Privacy policy of Page Ltd.

  1. INTRODUCTION

Page Ltd. is a consultancy firm offering services for organizations about Diversity, Equity, Equality, and Inclusion (DEE&I). Its services are conducting surveys in organizations, providing consultancy and training/workshops. The aim is to help to improve the provided strategies, policies, and programs in the field of D&I of these companies, with the goal to improve the level of D&I and Human Resources efforts to enhance the wellbeing and engagement amongst employees, the performance of the workforce and organizations.

Page Ltd.                                                   

Baarerstrasse 71

6300 Zug

UID registry: CHE 318.516.256

Switzerland

T: +41-417287220

 

The protection of your privacy is a priority for us. With this privacy policy, we explain to you which personal data we process about you, when you visit our website or use our online services, or more generally when we provide services to you, pursuant to the personal data protection legislation, in particular:

– for European Union: The General Data Protection Regulation of the European Union

– for Switzerland: the Swiss Federal Data Protection Act (DPA), as well as the nFADP, New Federal Act on Data Protection (nFADP) (admin.ch).

We collect and process your personal data carefully, only for the purposes described and only to the extent necessary for this purpose and within the scope of the applicable legal provisions. We will only retain your personal data to the extent and for as long as it is necessary to provide our services or as required by law. In close cooperation with our hosting providers, we do everything we can to protect data from unauthorized access, loss, and to protect against misuse or counterfeiting.

 

  1. PARTIES CONCERNED BY THE COLLECTION AND PROCESSING OF PERSONAL DATA

This policy applies to all internal and external parties Page Ltd. works with (see below).

To meet its operational needs, Page Ltd. sets up and uses means of processing personal data relating to its prospects, clients, providers, and participants (see below for definitions):

  • “Prospect”: any person (of a company) who may potentially be interested in our services and/or person who is interested in Page’s products/services.
  • “Client”: any company that acquires products or services from Page Ltd.;
  • “Provider”: companies or organizations with which Page Ltd. has a purchase contract.
  • “Participant”: an employee of one of our clients who participates in our surveys, interviews, or workshops/training.
  • “Contacts”: all prospects, clients, providers, and participants together.
  • “User” is every party that visits the website or social media of Page Ltd.
  • “Data provider”: prospect, client, provider, participant.
  • “Data recipient”: Page Ltd.
  • “Data processor”: Page Ltd.
  • “Data controller”:  prospect, client, or provider.

 

  1. PERSONAL DATA

Personal data at Page Ltd. are collected for 4 purposes:

  1. For business reasons via our website: read Terms of Use on our website: www.di-navigator.com.
  2. For running surveys via our server (Part A) amongst a client’s (company) workforce.
  3. To develop indexes via anonymized data retention (Part B) on our server;
  4. To deliver workshops, training, events, and consultancy purposes, (Part C) via digital forms presented in our website and filled-in by potential customers and/or in contact with prospects or clients.

 

  • TYPES OF DATA

Non-technical data may include:

  1. Personal status (surname, first name, work address, title);
  2. Contact details (telephone number, (work) email address, social media identifiers);
  3. Where applicable, data relating to means of payment (bank or post office account details, check number and/or credit card details, and, where applicable, transaction no., details of services subscribed to);
  4. Contract history and, where applicable, details of prospects, clients, or providers.
  5. As far as this is permitted, we take certain data from publicly accessible sources (e.g., commercial register, press, Internet), so that we can conclude or process contracts.

 

  • DATA COLLECTED

As part of its relations with Users, Page Ltd. collects technical data relating to their browsing on our websites, mobile apps or other content published by Page Ltd.

Depending on the category of Users, Page Ltd. collects and processes different data:

Prospects
Surname, first name, email address, request for services and/or documentation.

Clients
Personal status means of contact, preferred means of contact, contract history, where applicable consents, professional situation.

Providers
Details relating to the entity (name, type of company, share capital, no. in Chamber of Commerce, address of headquarters, etc.) contract information, means of payment and/or billing of different transactions; also contacts in these entities (title, surname, first name, email address, position, role, telephone number, etc.).

Participants
Personal data are encrypted, and by doing so can’t be combined with or related to individuals.

