01. Our Privacy Statement

Protecting your data is of utmost importance to Skylight Consulting Inc. (“the Company”) and its affiliates within the European Economic Area (EEA)(collectively referred to as the “SKYLIGHT Group”). This Privacy Policy is intended to explain how entities within the Company Group, acting as data controllers, collect and process the personal data you provide or disclose to us. We also act as data controllers when processing personal data received or obtained through third parties. Our processing of this personal data complies with the relevant EU and Member State regulations on data protection, particularly the General Data Protection Regulation No. 2016/679 (GDPR).
This GDPR privacy policy, in addition to the “Skylight Group Privacy Policy,” specifically outlines our policies regarding the EU General Data Protection Regulations.

We encourage you to read this Privacy Policy carefully. If you do not wish for us to use your data as outlined in this Privacy Policy, please refrain from providing us with your data. Please note that in such cases, we may be unable to provide you with certain services, you may not have access to some features of the website, and your overall customer experience may be affected.

02. How Do We Use Your Personal Data?

We always process your personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). Additionally, we always process sensitive personal data, such as information regarding your trade union membership, religious beliefs, or health status, following the special provisions outlined in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the following purposes, which are necessary for pursuing our legitimate interests and providing you with appropriate services and products:

• Ensuring that our website content is presented most effectively for you.

• Notifying you about changes to our service(s).

• Managing your customer account.

• Offering you to our products and services.

• Informing you about our policies and terms.

• Promoting safety and security by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies.

• Providing, improving, and developing our products, services, and advertising.

• Using personal information for purposes such as data analysis, research, and audits.

• Ensuring business continuity.

Additionally, subject to obtaining your express prior consent, we may also collect and process your personal data for the following purposes:

• Providing you with information that we believe may be of interest to you.

• Allowing you to participate in interactive features of our services, if you choose to do so.

• Managing your subscription to the newsletter.

• Sharing your personal information with third-party partners who may send you marketing communications about their products and services.

• Conducting business analysis.

Please note that you are entitled to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before withdrawal.

We will process your data for these specified, explicit, and legitimate purposes and will not further process the data in a manner incompatible with these purposes. If we intend to process personal data originally collected for one purpose for other objectives or purposes, we will ensure that you are informed of this. We will retain your personal data for as long as necessary to comply with our legal obligations, ensure adequate service provision, and support our business activities (Article 5 and 25(2) GDPR).

03. What Types of Personal Data Do We Use?

• For the purposes outlined in this Privacy Policy, we may collect the following categories of personal data:

  • Name, Surname

  • Title

  • Home Address

  • Identification number (e.g., customer number)

  • Location data

  • Email address (personal/professional)

  • Telephone number (personal/professional)

  • Employer

  • Online identifiers (IP address/cookie identifiers)

  • Credit card/bank account information

  • Recorded customer phone calls

  • Recorded Video Conferences

  • Record of employee performance assessment

  • Recruitment information (e.g., CV, certificates, marital status, date of birth, reference letters)

We may obtain such personal data directly from you when you choose to communicate such data to us (e.g., by filling out forms displayed on the website) or indirectly when such personal data is provided to us by your electronic communication terminal equipment or internet browser. We ensure that the personal data processed is adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

04. How Do We Share Your Personal Data?

We may share your personal data with entities within the Our affiliated companies and with third parties following the GDPR. When sharing your data with a data processor, we will establish the appropriate legal framework to cover such transfer and processing (Articles 26, 28, and 29 GDPR). Furthermore, when sharing your data with entities outside the EEA, we will establish appropriate legal frameworks, including controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, to cover such transfers (Articles 44 ff. GDPR).

• Strategic Partners

  Subject to your prior consent, your personal data may be transferred to, stored, and further processed by strategic partners who collaborate with us to provide our products and services or assist us in marketing to customers. Your personal data will only be shared by us with partners to provide or improve our products, services, and advertising.

• Service Providers

  We may share your personal data with companies that provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys.

• Corporate Affiliates and Corporate Business Transactions

  We may share your personal data with all Company affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.

