This page was last updated on the date identified here.

Privacy Statement

Introduction

Vialto Partners is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

As used in this privacy statement, “Vialto Partners”, “us”, and “we” refer to the Vialto Partners network and/or one or more Vialto Entities that may process your personal information. Each Vialto Entity in the Vialto Partners network is a separate legal entity. The data controllers of your personal information are one or more of the Vialto Entities listed here at www.vialto.com/about. See www.vialto.com/about also for a list of countries and regions in which Vialto Entities operate.

Vialto Partners processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data.

To find out more about our specific processing activities, go to our processing activities.

Our legal grounds for processing your personal data

Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

• our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
• our legitimate interests in developing and improving our businesses, services and offerings and in developing new Vialto Partners technologies and offerings (provided these do not interfere with your rights);
• to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
• to perform our obligations under a contractual arrangement with you; or
• where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.

Transfers of personal data

Cross-border transfers

If we process your personal information, your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.

Where we collect your personal information within the EEA, transfer outside the EEA will be only:

• to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
• under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.

Other Vialto Entities

For details of Vialto Entity locations, please see www.vialto.com/about.

We may share personal data with other Vialto Entities where necessary in connection with the purposes described in this privacy statement. For example, when providing professional services to a client we may share personal information with Vialto Entities in different territories that are involved in providing advice to that client.

Third Party Providers

We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support the Vialto Partners Network in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by Vialto Partners, and to flow those same obligations down to their sub-processors.

Other disclosures

We may also disclose personal information under the following circumstances:

• with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
• when explicitly requested by you;
• when required to deliver publications or reference materials requested by you;
• when required to facilitate conferences or events hosted by a third party;
• To law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. Vialto Partners may also review and use your personal information to determine whether disclosure is required or permitted.

Our processing activities

To find out more please go to the sections below that are relevant to you.

Security

We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Your legal rights in relation to personal data

You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right to:

• obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data
• the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
• The right to delete your personal data in the following cases:
  • the personal data is no longer necessary in relation to the purposes for which they were collected and processed;
  • our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
  • our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
  • you object to processing for direct marketing purposes;
  • your personal data has been unlawfully processed; or
  • your personal data must be erased to comply with a legal obligation to which we are subject.
• The right to restrict personal data processing in the following cases:
  • for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;
  • your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
  • your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
  • for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
• The right to object to the processing of your personal data in the following cases:
  • our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
  • our processing is for direct marketing purposes.
• The right to data portability
  • The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
• The right to withdraw consent
  • Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).
• If you consider that the processing of your personal data infringes the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.

Changes to this privacy statement

We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

Contact us

• Please submit requests or enqueries about your personal data to: privacy@vialto.com.
• For anything else, please submit contact us at: contact@vialto.com.

You may also contact us at the postal address at: vialto.com/about

Business contacts:

Collection​ ​of​ ​personal​ data

Vialto Partners processes personal data about contacts (existing and potential Vialto Partners clients and/or individuals associated with them).

This includes name, employer name, contact title, phone, email and other business contact details. In addition, we may record information about our interactions with contacts.

Use​ ​of​ ​personal​ data

Personal data relating to business contacts may be used for the following purposes:

• Administering, managing and developing our businesses and services
  This includes:
  • managing our relationship with clients;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery and learning more about a client relationship opportunity);
  • analysing and evaluating the strength of interactions between Vialto Partners and a contact;
  • performing analytics, including producing metrics for Vialto Partners leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals;
  • administering and managing IT systems, websites and applications; and
  • hosting or facilitating the hosting of events
• Providing information about Vialto Partners and its services
  • We use client business contact details to provide information that we think will be of interest about Vialto Partners and its services, in accordance with any permissions required by law. This may include industry updates and insights, other services that may be relevant and invites to events.
• Vialto Partners does not sell or release personal data to third parties for purposes of allowing them to market their products and services without consent from individuals to do so.

Data retention

Personal data will be retained for as long as we have, or need to keep a record of, a relationship with a business contact, which is for the duration of our relationship with a contact or their organisation. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Corporate clients (and individuals associated with our corporate clients):

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.

Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use. Our clients may use relevant sections of this privacy statement or refer data subjects to this privacy statement if they consider it appropriate to do so.

The categories of personal data processed by us in relation to the services we provide are generally:

• Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
• Contact details (e.g. email address, contact number, postal address);
• Financial details (e.g. salary and other income and investments, benefits, tax status); and
• Job details (e.g. role, grade, experience and performance information).

For certain services or activities, we may process special categories of personal data (such as in performing client checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

Generally, we collect personal data from our clients or from third parties when providing services to the relevant client.

Use of personal data

We use personal data for the following purposes:

• Providing professional services
  We provide a diverse range of professional services. Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility, tax and pensions services.
• Administering, managing and developing our businesses and services
  This includes:
  • managing our relationship with clients and prospective clients;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery);
  • administering and managing IT systems, websites and applications; and
  • hosting or facilitating the hosting of events.
• Security, quality and risk management activities
  We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file.  We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
• Providing clients and prospective clients with information about us and our range of services
  We use client and prospective client business contact details to provide information that we think will be of interest about us and our services in accordance with any permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
• Complying with any requirement of law, regulation or a professional body of which we are a member
  As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
• Improving and developing our services
  We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new Vialto Partners technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

Data retention

We retain the personal data processed by us for as long as necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

 Individuals who use our applications:

We provide external users access to various applications managed by us. Such applications will contain their own privacy statements explaining why and how personal data is collected and processed by those applications. We encourage individuals using our applications to refer to the privacy statements available on those applications.

Individuals whose personal data we obtain in connection with providing professional services to our clients:

Collection of personal data

Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data with us where it is strictly needed for those purposes.

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to the individuals who are the subject of the data.

Given the diversity of the services we provide, we process many categories of personal data, including:

• Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
• Contact details (e.g. email address, contact number, postal address);
• Financial details (e.g. salary, payroll details and other financial-related details such as income, investments and other financial interests, benefits, tax status); and
• Job details (e.g. role, grade, experience, performance information and other information about management and employees).

For certain services, we may process special categories of personal data (such as in performing client checks and providing immigration and tax services, which involve us processing government identification documents that may contain biometric data or data revealing racial or ethnic origin or as part of an audit of an organisation in the health sector).

Generally, we collect personal data from our clients or from a third party acting on the instructions of the client. For some of our services, for example, when undertaking a due diligence review of an acquisition target on behalf of a client, we may obtain personal data from that target’s management and employees or from a third party acting on the instructions of the target.

Use of personal data

We use personal data for the following purposes:

• Providing professional services
  We provide a diverse range of professional services.  Some of our services require us to process personal data in order to provide advice and deliverables. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility and pensions services.
• Administering, managing and developing our businesses and services
  This includes:
  • managing our relationship with clients;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery);
  • administering and managing IT systems, websites and applications; and
  • hosting or facilitating the hosting of events
• Security, quality and risk management activities
  We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats.  Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of our client and engagement acceptance, we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
• Complying with any requirement of law, regulation or a professional body of which we are a member
  As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
• Improving and developing our services
  We are continually looking for ways to help our clients and improve our business and services. Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new Vialto Partners technologies and offerings. To the extent that the information that we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Websites:

This section describes how Vialto Partners handles personal information collected through the sites on www.vialto.com and any other Vialto Partners sites that link to this privacy statement (collectively, “the Websites”).

By using the Websites and providing personal information to us, you acknowledge you have read this privacy statement, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal information by the Vialto Partners network and any third party recipients in accordance with this privacy statement.

Some sites of the Websites may have privacy statements that differ from this one and/or contain additional information as required under local law. Please refer to the privacy statements on the sites you visit in order to understand how they collect and process your data. By accessing any sites available within the Websites or content within them, you (a) acknowledge you will review those Privacy statements and (b) to the extent required under applicable law, consent to the collection, processing and use of your personal data as described in those Privacy statements.

Third Party Links

The Websites may link to third-party sites not controlled by Vialto Partners and which do not operate under Vialto Partners’ privacy practices. When you link to third-party sites, Vialto Partners’ privacy practices no longer apply. We encourage you to review each third-party site’s privacy policy before disclosing any personally identifiable information.