 

  • ORIGIN OF DATA

The data originate from direct collection via:

  • Browsing and data entered among other things in forms and questionnaires on the website: www.di-navigator.com.
  • Creation of an account or a personal page on one of our websites or applications.
  • Information provided by Prospects or Clients at Forums, Master classes, fairs, in paper or electronic forms, and/or before, during and after a course or workshop.
  • Orders for products or services.
  • Surveys or (group) interviews clients about the preferences of their employees on matters of Equity, Diversity and Inclusion, Human Resources.

 

  • REQUIRED DATA

Only data necessary for the specific process or purpose will be collected.

 

  1. TRANSFER OF DATA TO THIRD PARTIES

Your personal data will not be passed on, sold or otherwise transferred to third parties, unless this is necessary for the purpose of contract processing or for the fulfilment of our legal duties or unless you have expressly consented. In addition, data may be transmitted to third parties if we are obliged to do so by law or by enforceable official or court order.

Page Ltd. may use third party products to provide complementary services to the User. Page Ltd. asks these third parties to follow its instructions concerning the User’s personal data and only to use them in connection with the contract signed with the third parties unless the person concerned explicitly consents to such third parties using their data for their own purposes.

 

  1. WHY DO WE COLLECT THESE DATA?
  • LEGAL BASIS

The legal grounds for Page Ltd. to collect information/data are:

  • For all services: contractual necessity: processing is needed to enter or perform a contract.
  • For the surveys / training and workshops: legitimate interests of our clients: there is a weighed and balanced legitimate interest where processing is needed for our clients. They want to improve their D&I and/or HR performance to improve their employees’ work life and to improve their company results.
  • Page Ltd. will seek the explicit consent of the person concerned to send its marketing messages or accept a subscription to its newsletters or other information carriers on these matters. The User is entirely free to refuse such processing simply by clicking on the “unsubscribe link which is always present in Page Ltd.’s messages.

Page Ltd will always take the initiative and agree with clients (companies) on a Data Processing Agreement.

 

  • PURPOSES

The purpose of the collection of this information is to enable:

  • The setting up of prospecting and advertising operations relating to the services delivered by Page Ltd. and subscriptions to its’ newsletters.
  • Prospect and/or client relations monitoring and management.
  • Purchase management.
  • Billing
  • Where applicable, creation and management of a user account to access the digital environment of Page Ltd.: Members area (and other network resources, applications, and digital documents.
  • Management of a mail directory enabling the management of mailing groups based on offers attached to each prospect or client.
  • Where applicable, management of videoconferences and web conferences.
  • Management of courses or workshops.
  • Setting up filtering by means of a firewall, antivirus for reasons of people and data.
  • Creation and organization of indexes and surveys.
  • Management of relations with companies.
  • Transmission of data to Page Ltd., so that it can inform the client of its actions and contact him/her.
  • Implementation of statistics.

 

  • PURPOSES OTHER THAN THOSE MENTIONED IN THIS POLICY

If Page Ltd. subsequently wishes to carry out processing of personal data for a purpose other than that for which the data were collected, Page Ltd. will provide users with prior information about this other purpose and any other relevant information.

 

  1. RETENTION TIME

Page Ltd. applies retention times to the data it collects according to any legal and contractual requirements that apply, meaning in practice data will be stored for the shortest time possible, considering the reason for processing the data.

Where there are no legal or contractual requirements Page Ltd will retent the data according to its own needs, meaning for the duration of the entire business relationship (from the initiation and processing to the termination of the contract). The retention time may vary according to the data category or processing concerned or user profile.

Furthermore, personal data will be stored for the time in which claims can be asserted against our company and if we are otherwise legally obliged or authorized to do so or if legitimate business interests require this (e.g. for evidentiary and documentation purposes).

More specific, personal data will be stored for the period of:  

  • data related to prospecting and marketing: 1 year after the last contact moment.
  • third party payer data: 3 years after last payment.
  • data related to log management: 6 months.
  • purchasing management for contract documents: 5 years for supply and service contracts.
  • billing and accounts management: 5 years or after settlement of any disputes.
  • contracts: 5 years.
  • cookies: 13 months.
  • data on surveys of companies and results (Part A): for the duration of the survey and its results: approximately 2 years; they can be addressed on a total basis and anonymous basis till 5 years after the survey is done;
  • for the creation of an index (Part C): indefinitely, as they are not traceable to any person whatsoever.
  • data related to enrolment in workshops, training, event with an admission process: the period of the workshop, training or event plus certification (if applicable): see Part D.

