GDPR Statement
This GDPR Statement should be read in-conjunction with the Streamline Privacy Policy which is under a separate tab on our website, and this GDPR Statement applies to all EU Data Subjects (as defined below) to the extent set out in this GDPR Statement.
The following definitions are used in this GDPR Statement:
Controller – where Streamline directly collects Personal Information from EU Data Subjects – please refer to our Privacy Policy in this regard;
Customer – the counterparty to a Master Subscription Agreement with Streamline who has received consent from EU Data Subjects to collect and process their Personal Information;
EU Data Subject – living individual residing in an European Union Member State, including the United Kingdom;
GDPR – Regulation (EU) 2016/679 of the European Parliament and Council, and all applicable data protection and privacy laws and regulations in any EU Member State or nation within the European Economic Area;
Legitimate Interest – the legal basis under GDPR for collection of Personal Information;
Personal Information – any Personal Information as defined in the Streamline Privacy Policy of an EU Data Subject;
Processor – where Streamline processes Personal Information on behalf of a Customer under a Managed Service Agreement or Master Subscription Agreement for the provision of Products or Services, please refer to our Privacy Policy;
Managed Service Agreement / Master Subscription Agreement – any written contract, any written statement of work, or any other written binding agreement between Streamline and the Customer.
Legal basis for collection of personal information of ER Data Subjects
Streamline collects, uses, stores and transfers Personal Information to manage its relationship with its Customers, employees, business partners and other third parties (“covered individuals”) and better serve covered individuals by personalising their experience and interaction with Streamline. Such processing is done in compliance with applicable laws, Managed Service Agreements or Master Subscription Agreement, including appropriate notice and consent.
EU Data subject rights
Streamline as a collector, storer and processor of Personal Information as stated in our Privacy Policy, understands the rights of EU Data Subjects. Subject to identity verification and depending on the processing activity we are undertaking, EU Data Subjects have a right to:
- Request that we provide you with a copy of Personal Information that we collect and you have the right to be informed of the source of your Personal Information, the purpose of collection and legal basis, as well as the processing methods used by Streamline and to whom your Personal Information may be transferred.
- Request that we correct inaccurate Personal Information. We may seek to verify the accuracy of the Personal Information before correcting it.
- Request that we delete your Personal Information when it is no longer needed for the purpose under which it was collected or you withdraw your consent to use (subject to our legal obligations for retaining historic records).
- Ask us:
- to restrict your Personal Information, where the Personal Information is not accurate or unlawfully processed, or it is no longer needed for the purpose under which it was collected. We will only continue to use your Personal Information where we have your consent or to protect the rights of covered individuals or exercise legal rights.
- to provide your Personal Information to you in a readable format or have it transferred to another party for automated processing under consent or Managed Service Agreement or Master Subscription Agreement.
- Object to any processing of your Personal Information which has our Legitimate Interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. You can also request that we change the manner in which we contact you for marking purposes or you can remove yourself from our marketing lists.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally required to retain Personal Information, or we are entitled to deal with the request in a different way.
How you can access, correct, update, restrict or delete your personal information
If you wish to access, correct, update, restrict, or delete Personal Information that we hold about you, please write to us using the contact details set out in our Privacy Policy.
Processing and sub-processing personal information on behalf of customers
The details of the Personal Information that will be processed by Streamline on behalf of a Customer, including the duration, purpose and categories of Personal Information, will be set out in a Managed Service Agreement / Master Subscription Agreement with the Customer for authorisation to process Personal Information. Streamline will create and maintain records of the processing of the Personal Information. By signing the Managed Service Agreement or Master Subscription Agreement the Customer authorises Streamline to process or to subcontract the processing of personal data to a third party, and confirms that consent has been obtained from the EU Data Subjects.
Personal Information Transfers
Personal Information from EU Data Subjects will only be transferred outside of the European Economic Area in accordance with the provisions and protections within the GDPR. Streamline uses a variety of lawful data transfer mechanisms for this purpose, including EU Standard Contractual Clauses.
Streamline has an intragroup agreement on the transfer and processing of Personal Information within the Streamline global group which has the EU Standard Contractual Clauses incorporated. This agreement allows Streamline to ensure that Personal Information, including Personal Information originating from the European Economic Area, which is transferred cross-border and processed by other Streamline entities, including those located outside the European Economic Area, is adequately protected in accordance with the GDPR
Children’s Privacy
Streamline does not knowingly collect information from children as defined by local law, and does not target its websites and services to children. We encourage parents and guardians to take an active role in their children’s online activities and interests.
Notification of Changes
We may update this GDPR Statement from time to time. If we do, we will post the revised version, with an updated revision date.
Questions
Any questions or complaints concerning this GDPR Statement or in relation to any Personal Information can be raised with the Streamline Privacy Officer at the contact details set out in the Streamline Privacy Policy.