Pearl Group (Pearl) is a European corporation, with legal entities, business processes, management structures and technical systems that cross borders. Pearl delivers software and services to private and public businesses (Customers) in Europe. Pearl's head office is located in Lysaker and the Pearl Group is subject to European privacy legislation, including the General Data Protection Regulation (GDPR).
All major decisions regarding privacy in Pearl are made at a corporate level.
This Privacy Statement is available on our Pearlgroup.no home page and at the bottom of every Pearl website.
SCOPE AND ACCEPTANCE
This Privacy Statement applies to all business processes in Pearl and to all Pearl websites, domains, mobile solutions, cloud services and communities as well as Pearl branded websites (Pearl Sites). Service specific appendices will be found in the Terms of Service, data processing agreements or equivalent information for the specific service in question.
The Privacy Statement provides information about data processing carried out by Pearl when Pearl determines the purpose and means of the processing (Pearl act as data controller). It also provides information on data processing Pearl do on behalf of our Customers based on their instructions (the Customer as data controller and Pearl as data processor).
Personal data is information that can identify you as a person, such as an email address, street address or phone number etc. Processing your personal data is necessary for us to serve our Customers. Please do not use Pearl Sites or our services if you do not agree with how we process personal data according to this Privacy Statement.
WHOSE DATA WE PROCESS
Pearl process personal data about job seekers and contact persons or software users tied to our Customers. In addition we process personal data about persons representing potential Customers (leads) that approach us via Pearl Sites or other channels. Our statement in these regards is to be found in the data controller section.
We also process data on behalf of our Customers of which the Customer controls. Our statement in these regards is to be found in the data processor section.
In this Privacy Statement data subjects may also be referred to as persons or you.
PEARL AS A DATA CONTROLLER
When a Pearl subsidiary determines the purpose and means of processing your personal data, this company act as data controller. This includes scenarios where Pearl collects personal data in the context of you being a job seeker, you being a representative for a Customer or Lead, or when you are a software user.
WHY WE PROCESS YOUR PERSONAL DATA
About Customer contacts and software users:
To manage our Customer relations in general and to meet our Customer commitments, Pearl needs information about you in your role as Customer contact person or user of a service.
The purposes of processing this personal data are:
1. Execute sales and contract process to Customers
2. Provide requested offers on products and services to Customers
3. Perform deliveries in accordance with agreements made with you or Customers
4. Offer support to users of our products and services
5. Improve and develop the quality, functionality and user experience of our products, services and Pearl Sites
6. Detect, mitigate and prevent security threats and perform maintenance and debugging
7. Prevent abuse of our products and services
8. Process orders, invoicing, payments and other financial follow-up
9. Create interest profiles in order to promote relevant products and services
10. Operate user communities to educate and enable interaction between users and Pearl
The legal ground for processing personal data according to the above-listed purposes in numbers 1) to 10) is mainly because Pearl has a legitimate interest in processing your personal data from a business perspective in a manner that we believe do not conflict with your privacy rights or freedoms. The legal ground for processing personal data according to the purpose listed in number 10) is your consent.
Pearl process personal data about Leads for marketing purposes. In order to provide targeted and relevant content to potential Customers, Pearl builds an interest profile based on your movement, choices and actions on Pearl Sites as well as your response to marketing content per email. The legal grounds for such processing is mainly your consent.
You can read more about how we create such profiles, how you can adjust the profile as well as withdraw your consent in the sections below.
If you are a jobseeker, we process personal data in order to evaluate your potential to become a Pearl employee. The legal grounds for such processing is your consent.
HOW WE COLLECT YOUR PERSONAL DATA
In general, Pearl collects personal data directly from you or other persons linked to our Customer. These persons may be a manager or colleague. If the Customer you work for purchases Pearl products or services, we may collect information about you.
In some cases, we may also collect information about you from other sources. These sources may be third-party data aggregators, Pearl's marketing partners, public sources or third-party social networks. Pearl will be able to combine personal data about you obtained from one source with data obtained from another source. This gives us a complete picture of you, which also gives us the possibility of serving you in a more relevant way with a greater degree of personalization.
Automatic data collection tools
Pearl uses different digital tracking technologies to collect information about your movements on Pearl Sites and when interacting with us.
Cookies and pixel tags
Pixel tags are scripts that executes when a user lands on a website or opens an email. The pixel itself is not visible and can only be seen in the HTML of the site or email. It calls an application on a server that will cause a third party cookie to be downloaded to your computer or registers that the email has been opened.
If you would like to know more about cookies and how they work, please visit www.allaboutcookies.org
Google cookies and technologies
Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be traced back to individuals. This will help to protect your privacy. Using Google Analytics we can see what content is popular on our websites, and strive to give you more of the things you enjoy reading and watching.
Google Analytics Re-marketing: Places cookies on your computer which means that after you leave our website, Google can show you advertisements about Pearl that you might be interested in, based on your previous behavior on our website. This information is not personally identifiable.
Google AdWords: By using Google AdWords code, we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget. This information is not personally identifiable.
Google Adwords Re-marketing: Places cookies on your computer which means that after you leave our website Google can show you advertisements about Pearl that you might be interested in, based on your previous behavior on our website. This information is not personally identifiable.
You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at http://tools.google.com/dlpage/gaoptout
Facebook Re-marketing: the Facebook pixel tag places cookies on your computer which can send an alert back to Facebook telling Facebook that you have checked out the website. We then assume that you have an interest for Pearl and the content on this site. When visiting Facebook, you will then be exposed to information or adds with similar content.
