This Policy sets out how Gulf Project Solutions and our affiliated companies (together, “GPS” (or “we”) handles your personal data. GPS is the data controller or data processor for your personal data, depending on certain circumstances. Where the processing of personal data is undertaken by our affiliated companies, they are joint controllers with GPS for your personal data. Where the processing of personal data is done by third parties, government agencies, or other entities, they become the data processors.
This Policy applies to any visitor to our online assets; user of our Portal, beneficiary of our Services; individuals who contact us or with whom we communicated via phone, email, or otherwise; and Customers, natural or legal persons.
To EU Residents: Gulf Project Solutions processes your personal data in accordance with the laws of the countries in which we operate or international agreements in which the countries in which we operate are part of. However, we take reasonable steps to adhere to the EU data protection legislation, including national or international legislation implementing the EU Data Protection Directive (until superseded), the Privacy in Electronic Communications (“ePrivacy”) Directive (EU), and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as amended or superseded.
1. “Your personal information” vs. Other Information.
Our Services relate to providing business and immigration support, vehicles and apartments leasing, commercial real estate, procurement services, project management, business consultancy, translation and other services. GPS is a data processor of your personal data, and will only process personal data on behalf, and under the instructions, of our clients (the data controllers) or where otherwise required by applicable laws.
Sensitive Data. We have no control over whether Sensitive Data is submitted to us by you or your foreign representative. However, we do not intentionally collect - and will not request - Sensitive Data, unless mandated by processes involved in provisioning our services. Submitting sensitive data to us is considered your acceptance for us to store, handle and process it. If a GPS employee discovers that we have received Sensitive Data, the employee will inform a designated contact within our company who will assess the processing of such data. “Sensitive Data” means personal data that discloses an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal proceedings, biometrics, and data concerning health.
2. Other Information We Collect About You.
We collect personal data about you directly from you, from others (e.g., your representative), and when you use our Services. If the personal data we process is needed to comply with law, or to enter into or perform an agreement with you, we will inform you accordingly at the time of such data collection. If we cannot collect this data, we may be unable to on-board you as a customer or provide services to you.
Information We May Collect Directly from You.
For providing our Services You or your representative may need to provide us billing and payment information, projects in which you undertake activities, including full name, company name, billing/shipping address, and other unclassified information. If you do not provide us with this information, we may be unable to provide some services to you.
When Attending Events organized by GPS. We may collect or otherwise receive personal data such as your name, address, phone number, and email when you register for or attend an event where GPS is a sponsor or participant.
In Online Submissions. We collect information through interactive features of our Sites - e.g., when you submit online forms; participate in surveys, promotions, or polls; join online chat discussions; request customer support; request for maintenance assistance; request for quotes, proposals or teaming agreements; respond to “Contact Us” invites; or submit testimonials; or other instances. Personal data gathered may include contact information (full name, phone number, email, etc.), employment details (company name/size, job title, etc.), information about services we may have provided to you in the past, and any other information you choose to share.
In Other Communications. You or your representative may share information in communications with us relating to the Services, including during phone calls (and call recordings), webinars, conference calls, chats, or over email. Personal data gathered may include contact information, employment details, past performance, and any other information you choose to share. Please only provide us personal data that we need in order to respond to your request.
Information We Collect From Your Representative. If you or your representative use the Services through a corporate agreement (GSA, CSA, or other types of agreement)s, your representative will provide GPS your email address and other personal data needed to provide our services. You or your representative may choose to share additional information about you including, but not limited to: passport, birth certificate, driver’s license, marriage certificate, education diploma, bank account certificate, blood group certificate, employment history and/or other employment details (e.g., job title).
Information We Collect From Third Parties.
When Purchasing Services. A third-party intermediary is used to manage payment processing. It is not permitted to store, retain, or use your billing information for any purpose except for payment processing on our behalf.
From Your Third Party Accounts. You or your representative may choose to allow our Sites or Portal to access information from accounts you have with other providers:
Single Sign-On. You or your representative may be able to log into the Sites using third-party provided, single sign-on services such as Google OpenID, Skype, and Microsoft Single Sign-On. If these services are used to authenticate your identity, you will be asked to share certain personal data with us, such as your name, email address, and other information as indicated when you authenticate your log-in; we may also request or allow you to share other information, such as your image, from these accounts.
Our Sites may provide access via connectors and integrations (“Integrations”) to your third party accounts such as Facebook. Integrations can be used to pull and/or push information in and out of the Portal, and to enable the applicable third party to receive notifications, such as updates, from the Portal. We encourage you to carefully read the privacy statement of any third party you authorize to receive information from the Platform.
Third Party Sources. Subject to applicable regulations, we may gather information about you and/or your representative from lead-sharing tools including LinkedIn Lead Generation, as well as public information - including internet searches relating to you or your company - in order to better serve you and to provide relevant asi sistance and marketing.
