We believe in being transparent about how we handle your personal information. This Privacy Statement (“Statement”) explains how Eurasian Resources Group (ERG) (“ERG” “we”, “us”) handles the personal information of its employees, prospective employees and contractors, customers, vendors and other external parties. ERG adheres to strict data privacy laws such as the General Data Protection Regulation (Regulation (EU) 2016/679) as well as local laws in jurisdictions where ERG is operating.
This Statement explains in detail the types of personal data we may collect about you and what we do with this personal data. It further describes what measures we take to keep your personal data safe, as well as your rights in relation to the personal data we hold about you. Please see the definitions and glossary to understand the meaning of some of the terms used in this Statement.
“Eurasian Resources Group” means Eurasian Resources Group S.à r.l. and includes all subsidiaries;
“Data Subject” means the individual to whom the personal data relates;
“Personal Data” means any information relating to an identified or identifiable natural person;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Consent” of the data subject means any freely given, specific, informed – in certain cases explicit – and unambiguous indication of the data subject`s wishes by which (s)he by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating him or her;
“Legitimate interest” is one of the lawful base of processing by GDPR. It applies whenever the company uses personal data in a way that the data subject would expect.
“Privacy Statement” means a notice that needs to be provided to data subjects when we collect, use or distribute their personal data.
“Personal Data Breach” means a breach of security leading accidental of unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
“Data Privacy Officer” (DPO) or similar means an independent data protection expert, who is member of Group Compliance and responsible for monitoring ERG`s privacy compliance, informing it and advising on its data protection obligations, and acting as a contact point for data subjects and the relevant supervisory authority.
How Do We Use Your Personal Data?
We may process your personal information for legitimate business purposes to administer our employment, contractual or other relationship with you and to run our businesses. We may collect, use, transfer, and otherwise process your personal information through automated and/or paper-based data processing systems. We have established routine processing functions such as processing for regular payroll and benefits and supplier payments. We also process personal information on an occasional or ad hoc basis in the context of employment and vendor or customer requests for information concerning personal data or any requests from the data subject.
What Personal Data Do We Collect?
From employees, job applicants and contractors we may collect as minimum necessary data for managing human resources, including:
From website visitors we may collect as necessary data including:
From visitors to our offices and mine sites we may collect personal data to protect our security, safety and legal obligations, including:
From customers, suppliers and other external parties we collect personal data, including:
ERG also collects personal data in the course of complying with its legal obligations (for example, to comply with government requests and to undertake due diligence).
We limit our personal data collection and processing to the amount needed for the relevant processing purpose. If your data is to be processed for a different purpose we will inform you of that new purpose and ask your permission.
Legal bases for processing personal data
Why we process your personal data
ERG may process personal data for the following purposes:
To share personal data with third parties
Depending on the purposes above, and besides the data subjects themselves, we may share the personal data to the following categories of recipients:
We may transfer your personal information outside the country where you reside or work, including to countries that do not provide the same level of protection for your personal information as you may expect in your own country, where the following criteria are met:
In every case, we will inform you prior the cross-border transfer when, to where and for what purpose your personal data is sent.
We Secure Your Data:
We keep your data secure and protected against accidental, unauthorised or unlawful processing, including against loss and unauthorised access, destruction, misuse, modification or disclosure. This means we ensure that we have the appropriate technical, physical, and organisational measures in place for all stages of the personal data ‘life cycle.’ Data security obligations apply whether your personal data is stored in hard copy form (e.g., paper) or in electronic form (e.g., in databases). Access to your personal data is provided on a ‘need to know’ and `need to access` basis for parties outside and within ERG.
We require our business groups to immediately report any breaches in relation to your personal data to the ERG Data Privacy Officer for investigation.
We Limit Retention of Your Personal Data:
Your personal data is kept only for as long as necessary for the lawful purpose for which it is processed (as notified to the relevant individuals), or for the time required or permitted under local laws. After such time, records containing your personal data will be securely destroyed (as in the case of physical records) or permanently deleted (in the case of electronic records) in accordance with ERG’s Data Retention Schedule or as required by applicable local laws.
We Respect Your Rights:
We take reasonable steps to ensure that personal information is accurate, complete, and current. Please note that you have shared responsibility with regard to the accuracy of your personal information.
Additionally, you may:
There are legal exceptions to the exercise of these rights, and ERG will review each request on a case by case basis, referring to the laws of the country where you are located. Your requests for exercising your rights should be referred to the ERG Data Protection Officer for your region, who can be contacted at: GDPR.Compliance@erg.net
In order to comply with the applicable laws and to reflect adequately the way we process personal data, this privacy statement shall be updated from time to time.
Last updated on: 13.04.2022