Personal Information Privacy and Transparency Notice
Endeavor Technologies Corp
About this Notice
This Personal Information Privacy and Transparency Notice (“Notice”) describes how Endeavor Technologies Corp. (“Endeavor”) collects and uses your personal information during and after your relationship with us.
Depending on your relationship with us, Endeavor can be both a “data controller” and a “data processor”. This means that we are responsible for deciding what personal information to collect, how we hold and use personal information about you and explaining this clearly to you, and we are also responsible to ensure that the personal information we collect as part of your use of our drilling simulator software is processed with the proper technical and organizational measures to ensure that it is protected.
This Notice applies to prospective, existing and former customers of Endeavor (including employees and representatives of our corporate customers), individual and business contacts and prospects, individuals who request information from us, any person who supplies products or services to Endeavor (either as an individual or as the employee or representative of a supplier), and third parties acting for our customers. It is important that you read this Notice, together with any other privacy information or notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. We reserve the right to update this Notice at any time, and we will publish a new Personal Information Privacy and Transparency Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
The Chief Information Officer (CIO) of Endeavor has responsibility for Endeavor compliance with data protection law. If you have any questions about this Notice or how we handle your personal information, please contact the CIO at 1-866-789-1758 or by email to email@example.com. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the course of our dealings with you.
Information we collect
In this Notice, “personal information”, means any information about an individual from which that person can be identified. Depending on your relationship with us, the types of personal information we collect can include: names, addresses (including email), phone numbers, banking or credit card information, credit references, training preferences, training module scores, and feedback pertaining to your learning experience.
How we collect information about you
We collect personal information direct from you when we establish you as a customer, when you complete our website enquiries form, if you register with us to receive updates and information from us, or where we enter into a contract to provide services to you. We collect further information from you during the period of our business relationship or for the duration of our provision of services to you. We may collect information from credit reference agencies or other background check agencies and from sources such as Dun and Bradstreet, from an online search, or from social media sites.
Our lawful basis for gathering and using personal information
We will only gather and use your personal information when you grant your consent, and/or when the law allows us to collect the information for our legitimate interests and your interests and fundamental rights do not override such interests, and/or where required or permitted by law.
We share personal information only with data processors that are under strict contractual obligations to maintain personal information in accordance with this Notice, and we share personal information within Endeavor as necessary so that we are able to provide operational and administrational excellence associated with our services and to improve the service we provide to customers. With your consent we may share your information if we refer you to a third-party adviser for specialist advice, such as training or accreditation organizations.
The following activities are carried out by third-party service providers on our behalf: learning management systems, IT support and maintenance; hosting our website (including analytics).
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
Information we process
For each of the following categories, we may, from time to time, approach you for your consent to allow us to process your personal information for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
We may process any of the following:
• your name, title, address, and contact details. Such processing is necessary for the provision of our services to you.
• your bank or credit card payment details. Such processing may be necessary to activate a subscription or license to use our software, and may be necessary on the rare occasions we are required to pay a refund to you (for example where you have made an overpayment on your account).
• feedback you provide to us on our products and services. Such processing is necessary for the legitimate interest of managing our business and improving our services and products (provided that your interests and fundamental rights do not override our interests).
Individual prospects and other non-customer contacts
We process your name, address and contact details, your training preferences and feedback you provide on training modules and our learning management system. Such processing is necessary for the legitimate interest of promoting and growing our business and improving our services provided that your interests and fundamental rights of do not override our interests.
We may process any of the following:
• your name, title, business contact information including addresses, telephone numbers and email addresses and VAT registration details. Such processing is necessary for performance of any contract between us.
• your bank or credit card payment details. Such processing may be necessary to pay invoices or provide refunds.
• details relating to the performance of the contract between us, including quality system accreditations, financial information and bank details for payment. Such processing is necessary for performance of the contract between us.
We may perform due diligence in the form of credit checks. We do this as necessary for our legitimate interests provided that your interests and fundamental rights do not override our interests.
Corporate customers, suppliers and third party business contacts and prospects
We process names, titles and business contact information including addresses, telephone numbers and email addresses for your employees and representatives and corporate bank details and VAT registration details (where applicable). Such processing is necessary for performance of any contract between us. We also collect payment information in the form of bank or credit card payment details in order to activate a subscription or license to use our software, and may be necessary on the rare occasions we are required to pay a refund to you. The latter may not be considered personal information if associated with your corporate account.
We may perform due diligence in the form of credit checks and verification of the company registration details. We do this as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).
We process your marketing preferences. Such processing is necessary for the legitimate interest of promoting and growing our business (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).
We process any feedback you, your employees or your representatives may provide to us on our products and services. Such processing is necessary for the legitimate interest of managing our business and improving our products and services (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).
Transferring information from the European Economic Area (“EEA”)
Our electronic personal information is hosted primarily on servers located within Canada. If we are required to transfer information from the EEA, we only do so where permitted by law, and where we have put in place appropriate measures to ensure that such EEA personal information is treated in a way that is consistent with and which respects the EU and UK laws on data protection. We will take all reasonable steps to ensure that transfers to our servers are secure. By engaging with us from inside the EEA you acknowledge and agree that such transfers are necessary for us to provide services to you.
We have put in place appropriate measures to protect the security of your information. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will process your personal information only on our instructions and they are subject to a duty of confidentiality. We also have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long we keep your information
We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Where a minimum retention period is required by law, we comply with that minimum period plus up to 12 months to allow time for us to anonymize or delete information in accordance with our internal data management processes. Please contact firstname.lastname@example.org if you would like to discuss specific retention periods applicable to your matters. If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so.) In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.
To exercise any of the above rights, please contact Endeavor at email@example.com. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may refuse to comply if your request for access is clearly unfounded or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Updated: April 2020