Collection of personal information through the Websites

When you use our Websites, we may collect information about you and your use of the relevant site, including through cookies and analytics tools. We may collect personal information about you, such as your name, job title, company name, address, email address and telephone number, either directly from you or by combining information we collect via the Websites with personal information we collect and maintain through other channels (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may lawfully collect from social media or other third-party sites.

Below are examples of how you may provide personal information to us via Websites:

• searching and browsing for content;
• subscribing to or ordering newsletters and/or publications;
• registering for premium online services;
• participating in “join our mailing list” initiatives;
• participating in bulletin boards, discussion or message forums;
• entering Quick Surveys, Quizzes or Benchmarking Surveys;
• registering for events and conferences;
• submitting resumes or work history information;
• contacting us for further information;
• visiting our Websites while logged into a social media platform; and/or
• providing us with business cards or other contact information.

We do not intend to collect sensitive information through the Websites unless we are legally required to do so. Examples of sensitive information include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records. We ask that you do not provide sensitive information of this nature when using the Websites.  If you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under your local law, for us to collect and use that information in the ways described in this section of this Privacy statement or as described at the point where you choose to disclose this information.

We also do not actively seek demographic information from visitors to the Websites. However, you may choose to provide such information (including for example when becoming a Registered User, visiting our site from a social media site, submitting a resume, or responding to an online job application). If you choose to provide demographic information to us, the act of doing so constitutes your explicit consent, where such consent is necessary and valid under applicable law, for us to collect and use that information in the ways described in this section of the Privacy statement or as described at the point where you choose to disclose this information.

It is our policy to collect only minimum personal information required. If the Websites seek non-mandatory personal information about you, you will be notified of this at the point of collection. If you believe a Website has collected excessive information about you, please contact us to raise any concerns.

Some pages on the Websites may permit you to send emails to us. Messages sent via the Websites will contain your screen name and email address, as well as any additional information you wish to include in the message.

Registered Users

If you choose to become a Registered User, as part of the registration process you will be asked to provide us with personal information through a registration form. Information we collect may include: your name, email address, password, country, organisation, and job title. Some of the information is required and, if you do not provide it, you will not be able to register and receive the benefits of being a Registered User (for example, obtaining access to premium content). We have marked with an * those registration fields seeking information that you must provide in order to become a Registered User.

For as long as you are a Registered User, you are responsible for providing us with accurate information about you and for keeping that information up to date. You may update your information by editing your user profile in your Account.

Once you are a Registered User, we may combine the information you give us as part of the registration process with information we collect and/or have previously collected through your use of the Websites (such as articles you read, comments you make). As a Registered User, all of the data you provide as part of registration may be tied back to the information we collect or have previously collected about you through your use of the Websites.

We may also match the information you provide us against third-party data to supplement your user profile. For example, if a third party has additional information related to your email address (such as a social media profile URL or a photo), we may match your email address and activity on the Websites (including activity information collected prior to your becoming a Registered User) against that data and then use the third party data for additional marketing activities.

Use of personal information

When you provide personal information to us through Websites, we may use it for any of the purposes described in this section of the privacy statement or as stated at the point of collection (or as obvious from the context of collection), including:

• to administer and manage the Websites, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site, premium content, or other services limited to Registered Users;
• to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you;
• to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using the Websites);
• to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated;
• to develop our businesses and services;
• to conduct benchmarking and data analysis including, for example, regarding usage of the Websites and demographics analyses of their users;
• to conduct quality and risk management reviews;
• to understand how people use the features and functions of our Websites in order to improve the user experience;
• to monitor and enforce compliance with applicable terms of use, including acceptable use policies;  and/or
• any other purposes for which you provided the information to Vialto Partners, including any of the purposes given in the ‘Collection of personal information’ section above.

Our Websites do not collect or compile personal information for sale to non- Vialto Partners parties for consumer marketing purposes.

If you would like to find out more about the different categories of information we collect on the Websites, please review the ‘Collection of personal information’ section.

