Objective and Scope
The aim of this EU Privacy Policy (this "Policy") is to provide adequate safeguards for the handling of Personal Data (as defined below) by YCP Holdings (Global) Limited and its subsidiaries and related companies (collectively,“YCP Group”, “we”, “us”) that process Personal Data.
"Automated Decisions" means decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Data Subject" means an individual for whom YCP Group Processes Personal Data.
"Employee" means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of YCP Group or any current or prospective subsidiary or affiliate of YCP Group.
"European Economic Area” or "EEA" means the following countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable client, Employee or Supplier’s representative; (ii) can be linked to that client, Employee or Supplier’s representative; (iii) is transferred to any YCP Group entity from the EEA or Switzerland, and (iv) is recorded in any form.
"Privacy Officer" means the individual officer designated by YCP Group as the initial point of contact for inquiries, complaints, or questions regarding privacy matters.
"Processing" is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
"Supplier" means any supplier, vendor or other third party located in the USA and/or the EEA or Switzerland that provides services or products to YCP Group.
Application of EU data protection laws
This Policy is designed to provide compliance with all relevant applicable data protection laws in the EEA, and in particular the General Data Protection Regulation ("GDPR"). YCP Group will handle Personal Data in accordance with the GDPR and local laws at the place where the Personal Data is processed.
Principles for processing personal data
YCP Group respects the privacy of Data Subjects and is committed to protecting Personal Data. YCP Group will observe the following principles when processing Personal Data:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example, data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
- Data Subjects in the EU may be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their Personal Data.
- Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Data that is inaccurate or incomplete.
- Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes are described in this Policy.
- Data will be deleted or amended following a relevant request by the Data Subject, provided such request complies with applicable law.
- Data will be processed in accordance with the Data Subject’s legal rights (as described in this Policy or as provided by law).
- Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to data. In case of any such violation with respect to Personal Data, YCP Group will take appropriate steps to end the violation and determine liabilities in accordance with applicable law and will cooperate with the competent authorities.
Types of data processed
YCP Group does not need to collect or process individual consumer information to perform its services. However, as part of the services YCP Group provides, it may have incidental access to Personal Data.
With regard to client contact information, YCP Group collects and processes the following categories of Personal Data:
- First and last name
- Business email address, and
- Business telephone number
Children
We understand the importance of protecting children’s privacy in an online environment and our websites and mobile applications are not intentionally designed for or directed at children under the age of 18. We will not intentionally or knowingly collect and maintain personal information of anyone under the age of 18.
Ways of obtaining personal data
YCP Group obtains Personal Data through various sources:
- As submitted by clients through the services provided by YCP Group;
- Collected from publicly available databases;
- The use of third-party vendors who compile databases for YCP Group’s use (YCP Group requires assurances from the third-party vendor that the information was collected, processed, and transferred in compliance with applicable data protection laws and that YCP Group is permitted to make further use of the information)
Purposes for personal data processing
YCP Group processes Personal Data to fulfil your requests for information, send you marketing communications, contacting you to receive feedback on these services and/or for other market or research purposes. If you have applied for a job at YCP, your data will be processed for the purposes of evaluating and processing your application and candidacy for the position to which you have applied. You do not have to provide us with any personal data. However, if you do not, we may be unable to handle your request or to provide you with the services you are requesting.
In addition, YCP Group may process Personal Data for business operational purposes. The foregoing limited purposes will be taken into consideration before any type of processing of Personal Data occurs
For client/supplier-specific Personal Data, the purposes of processing may include:
- Management of YCP Group’s relationships with its clients and suppliers
- Processing payments
- Carrying out YCP Group’s obligations under its contracts with clients and suppliers
In the event of a change of the foregoing, YCP Group will inform affected Data Subjects of new processes or applications, new purposes for which the Personal Data are to be used, and the categories of recipients of the Personal Data.
Security and confidentiality
YCP Group is committed to implementing and maintaining appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Rights of data subjects
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by YCP Group and may request deletion or amendments. Data Subjects may contact the Privacy Officer at privacy@ycp.com to review, update, and revise their Personal Data.
If access is denied, the Data Subject has the right to be informed about the reasons for denial. The person affected may contact any competent regulatory body or authority to resolve the issue. YCP Group will handle in a transparent and timely manner any type of complaint resolution or inquiry about Personal Data.
If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. If the Data Subject demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless applicable laws require otherwise.
Transfers
In connection with the activities described under “Purposes for personal data processing”, YCP Group may transmit Personal Data outside the EEA and more specifically to: (i) YCP Group’s corporate headquarters in Singapore; or (ii) its other offices in other parts of the world. Moreover, Personal Data might be sent to the following third parties in or outside the EEA and Switzerland:
- Selected Third Parties: YCP Group may disclose or share Personal Data of clients or prospective clients with suppliers, or other third-party vendors, but YCP Group will not sell any Personal Data without the Data Subject’s valid consent.
- Other Third Parties: YCP Group may be required to disclose certain Personal Data to other third parties: (i) as a matter of law (e.g. to tax authorities); (ii) to protect YCP Group’s legal rights; (iii) to law enforcement authorities in compliance with applicable laws.
Automated decisions
YCP Group does not make Automated Decisions for client data. If Automated Decisions are made, affected persons will be given an opportunity to express their views on the Automated Decision in question and object to it. However, YCP Group uses cookies for analytics, user experience optimization, ad personalization and measurement.
Contact information
YCP Group will ensure that this Policy is observed and duly implemented. All YCP Group Employees who have access to Personal Data are required to comply with this Policy.
If, at any time, you believe that Personal Data relating to you has been Processed in violation of this Policy, you should report your concern to the Privacy Officer at privacy@ycp.com. In addition, YCP Group is happy to answer any questions related to its Processing of Personal Data.