FacilityLync Global Privacy & Confidentiality Policy

Statement of Policy

FacilityLync Corp.) is committed to respecting and protecting all information entrusted to us in the course of our business. This includes individuals’ privacy as well as client confidentiality. The Global Client/Third Party Privacy & Confidentiality Policy (“Policy”) describes FacilityLync’s methods regarding the collection, processing, storage, and safeguarding of Confidential and Personal Information for business-related purposes.

General Scope of Policy

This Policy is applicable to all of the Company’s directors, officers, partners, employees, temporary employees hired through agencies, brokerage professionals, and independent contractors (collectively “Employees”) globally.

EXCEPTIONS TO POLICY

None.

DETAILED procedure/guidance

A. DEFINITIONS

• Confidential Information – Any and all information or data (regardless of format) that is provided to FacilityLync by clients or third parties in confidential circumstances, which is not publicly known, and which relates to a client engagement or its affairs. This can include information or data types governed by other information laws (e.g., inside price-sensitive or government-protected).
• Personal Information – Any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual.
• Sensitive Personal Information – A subset of Personal Information, which due to its nature has been classified by law, contract, or by FacilityLync policy as requiring additional privacy protections and Enhanced Safeguarding.
• Enhanced Safeguarding – The implementation of more stringent physical, technical, and administrative measures against the risk of inadvertent or unauthorized disclosure of Sensitive Personal Information than the safeguards generally required.
• Data subject – The person about whom Personal Information relates.
• Chief Privacy Officer – The individual appointed by FacilityLync for the oversight of FacilityLync’s Global Privacy Program.

B. GOVERNANCE

The Chief Privacy Officer is responsible for the oversight of this Policy, the enterprise strategy to address operational and information privacy management risk, and the support of compliance with all data protection, privacy, and information security laws and regulations.

Each individual business line and department is responsible for following this Policy to address its specific activities involving the collection, use, disclosure, destruction, international transfer, exercise of rights, and safeguarding of Confidential and Personal Information.

C. COLLECTION

FacilityLync collects Confidential or Personal Information for the purposes of delivering services to clients, managing the infrastructure to support those services, and complying with legal and compliance obligations.

The volume and type of Confidential or Personal Information collected depend on what is required or relevant for delivering services to clients. FacilityLync aims to collect only the minimum amount of Confidential and Personal Information for delivering services.

Unless otherwise agreed, it is the responsibility of clients to ensure the lawfulness and fairness of any disclosure of Confidential and Personal Information to FacilityLync. This includes obtaining any necessary consents from the Data Subject.

The obligation to provide any relevant notices or information concerning FacilityLync’s collection or use of Confidential or Personal Information rests on the client or third party.

FacilityLync may also collect Personal Information from publicly available sources, including, but not limited to, public internet websites and databases, public or government sources, and news or open-source reporting.

D. USE

FacilityLync uses Confidential and Personal Information only for providing services to clients, managing the infrastructure to support those services, and complying with legal and compliance obligations.

FacilityLync acts on the instructions of clients when using Confidential and Personal Information. These instructions can be given orally or in writing, and their form and detail depend on both the services and the requests or requirements of the client.

Unless otherwise agreed, FacilityLync may use certain Confidential and Personal Information for statistical benchmarking, industry intelligence, and research purposes. Before doing so, FacilityLync will take reasonable measures to anonymize or aggregate the information.

Although not a common feature for delivering services, FacilityLync complies with any requirements or restrictions from clients on the use of Personal Information to profile or make automated decisions on individuals.

E. RETENTION

Where FacilityLync provides the client with the facility to access and delete Confidential and Personal Information processed on the client’s behalf, the client is responsible for deleting the Confidential and Personal Information when no longer required. In other cases, FacilityLync will delete Confidential and Personal Information at the end of any retention period agreed with the client, or in accordance with the client’s instructions in fulfilling Data Subject rights.

FacilityLync may retain copies of Confidential and Personal Information to comply with legal requirements or for compliance or record-keeping purposes, in which case FacilityLync will retain such Confidential and Personal Information for as long as required by those legal requirements or to fulfill those purposes.

In relation to Confidential and Personal Information held in backups or archives, FacilityLync operates a programmed destruction cycle, and selective deletion is not feasible. FacilityLync continues to safeguard the information throughout and in accordance with this Policy. Confidential and Personal Information held in backups or archives are not subject to any further processing.

F. DISCLOSURE

Confidential and Personal Information is shared within FacilityLync with those individuals and departments who need to know. Disclosure depends on the nature of the information and the services being delivered.

FacilityLync only discloses Confidential or Personal Information to outside organizations in the course of, or for the purposes of, delivering services to clients. FacilityLync will always obtain the explicit consent of the client before disclosing Confidential or Personal Information to any outside organization.

FacilityLync does not sell Confidential or Personal Information for marketing purposes.

G. INTERNATIONAL TRANSFER

FacilityLync may process Confidential and Personal Information globally, depending on the requirements of the services and the client’s instructions. FacilityLync will only transfer Confidential or Personal Information to third parties or outside of the jurisdiction in which the information was collected if it is necessary for the purpose for which it was collected, with the explicit consent of the client, or to comply with a legal obligation.

FacilityLync has implemented contractual safeguards to protect Personal Information when transferred internationally. These safeguards may include the use of EU Standard Contractual Clauses or other appropriate measures.

H. ENHANCED SAFEGUARDING

FacilityLync uses Enhanced Safeguarding for Sensitive Personal Information, including but not limited to, encryption and access controls. These measures go beyond the general safeguards implemented by FacilityLync and are tailored to the nature of the information.

FacilityLync reviews and updates its Enhanced Safeguarding measures regularly to ensure their continued effectiveness.

I. DATA SUBJECT RIGHTS

FacilityLync respects the rights of Data Subjects concerning their Personal Information and will, as required by applicable law:

• Inform Data Subjects about how their Personal Information is used.
• Allow Data Subjects access to their Personal Information.
• Correct inaccuracies in Personal Information.
• Delete Personal Information when requested or when it is no longer needed.
• Inform Data Subjects about automated decisions made using their Personal Information.

Requests to exercise Data Subject rights should be submitted to FacilityLync’s Data Protection Officer (DPO), whose contact details are provided in Section L below.

J. CLIENT RESPONSIBILITIES

FacilityLync clients remain responsible for the protection of Personal Information they control. This includes:

• Providing any required notices to Data Subjects.
• Obtaining any necessary consents from Data Subjects.
• Ensuring the lawfulness and fairness of any disclosure of Personal Information to FacilityLync.

K. INCIDENT RESPONSE

FacilityLync has implemented an Incident Response Program to address and respond to incidents involving the unauthorized access, use, disclosure, alteration, or destruction of Confidential or Personal Information.

The Incident Response Program is designed to identify and respond to incidents promptly, mitigate any harm, and prevent future incidents.

L. CONTACT INFORMATION

Any questions or concerns about this Policy, FacilityLync’s privacy practices, or the processing of Confidential or Personal Information should be directed to FacilityLync’s Data Protection Officer (DPO) at privacy@facilitylync.com.

M. UPDATES TO POLICY

FacilityLync may update this Policy from time to time. If there are material changes to the Policy, FacilityLync will post a notice on its website, together with an updated Policy.

N. UNSUBSCRIBE/CHANGING YOUR MAILING PREFERENCES

If you have received an email or emails from FacilityLync that you no longer wish to receive, please contact us at web.manager@facilitylync.com.