Information We Collect Automatically.
Your Personal Data
Our clients (you or your representative) are responsible for ensuring that your personal data is collected, handled and submitted to us in compliance with applicable laws. As a processor, we handle personal data as directed by our clients (the controllers), pursuant to our relevant service agreements. We use the personal data we collect under this Policy in furtherance of our legitimate business interests, which include:
- Provision of Services: To provide and operate our Services, fulfill your orders and requests, process payments, and for similar purposes.
- General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
- Personalization: To tailor content communicated to you, to offer customization and personalized information and to otherwise personalize your experience when using providing our services.
- Customer Support: To communicate with you about our services provided to you or your representative; respond to your communications, requests, complaints and inquiries; provide support; and for other customer service and support purposes.
- Marketing and Promotions: For direct marketing and promotional purposes. For example, we may use contact information such as your email address to send you newsletters, special offers or promotions, or to otherwise contact you about our products or information we think may interest you. As explained above, we do not use Content for direct marketing purposes. If you are in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you did not opt-out to receive them. You or your representative may opt out of receiving marketing emails by following the opt-out instructions in the email or emailing email@example.com. We may still email customer service and transaction-related communications, even if you have opted out of receiving marketing communications.
- Advertising: To assist in advertising the Services on third party websites.
- Comply with the law or legal proceedings; for example, we may disclose personal data in response to lawful requests by public authorities in Host Nation, including responding to national security or law enforcement disclosure requirements.
- Analytics and Improvement: To better understand how users access and use our online assets and for other research and analytical purposes, such as to evaluate and improve our services and to develop additional products, services, and features. While we may collect and analyze usage details (e.g., storage size used, access logs, etc.) related to your information, we do not actually access your personal data for these purposes.
- Investigate, prevent, or act against suspected abuse, fraud, or violation of our policies and terms.
- Provide news and alerts
Purpose of Processing /Legitimate Business Interests (see above)
Legal Bases of Processing (EU Users)*
Provision of Services
Marketing and Promotions
Analytics and Improvement
Protect Rights and Prevent Misuse
Comply with Legal Obligation
General Business Operations
*For the personal data from the EU that we process, this column describes the relevant legal bases for such processing under GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights, and requirements under the privacy laws of non-EU jurisdictions.
** For the personal data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Marketing to EU data subjects is done only if consented by not opting-out from our mailing lists.
How We Share Information
We will not sell information about you to a third party or allow a third party to use the information we provide for its own marketing purposes. We may share information about you with your consent, at your request, or as follows:
Corporate Users (your representative and our employees)
GPS is a data processor with respect to your personal data and certain information we receive in order to provide services to your representative, as a corporate customer. This means:
(a) the corporate authorized POC controls the information and determines how it may be used, and
(b) we will process this information only under the written instructions of your authorized corporate POC or where otherwise required by applicable laws.
So, if our services are provided under a corporate agreement, your personal data and other information associated with you (e.g., who has accessed, shared, amended, created, edited, or deleted your data) may be disclosed your company or its corporate authorized POC / authorized personnel defined by the services agreement.
To Other Users of our Services
In Testimonials. With your consent, we may publish testimonials you share with us, which could contain personal data such as your full name and other information you choose to share. If you wish to update or remove your testimonial, please notify us at firstname.lastname@example.org
Through the Use of Community Features. Our Sites may include interactive features, including forums, online communities, bulletin boards and publicly accessible blogs (“Community Features”). You should be aware that any information that you post in a Community Feature might be read, collected, and used by others who access it. To request removal of your personal data from a Community Feature, contact us at email@example.com. We will make commercially reasonable efforts to remove your personal data from our Sites, and will let you know if we are unable to do so and why.
To Our Service Providers.
We may share information about you with third-party vendors, Host Nation government agencies, consultants and other service providers (data processors) who are working on our behalf or providing services to us. We obtain reasonable appropriate contractual protections to limit these service providers’ use and disclosure of any information about you that we share with them.
We and our partners use certain third parties for some of the infrastructure used to host data, provide internet, online storage, including cloud service providers.
We use third-party service providers and government agencies to process your personal data to assist us in business and technical operations. GPS may have data processing agreements with such service providers, nonetheless, we ensure that their use of and access to personal data is limited to specific purposes. Third parties may provide services relating to: storing information, billing, customer support, internet and connectivity, marketing (direct mail, email, lead generation), security, user experience.
Subcontractors: Independent Contractors .
We may employ the assistance of independent contractors to work on specific projects. We train these independent contractors on applicable policies and they are required to adhere to substantially the same data security practices as are GPS employees.
As Required by Law .
We release information about you if we believe we must do so to comply with the law, bankruptcy proceeding, or similar legal processes.
