Book a demo

PRIVACY NOTICE

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who interacts with us and will only collect / use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the General Data Protection Regulation (EU Regulation 2016/679) (the "GDPR") and under any other applicable data protection legislation, including the South African Protection of Personal Information Act, 2013.

Who Are We?

Gnius Limited is registered in Ireland under company number 709824 and offices at 15 Harcourt Street, St. Kevin's, Dublin 2, D02 XY47.

What Does This Privacy Notice Cover?

This Privacy Notice ("Notice") describes the manner in which Gnisu Limited collects, uses, maintains and discloses information from visitors to our website, customers, prospective customers, employees and prospective employees, in situations in which Gnius Limited is a data controller as defined in the GDPR. It also explains your rights under the law relating to your personal data.

Where Gnius Limited is required to comply with additional obligations imposed by other jurisdictions when it processes information which you have provided to it these obligations are set out at the end of this Privacy Notice.

For purposes of this Privacy Notice, the terms "user," "customer," "employees," "you," and "your" are meant to refer to the individuals about whom we may collect personal information, and at times may be used interchangeably within this Notice. The term "Personal data" is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified'.

If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the end of this Privacy Notice.

What Personal Data Do We Collect?

We collect personal data of our employees, potential employees, clients, potential clients, suppliers, business contacts and website users. If the data we collect are not listed in this privacy notice, we will give individuals (when required by law) appropriate notice of which other data will be collected and how it will be used.

Below describes the categories of personal data we collect:

Categories of personal data Purpose
Personal details, contact details and identifiers Personal data is collected on our website through forms you complete including registering to events, downloads and newsletter.

Our website also collects personal data about your website visit including information about your computer through 3rd party cookies (see below).

Gnius Limited may also collect personal details for recruitment/employment purposes, such as national identification number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents and emergency contact information.

We may also collect this information when working on projects for our clients.
Education history, professional information, sensitive data and immigration documents for recruitment Gnius Limited may collect information about your portfolio, education and professional employment history. Information that you submit in CVs, letters, writing samples, or other written materials (including photographs). Information generated by interviewers and recruiters related to you including any assessments. We may also collect certain type of sensitive information such as background checks, medical information and legal documents such as data on citizenship, passport data, residency, work permits where permitted or required by law or with your consent.
Financial information for payroll, benefits or customer invoicing We may collect your banking details and other relevant financial details for payroll purposes or in order to conduct business with you.

3rd party Cookies

In order to improve your experience of our website, we use Cookies to track your interactions with our public facing website. Cookies are small text files that are automatically placed on your computer or mobile device by some websites that you may visit.

When you use our website for the first time, a message will appear asking for your consent to the use of Cookies, with a link to further details about the types of Cookies used, as well as a link to our full Cookies Policy. You may choose to consent to the use of all Cookies, or you may specify which types of Cookies may be deployed.

What Is Our Legal Basis For Processing?

Under the GDPR, we must always have a lawful basis for using your personal data. The following describes how we will use your personal data and our lawful bases for doing so:

For the purpose of marketing communication and interactions on our website, including when you request information from us, sign up to newsletters, complete web forms or surveys Based on consent given by the data subject
For the purpose of promoting our products and services to you in general Based on consent given by the data subject or our legitimate interests to communicate with our customers
For the purpose of managing our contractual obligations we have with you Necessary for the performance of a contract
For the purpose of operating and managing our business operations On the basis of our legitimate interests for ensuring the proper functioning of our business operations
Managing our contractual obligations as an employer including performing any administrative functions (e.g. expenses, benefits) Necessary for the performance of a contract
Performing any legally required reporting and to respond to legal process related to employment or business operations Necessary for the compliance with a legal obligation to which we are subject
Manage applications from prospective employees Based on your consent
Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use) On the basis of our legitimate interests of avoiding non-compliance and protecting our reputation.

Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms.

Gnius Limited does not knowingly collect personal information from children under the age of 16. We do not provide services to children, nor do we market to children.

Processing personal data for Marketing

With your permission and/or where permitted by law, we will use your personal data for marketing purposes, which may include contacting you by email AND/OR telephone with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation, and you will always have the opportunity to opt-out.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose.

The bulk of the personal data we collect and use for marketing purposes relates to individuals employed by our clients and other companies we work with. We may also obtain contact information from public sources, including content made public on social media sites, to make an initial contact with a relevant individual.

Like most companies, Gnius Limited has customer relationship management (CRM) database to manage and track our relationship with customers. Personal data used for this purpose includes contact data, publicly available information such as social media posts, your responses to targeted mailing, web activity of registered users. If you wish to be excluded from our CRM databases please contact us.

Do We Share Your Personal Data?

We may sometimes share your data with a third party to supply services on our behalf. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights.

We may share personal data with third parties that provide services to us such as billing/ payment processing, HR, web publishing, marketing services, customer support, email processing, communication interfaces, web/application hosting and CRM services.