After the above-mentioned periods, the data will be destroyed or deleted.

 

  1. RIGHT OF ACCESS, RECTIFICATION, ERASURE AND CONTROL OF USAGE
  • RIGHTS OF THE DATA SUBJECT

The user has a right of access, modification, rectification, restriction, and erasure of his/her personal data as well as a right of objection to data processing on legitimate grounds, which can be exercised by sending an email to dataprotection@di-navigator.com mentioning in the subject line “personal rights” and attaching a copy of proof of identity. These are individual rights that can only be exercised by the person concerned in relation to their own information.

Please note, however, that we reserve the right to enforce the restrictions provided for by law. For example, if we are obliged to store or process certain data, have an overriding interest in doing so (as far as we may rely on it) or need it for the assertion of claims. If you incur any costs, we will inform you in advance. We have already provided information about the possibility of revoking your consent. Please note that the exercise of these rights may conflict with contractual agreements, and this may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already contractually or legally regulated.

 

  • USER’S RIGHT OF ACCESS

The User is entitled to ask for a copy of their personal information held by Page Ltd., except for cases where its disclosure would violate the privacy of other persons or if an exemption were to apply.

 

  • USER’S RIGHT OF RECTIFICATION

Any requests to rectify data will be passed on to the data department and Page Ltd. will inform the User when the rectification has been made.

 

  • USER’S RIGHT OF ERASURE

Any request to delete data made by a User will be studied to determine whether the erasure should be carried out or not. The User’s right of erasure will not apply if the processing has been set up to meet a legal obligation. Certain data are necessary to track for instance payment.

If our processing requires the User’s consent, the latter may withdraw it any time.

 

  • USER’S RIGHT OF CONTROL AND USAGE

Under the same conditions, the User possesses the right to control the usage of their data by writing to the same address: dataprotection@di-navigator.com.

Page Ltd. reserves the right to contact the Prospect or Client by the means of communication of its choice: telephone, text message, email (including at the Client’s personal address if they have entered it), social media, etc. The Client may ask that a certain means of communication will not be used by Page Ltd., by sending their request to dataprotection@di-navigator.com .

The management of usage also means that the User has the possibility of requesting:

  • Restrictions on Page Ltd.’s processing (for example, that Page Ltd. no longer contacts a person to propose similar offers or services);
  • Postmortem management of data by drawing up advance directives. The User is informed that they have a right to formulate specific and general directives concerning the retention, erasure, and disclosure of their data postmortem. This right can be exercised by an email to dataprotection@di-navigator.com mentioning “data protection – post-mortem” (Postmortem personal rights) and enclosing a copy of proof.

  • RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

The User has a right to lodge a complaint with the regional (e.g., cantonal), or national data protection authority.

Every data subject also has the right to enforce his or her claims in court.

  • DATA BREACH NOTIFICATION PROCEDURES

lf there is a Data Breach, the User involved will be notified within 48 hours after it has been discovered by Page Ltd., or as soon as possible after Page Ltd has been informed of it.

In doing so, we will provide you with the information that you reasonably need to – if necessary – make a correct and complete notification to the Personal Data Authority and possibly the Data Subject(s) within the framework of the Data Breach Notification Obligation or we will forward the notification from Our Sub-processor to You. We will also keep You informed of the measures taken by Us, or our Sub-processor, in response to the Data Breach. 

The notification of Data Breaches to the Personal Data Authority and (possibly) Data Subject(s) is always Your own responsibility. 

 

  1. SECURITY

To ensure the security of your personal data, Page Ltd. has implemented a level of security appropriate and proportional to the risks involved by taking all useful precautions, whether they be physical, logical, administrative, or organizational, in view of the nature of the data it collects, processes or transfers. The risk of unauthorized access and misuse are mitigated by measures such as the issuance of instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.

