>

California consumer privacy notice for vendors

Date Last Updated: 07/06/2023

  1. ABOUT THIS PRIVACY NOTICE
    1. During the course of our activities we, Gain Theory, will process personal information (which may be held on paper, electronically, or otherwise) about our Vendors (third party companies providing products or services to Gain Theory) and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to personal information we collect from our vendors who are residents of the State of California.
    2. This Notice also serves as our “Notice at Collection” under the CPRA.
    3. This Notice may be amended at any time, for which we do not require vendor approval.
    4. If we process your information through our website, please review our website privacy policy.
  2. DATA PROTECTION PRINCIPLES
    1. We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include:
      (a) Lawfulness, fairness and transparency.
      (b) Purpose limitation.
      (c) Data minimization.
      (d) Data accuracy.
      (e) Storage limitation.
      (f) Integrity and confidentiality.
      (g) Accountability.
    2. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying or using the data in any way.
  3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT
    1. We may collect the following categories of personal information for the purposes explained below:
      • Personal identifiers: such as your name, address, phone number, email, signature, and company bank details.
      • Characteristics of protected classifications under California or federal law: such as your name, signature, address, telephone number, commercial information, or tendencies, company bank account number or other company financial information.
      • Sensory data: such as video or audio information relating to your interview or CCTV footage as monitored by our security cameras in the facilities we operate.
      • Internet or other electronic activity information: such as information regarding your interaction with our systems and servers.
      • Inferences taken from other personal information, including information to create a profile: information inferred from information gathered sources to create your profile e.g., this could refer to things like your company profile or job title.
    2. We may also collect notes linked to procurement, information obtained from our vendor background screening or any other information you provide when engaging with us.
  4. SOURCES OF PERSONAL INFORMATION
    1. We will collect personal information directly from you during our engagement with you or when you otherwise contact us.
    2. We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:
      • Publicly accessible sources (company website, companies house, other web sources);
      • Pre-vendor screening and background check vendors; and
      • Other sources as directed by you for example, PowerPoints, one pagers etc .
    3.  If you are an existing vendor, we may also collect information from you during the course of our contract with Gain Theory. This may include information we collect from through our engagement with you, your interaction with operating systems or servers, or other sources directly related to our relationship.
  5. BUSINESS PURPOSES FOR COLLECTING PERSONAL INFORMATION
    We process the categories of personal information listed above for the following purposes:

    • Managing our relationship: we use your personal information to process data of representatives or contacts of our vendors who are legal entities to manage our relationship and communicate with you.
    • Making decisions about our vendors: we use your personal information to make decisions about procuring goods and services (e.g., determining payment or the terms of our contractual agreement(s) etc). In cases where our vendor is a legal person, we use your personal information to keep our vendor updated throughout our relationship. Moreover, we use your personal information to assess your status as a new or existing vendor and keep you updated throughout
    • Upholding our commercial interests: we use your personal information to uphold our company’s economic interests and ensuring compliance and reporting (such as adhering to our policies, local legislation and managing allegations of fraud or misconduct). In cases where our vendor is a natural person, we use your personal information to investigate and prevent fraud or misconduct and to protect our economic interests.
    • To manage your visit to our offices: we use your personal information for purposes required by law e.g., to comply with fire safety regulations.
    • To keep you informed: we use your personal information to keep you informed of news, updates and other information related to our business and that of other companies in our group.
    • Conducting prior screening and background checks: we use your personal information to undertake screening and background checks.
    • Equal opportunities legislation: we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
    • Complying with legislation: we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.
  6. DISCLOSURE OF PERSONAL INFORMATION
    We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:

      • Affiliates and subsidiaries: we may share your personal information with our affiliates and subsidiaries.
      • Service providers: we may share your personal information with service providers (these could include vendors who undertake screening services or background checks and finance vendors).
      • Professional service firms: we may share your personal information with advisors such as auditors or legal counsel.
      • Persons involved with business acquisitions or mergers: we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
      • Government: we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.
  7. PURPOSE LIMITATION
    We will only process your personal data for the specific purpose or purposes notified to you.
  8. DATA MINIMIZATION
    Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.
  9. DATA ACCURACY
    We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
  10. STORAGE LIMITATION
    We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.
  11. DATA SECURITY
    1. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
    2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures.
    3. Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.
  12. YOUR RIGHTS
    The CPRA provides you with certain rights in relation to your personal information. These rights include:

    • The right to know: You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collect or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
    • The right to delete: You have the right to delete the personal information we have processed about you.
    • The right to correct: You have the right to correct or amend the personal information we have on file about you that may be incorrect.
    • The right to non-discrimination: You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against.

    The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law.

    Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name, or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity.

    Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.

  13. CONTACT AND QUERIES
    We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA.Should you have any queries regarding this notice or processing of personal information by Gain Theory please contact us by email at dpo@gaintheory.com or by telephone at +1 844 785 8586.