Please use your privacy settings on Facebook to limit exposure to marketing of this kind.
WHAT PERSONAL DATA WE ACCESS
The type of personal data that Pearl process about you may be:
- Basic contact details such as name, address, telephone number and email
- Demographic Information such as date of birth, age and gender
- Employment information such as employer, title, position including preferences and interests in professional context
- Feedback, comments or questions about Pearl or concerning our products and services
- Photos or video of you recorded at our premises
- Content you have uploaded such as photos and video
- Unique user information such as login ID, username, password and security questions
- Financial information such as credit card information
- Traffic information as provided by your web browser such as browser type, device, language and the address of the website from which you arrived and other traffic information such as IP address
- Clickstream behavior and movement on Pearl Sites and in our products and services
- Email behavior such as which emails from Pearl you open when and how
- Other personal data contained in your profile that you have freely given away on third party social networks such as LinkedIn etc.
As data controller, Pearl does not process sensitive personal data about you.
HOW WE SHARE YOUR PERSONAL DATA
Within the Pearl Group
As Pearl consists of different subsidiaries, there is a great likelihood that a Customer will conduct business with more than one Pearl company. It is important to us that we provide the best possible customer service and overall experience. In order to maintain a complete overview and insight into which Customers and contact persons have relations with the various companies within the Pearl Group, we will therefore share your personal data among our subsidiaries.
Outside Pearl Group
Pearl may also share your personal data with external third parties in the following contexts:
1. Pearl user communities
If you make a post, comment or similar on Pearls user communities or other forums on Pearl Sites, such information can be read and used by anyone with access to such forums and used for purposes over which neither Pearl nor you have control. Pearl is not responsible for any information you submit on such forums or Pearl Sites. Pearl will not post any comment, testimonial or similar made by you without your prior consent.
2. Business partners
Pearl may share your personal information with our partners in the event this is legitimate from a business perspective and according to applicable privacy legislation. For example, if you purchase a product or service on behalf of your employer that Pearl provides through one of our partners (ex. SAP or Amazon Web Services). In this regard, Pearl and our partner may share personal data in order to be able to provide the product or service to the Customer.
3. Public Authorities
The police and other authorities may demand the handover of personal information from Pearl. In these cases, Pearl will only hand over the data if there is a court order etc. to do so.
4. Mergers & Acquisitions
In connection with mergers, acquisitions or divestiture of all or parts of Pearl's business, the acquiring entity, as well as its consultants, will obtain access to data managed by the Pearl entity/entities involved and this may in some cases include personal data. In such cases, external parties will enter into a NDA with Pearl.
Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from Pearl and may do so by either:
1. Following the instructions for opt-out in the relevant marketing communication
2. Change preferences under the relevant edit account section if you have an account with Pearl
3. Contacting us via e-mail on email@example.com
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Pearl, such as order confirmations and notifications necessary to manage your account or the services provided to Customers.
You have the right to access your personal data by requesting an overview of the personal data we process about you and you may have a right to data portability. You also have the right to request that Pearls corrects inaccuracies in your personal data. If you have an account with Pearl for a Pearl Site, this can usually be done through the appropriate "your account" or "your profile" sections on the applicable Pearl Site or service.
Further, you have a right to request deletion of personal data, and to restrict or object to our processing of your personal data according to this Privacy Statement or other service specific terms.
Please use firstname.lastname@example.org
to file all requests as mentioned in this section.
Finally, you also have a right to file a complaint with the data protection authorities with regards to our processing of your personal data.
DATA SECURITY AND RETETION
How we keep your personal data secure
Pearl takes the trust you and our Customers place in us very seriously. Pearl is committed to preventing unauthorized access, disclosure or other deviant processing of personal data. Pearl shall ensure the confidentiality of personal data we process, maintain the personal data integrity and secure its availability according to applicable privacy legislation.
As part of our commitments, we utilize reasonable and appropriate organizational, technical and physical procedures and measures to safeguard the information we collect and process, taking into account the type of personal data and risk posed to you and our Customers upon breach. Since root causes for privacy breaches are most likely to be found internally, we believe that building a strong corporate culture where respect for and awareness around privacy among our employees are fundamental to ensure lawful processing and protection of your data
The following measures are of particular importance in this regard:
- The Data Protection responsible governing lawfulness of processing and privacy policies for Pearl Group
- A lawyer can be appointed acting as advisor and controller in privacy matters
- Mandatory procedures for keeping records of processing activities and assessing risks for data subjects applies to all Pearl subsidiaries
- Data processing agreements with subcontractors that process data on behalf of Pearl
- Personal data is transferred and stored in secure and redundant operating environments that are only accessible to Pearl employees and subcontractors on a need-to-know basis
- Software users are required to verify their identity (e.g. login ID and password) before they can access or make changes to their account.
- Premises protected by access control
HOW LONG WE STORE YOUR PERSONAL DATA
Pearl will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
This means that Pearl may retain your personal data for a reasonable period after you and our Customer's last interaction with us. When the personal data that we collected is no longer required we erase it. We may process data for statistical purposes, but in such cases, data will be pseudonymized or anonymized.
PEARL AS A DATA PROCESSOR
Pearl provides many different services to our Customers. Most of our services involves processing of the Customers' data, hereunder their personal data. The purposes of processing is determined by our Customers not by Pearl. Making the Customer the data controller. Pearl do in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. The relation between the Customer as data controller and Pearl as data processor shall be regulated by a data processing agreement.