We are careful only to share the information that is necessary for the purposes described. Any third party who receives this information is bound by a contract with Gnius Limited setting out their obligation in relation to your data as required per Article 28 of the GDPR.

We may also be required to disclose data to third parties who are not data processors acting on our behalf of Gnius Limited. Categories of recipients include:

  • Tax authorities (e.g. Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection, or prosecution of criminal offences)

Gnius Limited takes strong measures to help protect your data from inappropriate access or use by unauthorized persons. We take all necessary steps to ensure that your data will be given adequate protection as required under the GDPR and Gnius Limited's own internal policies.

International Transfers

Gnius Limited will, from time to time, make use of services provided by 3rd parties which may make the transfer of personal data outside the EU/EEA necessary. For example, we use a variety of cloud-based tools such as Bamboo HR, Skype, Office365, and similar.

Unless stated otherwise, transfers of personal data from within the European Economic Area (EEA) to third parties outside the EEA are based on an adequacy decision or are governed by the standard contractual clauses (SCC). Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

How Long Will We Keep Your Personal Data?

We will retain your personal data only for as long as necessary for the purposes outlined above related services provided to you, to comply with our legal obligations, resolve disputes, and enforce our agreements.

We maintain specific records management and retention policies and procedures, so that personal data is deleted according to the following retention key criteria:

  • As long as we have an ongoing and active relationship with you (in particular, if you have a contract with us).
  • As long as we have your consent keeping you informed.
  • As long as it is needed in order to comply with our global legal and contractual obligations.

How Do We Keep Your Data Secure?

We are committed to ensuring that your information is secure with us and with any third parties who may act on our behalf.

All staff working for Gnius Limited have a legal duty to keep information about you confidential and all staff are aware of our information security policy. We take a number of important measures defined in our security policies, including the following:

  • limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality
  • procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Data Protection Commission's Office when we are legally required to do so
  • training for staff in data protection policies and procedures

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
  2. The right to access the personal data we hold about you.
  3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
  5. The right to restrict (i.e. prevent) the processing of your personal data.
  6. The right to object to us using your personal data for a particular purpose or purposes.
  7. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  8. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided below.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of Data Protection Commission.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of your personal data and for a copy of it (where any such personal data is held). This is known as a "subject access request".

All subject access requests should be made in writing and sent to the email or postal addresses shown below.

There is normally no charge for a subject access request. If your request is ‘manifestly unfounded or excessive' (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details: privacy@gnius.com

International Transfers

Gnius Limited may, from time to time, make use of services provided by 3rd parties which may make the transfer of personal data outside of South Africa necessary. For example, we use a variety of cloud-based tools such as Skype, Office365, and similar.

The transfer of personal information to a country outside of South Africa shall take place only if one or more of the following applies:

  • the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that:
    1. effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal data relating to a data subject who is a natural person and, where applicable, a juristic person; and
    2. includes provisions, that are substantially similar to the requirements set out in POPIA, relating to the further transfer of personal data from the recipient to third parties who are in a foreign country;
  • you consent to the transfer;
  • the transfer is necessary for the performance of a contract between you and Gnius Limited, or for the implementation of pre-contractual measures taken in response to the data subject's request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between Gnius Limited and a third party; or
  • the transfer is for your benefit, and:
    1. it is not reasonably practicable to obtain your consent to that transfer; and
    2. if it were reasonably practicable to obtain such consent, you would be likely to give it.

For the purpose of International Transfers:

  • "binding corporate rules'' means personal information processing policies, within a group of undertakings, which are adhered to by a responsible party or operator within that group of undertakings when transferring personal information to a responsible party or operator within that same group of undertakings in a foreign country; and
  • "group of undertakings'' means a controlling undertaking and its controlled undertakings.

What Are My Rights?

Under POPIA, you have the following rights, which we undertake to uphold and which include the right to:

  1. request access to and the right to rectify (or correct) the information which has been collected about you;
  2. object to the processing of your personal data if you have reasonable grounds for believing that such processing:
    1. does not protect your legitimate interests;
    2. is not necessary for the proper performance of a public law duty by a public body, if applicable;
    3. is not necessary for pursuing the legitimate interests of Gnius Limited or of a third party to whom the information is supplied; or
    4. is being used for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications; and
  3. lodge a complaint to the Information Regulator at inforeg@justice.gov.za if you believe that your information is not being processed in accordance with applicable laws.

Application of the above rights may vary depending on the type of data involved, and Gnius Limited's particular basis for processing the personal data.

How Can I Access My Personal Data?

To make a request to exercise one of the above rights set out in (a) and (b) above, please contact privacy@gnius.com

We will consider and act upon any requests in accordance with applicable data protection laws. Please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal data that we hold about you. We may, in limited circumstances, charge you a reasonable fee to access your personal data; however, we will advise you of any fee in advance.

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time, but note that we do not require your consent in order to process your information for our legitimate business interest. Please note however that this will not affect the lawfulness of the processing before its withdrawal.