2. The Types of Personal Data that We Collect
Personal data is information that relates to an identified or identifiable individual, and it could be as simple as a name or a number, or could include other identifiers such as an IP address, a cookie identifier, or other factors.
We collect personal data in order to provide our services to you; maintain communications with you; and/or in order to comply with applicable law. Please note that if we have requested personal data from you and you decide that you do not want to share certain personal data with us, then this may prevent us from: (i) providing our services to you; or (ii) entering into a contract to provide services to you. In these circumstances we will ensure we notify you when reasonably possible to do so.
We collect different types of personal data for different reasons, including:
3. How do we obtain Your Personal Data
Most of the personal data we process about you is provided to us directly by you for one of the following reasons:
We may also receive personal data indirectly, from the following sources:
We take reasonable measures to ensure that when we receive personal data indirectly: (i) the third party providing your personal data has the necessary lawful basis to share your personal data with us; and (ii) we use any such data in compliance with terms and conditions set out by the third party providing it to us.
4. Why do we Have Your Personal Data
We use your personal data in order to, where applicable:
5. Sharing Your Personal Data
6. Lawful Basis for Processing your Personal Data
Under the General Data Protection Regulation 2018 (“GDPR”), the lawful bases that we normally rely on for processing your personal data, detailed above, are:
We may need to process your personal data in order to comply with applicable laws, in these circumstances we have a legal obligation to process your data, but we will inform you if this is the case.
In the unlikely event we store any Special Category Data (as defined by GDPR) the lawful basis for processing is determined by the category of personal data being processed. In the event this relates to Special Category Data contained in a dataset, we rely on your consent to process such personal data.
Where we undertake direct marketing, all of our direct marketing campaigns are conducted in accordance with applicable law; we only do so with your consent and/or where we have a legitimate interest to do so, but in any event, you have the option to opt out of any direct marketing at any time by clicking the unsubscribe link in our marketing material. Helixa has performed a legitimate interests assessment in respect of its direct marketing activities to former, existing, and prospective customers. In summary, Helixa has a legitimate interest to market its services to existing customers as they already receive services directly from Helixa and may benefit from other services that Helixa provides. Former customers may be likely to purchase Helixa services after receiving marketing materials as they become aware of the additional benefits that other services could bring them. In addition, Helixa has a legitimate interest in marketing its services to prospective customers to promote brand awareness and increase sales.
To the extent that Helixa records any video conferences/calls/meetings of your voice or image (biometric data), Helixa will only do so with your explicit consent before such recordings are made.
7. How we Store Your Personal Data and for How Long
Helixa will retain your personal data only as long as necessary for the purposes for which it was collected; to provide you with services in accordance with our contractual obligations to you; and where required or permitted under law. Generally, this means your personal data will be retained until the end of your contractual relationship with us. In addition, such data may also be retained whilst Helixa has a legitimate business need to do so.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.
In relation to direct marketing, we will retain personal data (only to the extent necessary) in order to ensure we respect your direct marketing opt-out preferences.
No service is completely secure, but we believe the security of your information is a serious issue and we are committed to maintaining commercially reasonable and appropriate security measures to ensure that your personal information is protected both online and offline. Helixa has a dedicated Information Security team that manages our framework, policies and procedures based on ISO27001 principles (with supplementary controls added for NIST framework alignment) to protect your personal information.
The framework includes (but not limited to) the following measures; employees and contractors being subject to background checks and bound by confidentiality, all receive training on data privacy and security. Those responsible for designing, managing and developing software and services do so applying secure development and privacy by design practices. Principles of least privilege are adopted using a role-based model for provisioning access to critical infrastructure and sensitive data. Data is encrypted in transit over public networks using both TLS, data encryption at rest is using Advanced Encryption Standard, pseudonymization. We also take measures to ensure third-party service providers that process personal data on our behalf also have appropriate security controls in place.
While we strive to protect your data, we cannot guarantee that unauthorized access to your data, data loss or a data breach will never occur.
9. International Data Transfers
In order to provide our services to you it may be necessary to transfer your personal data to a country that is different to the country in which we collected your personal data, and such country may not apply the same level of data protection.