Registered Users: additional uses of personal information

If you choose to become a Registered User, we may also use your information for the following purposes:

• to tailor the content within our Websites and across Vialto Partners digital properties, including content shown to you, to your preferences and interests;
• to manage our relationship with you or the organisation for which you work (for example, by including personal data we collect about you from your use of the Websites in our customer relationship management systems);
• to provide you with information about us and our services including via personalised marketing messages and/or communications unique to your organisation about our products and services;
• to invite you to attend events, participate in forums, etc.;
• to conduct quality and risk management reviews;
• any other purposes for which you provided the information to Vialto Partners.

Cookies and Beacons

Please see our Cookie Policy.

Data retention

We will retain your personal information on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep mailing list information until a user unsubscribes from our mailing lists. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honor your request.

Marketing

Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.

If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive curated emails known as newsletters. If you select any preferences such as issues, topics, subjects or industries, you may receive email communications related to those self-selected topics.

Unsubscribe

If you want to unsubscribe from mailing lists or any registrations, you should look for and follow the instructions we have provided within the appropriate area(s) of the Websites or in the relevant communications to you.

If you do not wish to receive emails or marketing communications from us, you can at any time contact us to request that such communications cease. If you wish to unsubscribe or no longer receive only certain communications, please identify such communications in your request.

If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.

Account Deactivation

If you are a Registered User, you may deactivate your account at any time via the Registered User section of the Websites. If you deactivate your account on the Websites, you will no longer receive the benefits of being a Registered User. If you choose to deactivate your account, we may retain information sufficient to identify you so that we can honour your request.

If you have other registrations with Vialto Partners, or have provided your information to Vialto Partners through other means (such as subscribing to newsletter), those registrations will be maintained unless you take specific action to inform us to cease contacting you.

Any user generated content that you may have created before then will not be anonymised following deactivation, nor will it be immediately removed from our systems or records.

Access to data

We are committed to providing reasonable and practical access that allows visitors to the Websites to identify and correct any inaccuracies in the information we collect about them.

When we keep personal information about you, we are responsible for keeping an accurate record of the information that you have submitted to us. We do not assume responsibility for verifying the ongoing accuracy of your personal information. If you are a Registered User, you may update your personal information; to do so, log in using your account credentials and update your information.

If you have questions about the accuracy of identifying information you previously submitted to Vialto Partners, or want to have outdated information removed, please email us at: privacy@vialto.com. When requested, and provided that it is practical and commercially feasible to comply with the request and there is no legal or regulatory need for us to keep the information, we will delete identifying information from current operational systems.

Children

We understand the importance of protecting children’s privacy, especially in an online environment. The Websites covered by this Privacy statement are not intentionally designed for or directed at children, and our terms and conditions of use require all users to be above the age of majority in their local country. We adhere to laws regarding marketing to children. We never knowingly collect or maintain personal information about individuals under the age of 18.

Marketing activities:

Marketing

Marketing includes any communications about Vialto Partners products and services. Where we are legally required to obtain your explicit consent to send you marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.

We retain contact information (including name and email address) on our mailing lists until an individual unsubscribes from our mailing lists. If you unsubscribe from our mailings, we may retain limited information sufficient to identify you so that we can honour your opt out request.

Vialto Partners does not sell personal information to non-Vialto Partners parties for consumer marketing purposes.

How to unsubscribe from marketing communications

You can at any time contact us to request that we stop sending you email marketing communications. If you want to unsubscribe from mailing lists, you should look for and follow the instructions we have provided in the relevant communications to you.

If you wish to no longer receive only certain communications, please identify such communications in your request.

Others who get in touch with us:

We collect personal data when an individual gets in touch with us with a question, complaint or feedback (such as name, contact details and contents of the communication). In these cases, the individual is in control of the personal data shared with us. We only use the data as necessary to respond to the communication or resolve the complaint.

Recruitment applicants:

This section describes why and how we collect and use personal data in connection with our recruitment activities.

If your application is successful, we perform pre-employment screening checks as part of our onboarding process. Depending on the role you have applied for, these checks may include criminal records checks.