To Protect Rights .
We may disclose information about you, such as your name, contact information, to enforce our agreements with you or to protect the rights and safety of GPS, our clients, our partners, and the general public, or as evidence in litigation in which we are involved.
In a Business Transaction.
If GPS is involved in a merger, acquisition, or sale of all or a portion of its assets/shares, your information may be transferred to the acquiring entity as part of the transaction and may also be reviewed as part of the due diligence review for the transaction. For example, we may need to provide a list of all customers and services histories.
Aggregate and Anonymized Information.
We may share aggregate or anonymized information about clients with third parties for marketing, advertising, research, or similar purposes. For example, if we display advertisements on behalf of a third party, we may share aggregate demographic information with that third party about the users to whom we displayed the advertisements.
In order to make our services, sites, portal as user-friendly as possible, we and our cloud service providers – like many other companies – use “cookies”.
Cookies. A cookie is a small text file that is stored in your web browser that allows us or a third party to recognize you. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first-party cookies,” while cookies placed by other companies are sometimes called “third-party cookies.”
Types of Cookies.
- Essential Cookies. These are first-party cookies that are sometimes called “strictly necessary” as without them we cannot provide much of the functionality that you need on the Services. For example, essential cookies help remember your preferences as you move around the Services.
- Analytics Cookies. These cookies track information about how the Services are being used so that we can make improvements and report our performance. They collect information about how visitors use the Services, which site the user came from, the number of each user’s visits, and how long a user stays on the Services. We might also use analytics cookies to test new pages or features to see how users react to them. Analytics cookies may either be first party cookies or third party cookies.
- Preference Cookies. These cookies are also sometimes called “functionality cookies.” During your visit to the Services, cookies are used to remember information you have entered or choices you make (such as your username, language, or region) on the Services. They also store your preferences when using the Services, for example, your preferred language. These preferences are remembered, through the use of persistent cookies, and the next time you visit the Services you will not have to set them again.
- Targeting or Advertising Cookies. These third-party cookies are placed by third party advertising platforms or networks in order to deliver ads, track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” “tracking” or “targeted” advertising). More information about how cookies are used for advertising purposes is explained below in Behavioral Targeting and Remarketing.
- How to Disable Cookies. The “help” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our sites and platform may not function.
To learn more about how to control cookie settings through your browser:
- Click here to learn more about the “Private Browsing” setting and managing cookie settings in Firefox.
- Click here to learn more about “Incognito” and managing cookie settings in Chrome.
- Click here to learn more about “InPrivate” and managing cookie settings in Internet Explorer.
- Click here to learn more about “Private Browsing” and managing cookie settings in Safari.
Clear GIFs. Clear GIFs (a.k.a. web beacons or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, clear GIFs are embedded invisibly on web pages, and are not stored on your hard drive. We or our partners may use clear GIFs to track the activities of Site visitors and users of our Portal, to help us manage services, and to compile statistics about usage. We and our partners’ third party service providers also might use clear GIFs in HTML e-mails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Custom Audiences. We may share your email address or other information with our advertising partners to assist us in reaching you with more relevant ads outside of the Sites; they are not permitted to use this information for their own or third party marketing purposes. If you’d like to opt out of this, please email firstname.lastname@example.org
Opting Out of Ad Networks. If you wish to not have this cross-site information used for the purpose of serving you targeted ads, You or your representative may opt-out of many ad networks by clicking here (or if located in the European Union, click here ). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites. Please note, however, that these opt-out mechanisms are cookie based; so, if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to www.aboutads.info .
Do Not Track. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our and our partner systems do not recognize browser “do-not-track” requests. In the meantime, you can use the “help” portion of the toolbar on most browsers to learn how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable cookies, be aware that some features of our online assets may not function.
Your Choices and Rights
Closing Your Portal Account.
If you own an account and wish to close your account on our COPD portal on Smartsheet, you or your representative may do so by logging in and using the Account Administration settings. If personal information or any other type of information was shared through our portal with other individuals, such content or information may continue to be accessible to such users.
Personal data. Requests to access, delete, or modify personal information or if you wish to request access to personal data to delete, modify, or limit use, will be directed to the email@example.com.
Marketing Choices. Customers can always opt out of being contacted by us or by our partners for marketing or promotional purposes by following the opt-out instructions located in the e-mails received, by changing the account privacy settings, or by emailing us at firstname.lastname@example.org. Please note that if you opt out of marketing communications, we will continue to send you services and transactional-related communications, such as service announcements and administrative messages.
Users in the European Economic Area.
Individuals in the EEA have the following rights with respect to their personal data:
- Access. You can ask us to confirm whether we are processing your personal data; give you a copy of that data; and provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Rectification . You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it. A written notification is required to establish rectification.