As we are a global enterprise, and part of the Telmar Group, Helixa may transfer your personal data to Telmar Group companies (see section 15, below) and our third party services providers. To the extent required by applicable data protection law, any personal data that is transferred amongst Telmar Group companies shall be subject to an intra-group data transfer agreement (“IGDTA”) that applies the Standard Contractual Clauses approved by the European Commission, and the UK’s International Data Transfer Agreement and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses.
In addition to the IGDTA, Helixa performs transfer impact assessments (each a “TIA”) in respect of the transfer of personal data outside the European Economic Area to “third countries”. In this context, “third countries” are countries that the EU has not issued recognition of a country's adequacy of its data protection laws to ensure that a data subject gains a similar level of protection that a person would receive under GDPR. The purpose of a TIA is to evaluate whether the legislation in the third country might prevent the non-EU Data importer of personal data from complying with GDPR requirements – especially regarding potential data access rights of intelligence agencies. A TIA requires a diligent assessment of all circumstances of the transfer in question, the laws and practices of the third country of destination and any relevant contractual, technical or organizational safeguards put in place.
10. CCPA Compliance (Applicable to California Residents Only)
When we act as a “Service Provider” (as defined in the CCPA) we may process “Personal Information” on behalf of our customers or dataset providers. “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, this includes but it not limited to:
If we process your Personal Information it is because we are a Service Provider to a business that has provided your Personal Information to us. We do not Sell (as defined in the CCPA) your Personal Information to any third party.
If we process your Personal Information and we determine the purposes and means of the processing, for example when undertaking marketing activities, it is because we are a Business (as defined by the CCPA). In this circumstance we rely on the CCPA marketing exemption allowing us to: (i) store marketing data on third party systems, provided applicable terms are in place with our service provider; (ii) provide opt-outs from marketing communications, as opposed to requiring an opt-in; and (iii) follow applicable cookie consents on our website.
11. Your Data Protection Rights
When you subscribe to our services, you trust us with certain personal data. We understand that it is essential we work hard to protect your personal data and provide you with the access you need to feel in control of your personal data you provide to us.
Under data protection law, you have rights including:
You are not required to pay any charge for exercising your rights. If you do make a request, we will respond to you within one month. Please contact us by email at firstname.lastname@example.org.
13. Our Contact Details
If you are resident in the European Economic Area or the United Kingdom our contact details are as follows:
via Arcivescovo Calabiana 6 Milano, 20139, Italy.
If you are resident anywhere other than the European Economic Area or the United Kingdom our contact details are as follows:
75 Varick Street - New York NY 10013
+1 212 725 3000
14. How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us by email at email@example.com or at:
For the attention of: Legal Team,
Fora, 35-41 Folgate Street,
You can also complain to the ICO if you are unhappy with how we have used your personal data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
15. Telmar Group Entities
We have set out below the Telmar Group Entities that we share personal data with in accordance with our intra-group data transfer agreement, further described in Section 9 above.
Helixa, Inc., a company incorporated in Delaware, with offices located at 75 Varick Street, 3rd Floor, New York, NY 10013.
Helixa SRL, a company incorporated in Italy, with offices located at via Arcivescovo Calabiana 6 Milano, 20139.
Telmar Group, Inc., a company incorporated in Delaware, with offices at 75 Varick Street, New York, NY 10013.
Telmar Information Services Corp., a company incorporated in New York, with offices at 75 Varick Street, New York, NY 10013.
Telmar HMS Limited, a company incorporated in Canada, with offices at 151 Yonge Street, Suite 1100, Toronto, Canada.
Telmar Europe Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.
Telmar Communications Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.
Telmar Peaktime SAS, a company incorporated in France, with offices at 15, place de la République, 3ème étage, 75003 Paris, France.
Telmar Peaktime B.V., a company incorporated in the Netherlands, with offices at Strawinskylaan 3051, 1077 ZX, in Amsterdam.
Telmar (Asia) Limited, a company incorporated in Hong Kong, with offices at Unit 46-106, 46/F, Lee Garden One, 33 Hysan Avenue, Causeway Bay, Hong Kong.
Telmar Software (Shanghai) Limited, a company incorporated in China, with offices at Unit Q-148, Room 501, 5/F, 700 Liyuan Road, Huangpu District, Shanghai, China.
Telmar Media Systems (Pty) Ltd, a company incorporated in South Africa, with offices at Building 26, 1st Floor, The Woodlands, 131 Western Service Road, Woodmead, 2052 Johannesburg, South Africa.