Collection of personal data

We collect personal data in connection with our recruitment activities as described below.

Most of the personal data we collect as part of our recruitment process is provided by you such as:

• Contact details (name, email, telephone number);
• Areas of interest;
• Username and password to apply for a role;
• CV, experience, education, academic and professional qualifications;
• Information provided as part of interviews and assessments;
• Diversity and equal opportunities data;
• Pre-employment screening information if your application is successful;
• Information about your and your immediate family’s financial relationships if your application is successful; and
• Bank account details if your application is successful.

We create personal data in connection with our recruitment activities such as

• Interview and assessment results and feedback; and
• Offer details

We obtain personal data from third party sources such as:

• References from your named referees
• Information from your referrer (where applicable);
• Results of screening checks (depending on the role applied for);
• Verification of information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications); and
• Information from social media sites that you are a member of about your engagement with our recruitment campaigns.

Use​ ​of​ ​personal​ data

We process personal data for our legitimate interests to attract and secure the best talent to work with us as follows:

• To attract talent and market opportunities at Vialto Partners including by arranging, hosting and participating in events, marketing and advertising opportunities and using recruiters to help find talent for us.
• To identify and source talent including by searching our talent pool and publicly available sources (such as professional networking and job websites of which you are a member).
• To process and manage applications for roles at Vialto Partners, evaluate you for open positions that match your interests and experience throughout the Vialto Partners network, manage your candidate profile, send you email notifications and other announcements, request additional information or otherwise contact you about your candidacy.
• To screen and select talent by evaluating your suitability for employment with Vialto Partners, including through interviews and assessments and conducting background checks.
• To hire and onboard talent by making an offer to successful applicants and carrying out pre-employment screening checks.
• To conduct statistical analyses and create reports including for example regarding use of our careers websites, demographic analysis of candidates, reports on Vialto Partners recruitment activities, and analysis of candidate sourcing channels.
• To administer and manage our careers websites and communicate with you about careers at Vialto Partners.
• Any other purposes stated when you provide the information to Vialto Partners.

Where allowed by law, we carry out criminal records checks for the following purposes:

• To comply with legal obligations to ensure an individual is eligible to work;
• As permitted by law, to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; or
• To comply with government and public sector clearance requirements.

Data retention

We retain personal data processed in connection with recruitment activities as follows:

• If your application is successful we retain relevant personal data as part of your employee record and your talent pool account (if you choose to join our talent pool).
• If your application is unsuccessful, we retain and use the information you provided to Vialto Partners as part of your application for a reasonable period of time to deal with any matter which may arise in connection with your application, for purposes of contacting you regarding other employment opportunities and for our legitimate business purposes (for example, to make sure we do not contact an individual about a role they have already applied for) and for as long as you are a member of our talent pool (if you choose to join our talent pool).

Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors):

Collection​ ​of​ ​personal​ data

We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients. The personal data is generally business card data and will include name, employer name, phone, email and other business contact details and the communications with us.

Use​ ​of​ ​personal​ data

We use personal data for the following purposes:

• Receiving services
  We process personal data in relation to our suppliers and their staff as necessary to receive the services they are contracted to provide. For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal data about those individuals that are providing services to us.
• Providing professional services to clients
  Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients (for example, where our supplier is providing people to work with us as part of a Vialto Partners team providing professional services to our clients).
• Administering, managing and developing our businesses and services
  This includes:
  • managing our relationship with suppliers;
  • developing our businesses and services (such as identifying client needs and improvements in service delivery);
  • hosting or facilitating the hosting of events; and
  • administering and managing IT systems, websites and applications
• Security, quality and risk management activities
  We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
• Providing information about us and our range of services
  We use business contact details to provide information that we think will be of interest about us and our services in accordance with permissions required by law. This includes industry updates and insights, other services that may be relevant and invites to events.
• Complying with any requirement of law, regulation or a professional body of which we are a member
  As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Personal data will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation). Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Vialto Partners Personnel (partners, staff and contractors):

We collect personal data concerning our own personnel (partners, staff and individual contractors) to administrate the employment relationship and manage our business.

