, etc.);
  • Supervisory bodies;
  • Public authorities.

International Transfers

We may transfer your personal information outside the country where you reside or work, including to countries that do not provide the same level of protection for your personal information as you may expect in your own country, where the following criteria are met:

  • Transfers and/or disclosures within ERG will be protected by an Inter-Group Agreement if it is necessary to share personal data outside of the jurisdiction where your personal data was first collected;
  • For transfers and/or disclosures outside ERG, the transfer or disclosure is protected by contractual data privacy clauses and/or any suitable agreement which contains the legal requirements for such transfer. This will include a privacy and security assessment of whether any transfers across national borders comply with applicable data privacy laws;
  • Where ERG has not adopted another legally sufficient adequacy mechanism, the Standard Contractual Clauses (SCCs), approved by the European Commission will be concluded;
  • The relevant data subjects have consented to the transfer or disclosure; or
  • The transfer and/or disclosure is otherwise required by local law or is expressly permitted under local data privacy laws, and that the relevant personal data originates in that jurisdiction.

In every case, we will inform you prior the cross-border transfer when, to where and for what purpose your personal data is sent.

We Secure Your Data:

We keep your data secure and protected against accidental, unauthorised or unlawful processing, including against loss and unauthorised access, destruction, misuse, modification or disclosure. This means we ensure that we have the appropriate technical, physical, and organisational measures in place for all stages of the personal data ‘life cycle.’ Data security obligations apply whether your personal data is stored in hard copy form (e.g., paper) or in electronic form (e.g., in databases). Access to your personal data is provided on a ‘need to know’ and `need to access` basis for parties outside and within ERG.

We require our business groups to immediately report any breaches in relation to your personal data to the ERG Data Privacy Officer for investigation.

We Limit Retention of Your Personal Data:

Your personal data is kept only for as long as necessary for the lawful purpose for which it is processed (as notified to the relevant individuals), or for the time required or permitted under local laws. After such time, records containing your personal data will be securely destroyed (as in the case of physical records) or permanently deleted (in the case of electronic records) in accordance with ERG’s Data Retention Schedule or as required by applicable local laws.

We Respect Your Rights:

We take reasonable steps to ensure that personal information is accurate, complete, and current. Please note that you have shared responsibility with regard to the accuracy of your personal information.
Additionally, you may:

  • request information about how your personal data is processed;
  • request access to your personal data;
  • seek erasure of your personal data;
  • ask for processing of your personal data to cease;
  • request for rectification, if your personal data is recorded incorrectly so that you can request human review of such decision, if necessary;
  • be notified or ask for restriction of your personal data processing under certain circumstances
  • make objection against your personal data processing under certain circumstances
  • be notified if a Group business has made a decision about you that is based on automated data processing alone, so that you can request human review of such decision, if necessary;
  • complain about processing; or
  • withdraw previously given consent regarding ERG’s processing of your personal data.

There are legal exceptions to the exercise of these rights, and ERG will review each request on a case by case basis, referring to the laws of the country where you are located. Your requests for exercising your rights should be referred to the ERG Data Protection Officer for your region, who can be contacted at: GDPR.Compliance@erg.net

Update

In order to comply with the applicable laws and to reflect adequately the way we process personal data, this privacy statement shall be updated from time to time.

Last updated on: 13.04.2022

We have a Privacy Statement and Cookie Statement to explain how we may collect and process your personal data and use cookies to provide you with a better and more personalised experience when browsing our website. To read our Cookie Statement, click here. The Privacy Statement is available here. If you click the box below, you accept the cookies.