- Erasure . You or your representative (as allowed by Law and services agreement) can ask us to erase your personal data, but only where it is no longer needed for the purposes for which it was collected; you or your representative have withdrawn consent (where the data processing is based on consent); following a successful right to object (see 'Objection' below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation, mandated by laws in countries in which we operate or for the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request. A written notification is required to establish erasure.
- Restriction . You can ask us to restrict (i.e., keep but not use) your personal data, but only where its accuracy is contested (see 'Rectification' above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person. A written notification is required to establish restrictions.
- Objection . You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes. A written notification is required to establish objections.
- Portability . You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format. A written notification is required to establish portability.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided. A written notification is required to withdraw consent.
We keep your personal data for as long reasonable necessary for the purposes set out above. Except as noted below, we will retain your personal data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention and other business administrative purposes); generally, where we no longer have a legitimate business purpose to retain it, we will anonymize or delete such personal data within 180 days after the services agreement with you or your company has ceased. However, we will maintain your personal information longer where required for tax or accounting purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal data for longer than five years following the last date of services agreement or communication with you. Legitimate business purposes that we may rely on to keep your personal data when you are not a customer include: direct marketing (where you have not opted-out) for up to five years, facilitating the restoration or establishment of a service in the future, maintaining GPS’ business intelligence systems for analytics and other internal purposes, etc. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
How We Protect Your Information
We have acquired external services and implemented technical, physical, and administrative safeguards to protect your information. However, no company, including GPS, can guarantee the absolute security of Internet communications. If you have any questions about how we secure your information, please refer or contact us email@example.com.
Our Sites may contain publicly accessible blogs and community forums. Be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your information; if that happens, we will let you know why.
Linked Sites; Third-Party Widgets
Links to Other Websites. Our online assets and partners’ sites include links to other websites with privacy practices that may differ from ours or our partners’. Any information you submit to a website not belonging to GPS or our partners or affiliates is governed by that site’s privacy statements, not this one. We encourage you to carefully read the privacy statement of any website you visit.
Plugins and Social Media Widgets. Our Sites may include social media features and widgets (collectively “Widgets”), such as a "share this" button or other interactive mini-programs that run on our online sites and portals. Widgets can be used to provide you specific services from other companies (e.g., displaying the news, opinions, music, etc.). Personal data, such as your email address, may be collected through the Widgets. Cookies may also be set by the Widgets to enable them to function properly. Widgets displayed on our Sites are not hosted by GPS or our partners and are subject to the privacy policies of the third party company providing the Widget, and not this Policy.
Children’s Personal Data
Our Services are not directed toward children and we do not encourage children to participate in providing us with any personally identifiable information. We do not knowingly collect any personal data from children under the age of 16. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal data through our online assets. If you have reason to believe that a child under the age of 16, without a parent or guardian's consent has provided personal data to us any means, please contact us at email@example.com and we will use commercially reasonable efforts to delete that information.
International Transfers and Privacy Shield Notice
International Transfer of Data . We are based in the Gulf Cooperation Council area (“Gulf Region”, Middle East”) and the information we collect is governed by laws in which our companies or affiliates are established. The information we collect may be transferred to, used from, and stored in the GCC or other jurisdictions in which GPS, our affiliates, business partners, or service providers are located; these jurisdictions (including the United States) may not guarantee the same level of protection of personal data as the jurisdictions in which you reside. By using our online assets and purchasing our services, you acknowledge and agree to any such transfer of information outside of the jurisdiction in which you reside.
U.S.-EU Privacy Shield and U.S-Swiss Privacy Shield Certifications . GPS does due diligence and uses CSP services which comply with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”). We will endeavor to comply with the Privacy Shield Principles with respect to the personal data we receive in our United States data centers and in the countries in which we operate, from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield at https://www.privacyshield.gov/ . Our Cloud Service Providers’ commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Law Enforcement Requests . In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Onward Transfers . Third parties who process personal data on our behalf must agree to use such personal data only for the purpose for which it is provided by us and they must contractually agree to provide adequate protections for personal data.
Changes to this Policy
We may update this Policy to reflect changes to our privacy practices without notice. If you are our customer and we make any material changes that affect the way we treat information that we have previously collected from you, we will endeavor to notify you by email or other commercially available means prior to the change becoming effective. We encourage you to periodically review this Policy for the latest information on our privacy practices.
How to Contact Us/Dispute Resolution
If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above, please reach out to us using the contact information below:
- Legal Affairs Manager and can be contacted at firstname.lastname@example.org
If you remain dissatisfied, you have the right to reach out directly to the Data Protection Authority in your jurisdiction. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the Data Protection Authority at any time.
English Version Controls
Non-English translations of this Policy may be provided for convenience only. In the event of any ambiguity or conflict between translations, the English version prevails.