Please refer to our privacy statement available on Spark for information on why and how personal data is collected and processed in relation to your role with Vialto Partners.

Visitors to our offices:

We have security measures in place at Vialto Partners offices, including CCTV and building access controls.

CCTV

We only perform CCTV monitoring where allowed by law. CCTV images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). We use the CCTV images for the legitimate purposes of promoting security and safety of our personnel and members of the public, preventing and detecting crime and establishing, exercising and defending legal claims. We may disclose CCTV images to law enforcement bodies as requested and permitted by law.

CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

Visitor records

We require visitors to our offices to sign in at reception and we keep that record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).

Guest WIFI

We may monitor traffic on our guest WIFI networks using industry standard intrusion detection systems. This allows us to see limited information about a user’s network behaviours but will include being able to see at least the source and destination addresses the user is connecting from and to. We cannot inspect encrypted web pages and therefore do not have access to any information (personal or otherwise) that the user might share via these web pages.

California Residents

This section applies solely to individuals who reside in the State of California. If you have any questions about the information provided in this privacy statement or our privacy practices, please contact us at privacy@vialto.com.

Our processing activities

Business contacts

We have collected the following categories of personal information of our business contacts, as applicable, within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))
• Professional or employment-related information

Please see the Business contacts section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Corporate clients (and individuals associated with our corporate clients)

In our role as a service provider to our corporate clients, we may process personal information of individuals associated with such clients. As noted in our main privacy statement, our policy is to collect only the personal information necessary for agreed purposes and we ask our clients only to share personal information with us when it is needed for those purposes.

When we need to process personal information to provide our services, we ask our clients to provide the necessary information to data subjects concerned regarding its use.

Given the diversity of services we provide to our corporate clients, we may have processed the following categories of personal information in connection with such services within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))
• Protected classification characteristics under California or federal law
• Commercial information
• Biometric information
• Internet or other similar network activity
• Geolocation data
• Professional or employment-related information
• Inferences drawn from other personal information

Please see the Corporate clients section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Users of our websites and applications

We have collected the following categories of personal information of our website and application users within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))
• Internet or other similar network activity
• Professional or employment-related information

Please see the Individuals who use or applications section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Personnel

Please refer to the relevant privacy statement available on Vialto Partners’ intranet for information on the collection and processing of your personal information in relation to your role with Vialto Partners.

Sourcing and recruitment of candidates

Please refer to the separate privacy statements presented to you during the recruitment and, if applicable, onboarding processes for information on the collection and processing of your personal information.

The following applies to information we collect as part of our sourcing activities, sometimes referred to as our “Talent Network” or “Talent Community.”

We have collected the following categories of personal information of our “Talent Network” or “Talent Community” contacts within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))
• Protected classification characteristics under California or federal law
• Internet or other similar network activity
• Professional or employment-related information

Please see the Recruitment applicants section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Attendees of Vialto Partners events

Unless separate privacy notices are provided to the visitor at or in connection with the event, any personal information collected will be treated in accordance with the applicable section of this privacy statement.

Visitors to our offices

We have collected the following categories of personal information of our office visitors within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))

Please see the Visitors to our offices section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Others who get in touch with us

We have collected the following categories of personal information from individuals who contact us within the last twelve (12) months:

• Identifiers
• Personal information categories listed in the California Customer Records statute ( Civ. Code § 1798.80(e))
• Any other category of personal information that an individual chooses to include in a communication to us

Please see the Others who get in touch with us section of the main privacy statement above for further details about the personal information we collect in these categories, the sources of such information, the purposes for which the information was collected, and the categories of third parties with whom we share such information in order to conduct our day-to-day business operations.

Your California privacy rights

This section describes the rights of California residents under California law and explains how to exercise those rights. Please see the Individuals’ rights section of our main privacy statement above for information about additional choices you may have regarding your personal information.

Requests to know

If you are a California resident, under certain circumstances in accordance with applicable law, you have the right to request that we disclose to you specific details about your personal information that we have collected, used, disclosed and sold over the past 12 months and/or a copy of your personal information. These details include: (1) the categories of personal information we have collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling personal information; (4) the categories of third parties with whom we share personal information; (5) the specific pieces of personal information we have collected about you.