• Legal Compliance and Security

  We may be required by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence to disclose your personal data. We may also disclose your personal data if we determine that disclosure is necessary or appropriate due to reasons of national security, law enforcement, or other matters of public importance.
  
  We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

• Data Transfers

  Such disclosures may involve transferring your personal data out of the European Union to countries such as Japan, Vietnam, Kenya, Brazil, and the United States of America. These countries may change due to changes in the business environment.
  
  Such transfers may occur for purposes such as employee performance evaluation, processing of salaries and reimbursement expenses, and contracts with business partners. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, particularly by entering into standard contract clauses as defined by European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC, and 2010/87/EU.

05. Our Records of Data Processes

We handle records of all processing of personal data following the obligations established by the GDPR (Article 30), whether we act as a controller or a processor. In these records, we include all the necessary information to comply with the GDPR and cooperate with supervisory authorities as required (Article 31 GDPR).

06. Security Measures

We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. We implement appropriate technical or organizational measures to achieve this level of protection (Article 25(1) and 32 GDPR).

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

07. Notification of Data Breaches to Competent Supervisory Authorities

In the event of a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed, we have mechanisms and policies in place to promptly identify and assess it. Based on our assessment, we will make the necessary notifications to supervisory authorities and communicate with affected data subjects, which may include you (Articles 33 and 34 GDPR).

08. Processing Likely to Result in High Risk to Your Rights and Freedoms

We have mechanisms and policies to identify data processing activities that may result in a high risk to your rights and freedoms (Article 35 GDPR). If we identify any such data processing activity, we will assess it internally and either stop it, ensure compliance with the GDPR, or implement appropriate technical and organizational safeguards to proceed with it.

If there is any doubt, we will contact the competent Data Protection Supervisory Authority to obtain advice and recommendations (Article 36 GDPR).

09. Your Rights

• You have the following rights regarding personal data collected and processed by us.

  • Information about your data processing: You have the right to obtain all necessary information regarding our data processing activities concerning you (Articles 13 and 14 GDPR).

  • Access to personal data: You have the right to confirm whether personal data concerning you is being processed, and if so, access the personal data and certain related information (Article 15 GDPR).

  • Rectification or erasure of personal data: You have the right to rectify inaccurate personal data concerning you without undue delay and complete any incomplete personal data (Article 16 GDPR). You may also have the right to erase personal data concerning you without undue delay under certain legal conditions (Article 17 GDPR).

  • Restriction of processing of personal data: You may have the right to restrict the processing of personal data concerning you under certain legal conditions (Article 18 GDPR).

  • Objection to the processing of personal data: You may have the right to object to the processing of personal data concerning you based on certain grounds at any time (Article 21 GDPR).

  • Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and transmit that data to another controller without hindrance from us, under certain conditions (Article 20 GDPR).

  • Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making, including profiling, based on personal data processing, under certain conditions (Article 22 GDPR).

If you wish to exercise these rights, please refer to the contact section.
If you are dissatisfied with our handling of any request or have complaints about how we process your personal data, you may complain to a Data Protection Supervisory Authority.

10. Children

We do not knowingly collect and process information about children under the age of sixteen (16) without the permission and consent of their parent(s). If we discover that we have collected and processed personal data of a child under sixteen (16), or the equivalent minimum age according to the relevant jurisdiction, we will take steps to delete the information promptly. If you become aware that a child under sixteen (16) has provided us with personal data directly, please contact us immediately using the contact address specified in this Privacy Policy.

11. Links to Other Sites

We may include hypertext links from the website where this policy is published to third-party websites or internet sources. We do not control and cannot be held responsible for the privacy practices and content of third parties. Please carefully read their privacy policies to understand how they collect and process your personal data.

12. Updates to Privacy Policy

We may revise or update this Privacy Policy as needed. Changes become effective upon posting of the revised Privacy Policy. If we make significant changes, we will notify you through the Website and seek your consent where necessary.

For any questions or requests regarding this Privacy Policy, please use the contact form provided.