top of page

Privacy Policy

The GTAC LIMITED General Business Principles and Code of Conduct express our commitment to conduct our business in accordance with high ethical standards and in accordance with applicable laws and GTAC LIMITED policies, including with respect to the protection of Personal Data. These Privacy Rules explain how GTAC LIMITED will protect the personal data of current, former and future GTAC LIMITED employees, individuals who are engaged or employed by customers, suppliers, and business partners, investors as well as any other individuals whose personal data is Processed by GTAC LIMITED in the course of its activities.
 

Article 1. Scope

1.1 Scope

These Privacy Rules apply to the Processing of Personal Data by GTAC LIMITED.
 

These Privacy Rules address the global Processing of Personal Data by GTAC LIMITED with respect to (a) Customers, Suppliers, Business Partners, and other individuals in the context of GTAC LIMITED’s activities (“Individual” and “Individual Data,” respectively) and (b) Employees in the context of their employment relationship with GTAC LIMITED, unless and to the extent such Employee is a customer of GTAC LIMITED (“Employee” and “Employee Data,” respectively). Such Individuals and Employees will collectively be referred to as “Persons.”
 

Please refer to the following index:
Article 2: Purposes for Processing Personal Data
Article 3: Quantity and Quality of Personal Data
Article 4: Personal Data Requirements
Article 5: Rights of Persons
Article 6: Overriding Interests
Article 7: Security and Confidentiality Requirements
Article 8: Data Transfers to Third Parties or Internal Processors
Article 9: Accountability
Article 10: Complaints and Enforcement of Rights
Article 11: Notification Duties to DPAs
Article 12: Adoption and Modification of these Privacy Rules
 

These Privacy Rules provide supplemental rights and remedies to Persons only. Nothing in these Privacy Rules will be construed to take away any rights or remedies that Persons may have under applicable local law.
 

1.2 Electronic and Paper-Based Processing

These Privacy Rules apply to the Processing of Personal Data by electronic means and in systematically accessible paper-based filing systems.
 

Article 2. Purposes for Processing Personal Data

2.1 Purposes for Processing Personal Data

GTAC LIMITED may Process a Person’s Personal Data for one or more of the following business purposes (Business Purposes):

  • Business process execution, internal management, and management reporting. This purpose addresses activities such as scheduling work, recording time, managing company and Employee assets (including the IT systems and infrastructure), risk management, conducting (internal) audits and investigations, finance and accounting, implementing business and IT security controls, provision of central processing facilities for efficiency purposes, management reporting and analysis, and managing and using Employee directories; managing mergers, acquisitions, and divestitures; Archive and insurance purposes; legal or business consulting; and preventing, preparing for, or engaging in dispute resolution;
     

  • Health, safety, security, and integrity. This purpose includes safeguarding the security and integrity of the business sector in which GTAC LIMITED operates. It also involves screening and monitoring Persons before and during employment or engagements, fraud detection and prevention, protection of GTAC LIMITED and Employee assets, and authentication of status and access rights;
     

  • Compliance with law. This includes disclosing Personal Data to government institutions and supervisory authorities for tax, anti-money laundering, anti-terrorism, and other purposes necessary for legal compliance;
     

  • Protecting vital interests. This applies in health, safety, and security situations to protect Persons' vital interests.
     

Individual Data Purposes:

  • Assessment and acceptance of Customers and execution of agreements. This includes conducting due diligence, assessing credit status, and screening against government lists.
     

  • Development and improvement of products/services. This includes analyzing customer feedback to develop or improve GTAC LIMITED products and services.
     

  • Customer services. This addresses customer support, product maintenance, and related services.
     

2.2 Secondary Purposes for Processing Personal Data

GTAC LIMITED may Process Personal Data for closely related Secondary Purposes, such as internal audits, IT lifecycle management, dispute resolution, or fraud prevention.
 

2.3 Processing Sensitive Data

GTAC LIMITED shall Process Sensitive Data only where permissible by local law and as necessary for the applicable Business Purpose, such as racial data for workplace diversity programs or health data for health benefits administration.
 

Article 3. Quantity and Quality of Personal Data

GTAC LIMITED shall Process only as much Personal Data as is necessary for its Business Purposes, retaining it for as long as needed, and ensuring its accuracy and completeness. Outdated or irrelevant data will be deleted, de-identified, or archived.
 

Article 4. Information Requirements

GTAC LIMITED will inform Persons about their data being processed, the purposes for Processing, their rights under these Privacy Rules, and the responsible GTAC LIMITED entity. Further, additional details will be provided regarding third-party data sharing and storage periods.
 

Article 5. Rights of Persons

Persons have the right to request access to their Personal Data processed by GTAC LIMITED, correct inaccuracies, request deletion, object to Processing, and restrict Processing under certain circumstances. They may also file complaints if they feel their rights are violated.
 

Article 6. Overriding Interests

GTAC LIMITED may override obligations to Persons' rights if there are pressing business interests, such as ensuring the safety of Employees or protecting GTAC LIMITED’s intellectual property. This must be consulted with the Chief Privacy Officer beforehand.
 

Article 7. Security and Confidentiality Requirements

GTAC LIMITED shall implement reasonable security measures to protect Personal Data. Only authorized GTAC LIMITED Staff will have access to this data, and any data breaches will be documented and managed in compliance with applicable laws.
 

Article 8. Data Transfers to Third Parties

GTAC LIMITED may transfer Personal Data to third-party Controllers or Processors under contractual safeguards. GTAC LIMITED will ensure that all data transfers comply with applicable local laws and Data Protection Law.
 

Article 9. Accountability

GTAC LIMITED International coordinates and implements these Privacy Rules. The Chief Privacy Officer is responsible for overseeing compliance and reporting on data protection issues. Regular audits will be conducted, and violations will be reported and addressed.
 

Article 10. Complaints and Enforcement of Rights

Persons may file complaints if they believe GTAC LIMITED has violated their data protection rights. Complaints will be handled by the Privacy Office, and Persons can escalate matters to authorities or courts if dissatisfied with GTAC LIMITED’s response.
 

Article 11. Conflicts and Notification Duties to DPAs

In cases where local laws conflict with these Privacy Rules, the Chief Privacy Officer must be consulted to resolve the conflict. GTAC LIMITED will inform relevant Data Protection Authorities (DPAs) if local law impacts data protection offered by these Privacy Rules.
 

Article 12. Adoption and Modification of these Privacy Rules

These Privacy Rules were adopted by the Chief Privacy Officer of GTAC LIMITED and became effective on the specified date. Any amendments will be communicated as necessary, and changes will apply immediately upon approval.

 

bottom of page