Once we receive your request, we will acknowledge it and either respond in accordance with law, ask for additional information to verify your identity, clarify the nature of your request, let you know if we need more time, let you know if we need to charge a fee (such as if requests are manifestly unfounded or excessive, in particular because of their repetitive character, taking into account the administrative costs of providing the information or communication or taking the action requested), or we will inform you if we cannot fulfill any part of your request due to an exception under the law. If we know that your request relates to information we process as a service provider to one of our corporate clients, we will forward your request to the relevant client and cooperate with that client as needed to address your request and/or inform you that your request should be submitted directly to the business on whose behalf we process the information.

Requests to delete

If you are a California resident, under certain circumstances in accordance with applicable law, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your valid verifiable request, we will delete, de-identify or aggregate your personal information and direct our service providers to do so, or we will inform you if we cannot fulfill any part of your request due to an exception under the law. If your request relates to information we process as a service provider to one of our clients, we will inform you that your request should be submitted directly to the business on whose behalf we process the information.

Submitting a request to know or delete

To exercise the rights described above, please submit a verifiable request to us at privacy@vialto.com

The verifiable request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Please, however, refrain from sending us sensitive personal information.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.

We will respond to your request within a reasonable timeframe in accordance with applicable law. Any disclosures we provide may only cover the 12-month period preceding the verifiable request’s receipt, as required by law.

Information sale and the right to opt-out

Depending on the jurisdiction in which you are located, you may have the right to opt-out of the sale of your personal information. Please contact us at privacy@vialto.com for information about our practices and how you may exercise your opt-out rights under applicable law.

California consumer request metrics

If you would like information about the number of requests submitted by California consumers, please contact us at privacy@vialto.com.

Non-discrimination

In accordance with applicable law, we will not discriminate against you for exercising any of your California privacy rights.

Legal notices

Vialto Partners is committed to protecting the data you provide to us and making it easy to find the information you need.

How we are structured

Learn about the Vialto Partners Network

GDPR compliance

The Vialto Partners network and each of the individual Vialto Entities are strongly committed to protecting the privacy of personal data that they maintain about Vialto Partners clients, employees and other individuals. As part of this commitment to privacy, Vialto Partners regularly reviews its data protection practices to comply with applicable laws, industry standards and best practices. To meet the requirements of the European Union’s General Data Protection Regulation (GDPR), and as a result of other territorial regulations impacting privacy, a comprehensive global programme — the Network Data Protection Programme or NDPP — has been established to provide a basis for, and a consistent approach to, data protection compliance across the Vialto Partners network and within each Vialto Entity.

An overarching goal of the NDPP is to promote a vision, practices and standards across the Vialto Partners network that achieve a robust level of protection for and appropriate use of the personal data of Vialto Entities’ people, clients, vendors and other stakeholders. All Vialto Entities are required to implement the requirements of the NDPP through their own individual programs, building upon existing confidentiality and security processes and standards. These NDPP requirements are extensive and cover multiple functional areas and aspects of our business, all in pursuit of accountability and transparency in how Vialto Partners collects, processes, protects and disposes of personal data.

For more information regarding the Vialto Partners network, its organisation and legal structure, and the relationship between Vialto Entities, please see www.vialto.com/about.

Terms & conditions of use

These documents explain your responsibilities when using our online websites and marketing systems.

Cookie policy

Our cookie policy gives information about the cookies that we use, as well as options for managing your cookie preferences.

Contact us

About privacy or legal issues, please contact us at privacy@vialto.com

 LEGAL DISCLAIMER

The information contained in this site is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in this site. Accordingly, the information on this site is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers. Before making any decision or taking any action, you should consult a Vialto Partners professional.

While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, Vialto Partners is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this site is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Vialto Partners, its related member entities, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this Site or for any consequential, special or similar damages, even if advised of the possibility of such damages.

Certain links in this site connect to other websites maintained by third parties over whom Vialto Partners has no control. Vialto Partners makes no representations as to the accuracy or any other aspect of information contained in other websites.