These measures include, mainly:

  • Protection and access control at the premises and server rooms of our IT suppliers.
  • Backup of data center of Page Ltd.
  • Filtered, secure internet access.
  • Securing interconnections with remote sites and access to the Page Ltd. services.
  • Use of an SSL-type encryption protocol for the transmission of data between the computers and servers of Page Ltd. or its service providers.
  • Regular backups replicated in the backup data center.
  • Securing hardware, servers, and applications via specific accounts with regular inventories.
  • Management of accreditations for accessing data, and only allowing necessary resources to access data.
  • Control of workstations allowed us to connect to the internal network.

  1. DATA PROTECTION OFFICER

Page Ltd. has appointed a Data Protection Officer who is responsible for data protection and processing. Anyone encountering any problems with the processing of personal data may contact the Data Protection Officer at this address: dataprotection@di-navigator.com.

  1. CHANGES

This policy is liable to be amended or adapted at any time in the event of changes in the law, case law or usages.

 

 

Part A: Surveys by means of the Diversity and Inclusion Navigator® amongst employees of organizations

  1. INTRODUCTION

An organization can choose to run a survey on Diversity and Inclusion in his/her company. This is done via de interactive Diversity and Inclusion Navigator®.  If a client chooses to do so, an online survey questionnaire will run via a server of Page Ltd.

Before a survey runs at a client, it will sign:

  • a contract or collaboration agreement;
  • a data processing agreement;
  • a non-disclosure agreement;
  • this privacy policy.

 

  1. ENCRYPTION OF E-MAIL ADDRESSES OF INDIVIDUAL EMPLOYEES TO ANONYMIZE PERSONAL DATA IN SURVEYS

To anonymize data that can be related directly to individual persons, they will be encrypted. The client (company) can choose one of the two following options. In this way opinions on D&I and/or demographics can never be related to employees of the client. The data will be kept anonymously during the retention period

Option 1.: before a survey takes place, Page Ltd will receive the mail addresses of the client’s employees of the client (company) in an excel file. They will be encrypted by Page Ltd. via an at-random encryption code, so that the results of the surveys are in no way deductible to the original e-mail addresses of the persons that will fill in the survey, via any means whatsoever. Page Ltd will return the excel file with the original mail addresses to the company immediate after having encrypted it.

Option 2.: before a survey takes place, the mail addresses of the client’s employees will be encrypted by an employee, assigned by the client, who then is granted access to Page’s website (backend; an area protected for the client) and can encrypt the mail addresses him/herself.

Option 3.: before a survey takes place, Page Ltd will send one unique link to the client (company). The client will send this link to all its’ employees and the employees can then fill in the survey.

 

  1. OTHER ANONYMIZATION MEASURES

Other anonymization measures that are implemented by Page Ltd. are:

  • At least an amount of 15 persons per company or department will be used in reports, so results never can be traced back to individual persons;
  • As a last measure, Page Ltd. will look sharply at the results per company or department of the company before the publication of the results, so to make sure that no results can be traced back to an individual person or individual persons. If for any reason this can be done, Page Ltd. will take measures (e.g., combine certain age categories etc.) to prevent th
  • Each participating company’s data, survey results and report are strictly confidential and anonymized and will be delivered to the participating company only in aggregated form.

 

Part B: Indexes

The data collected from the surveys can be used under an aggregated and anonymized form to develop an iDI-NAV Index ® per industry and/or country. Page Ltd will always ask its client for approval to do so.

Per company (e.g., company A) or per country location of the company (e.g., company A-Switzerland, company A-Netherlands, company A-Greece, etc.) the following results will be kept by Page Ltd.:

  • Average total score on the Diversity and Inclusion Navigator ®
  • Average score on ‘individual’ barriers on the Diversity and Inclusion Navigator ®
  • Average score on ‘domestic’ barriers on the Diversity and Inclusion Navigator ®
  • Average score on ‘social’ barriers on the Diversity and Inclusion Navigator ®
  • Average score on ‘organizational’ barriers on the Diversity and Inclusion Navigator ®
  • Average score on ‘cultural’ barriers on the Diversity and Inclusion Navigator ®

Per industry the scores of all the companies in that country that have chosen to participate in the index, will be aggregated. This way we will develop an industry index per country.

Part C: Participation in training or event

When employees of a company participate in a training, workshop, or event, we will collect the personal data necessary: name, function, company name, e-mail address, telephone number. We will only use them for the purpose of the training, workshop or event and/or certification of it.

October 2024