CORLYTICS is dedicated to protecting the confidentiality and privacy of information entrusted to it. As part of this obligation, CORLYTICS is committed to the protection of personal information that has been collected online.
Generally, our intent is to collect only the minimum required level of personal information from licensed platform users and online visitors so that we can offer information and/or services to those individuals or offer information about employment opportunities. Please review this Privacy Statement to learn more about how CORLYTICS collect, use, share and protect the personal information provided to us via our Client Platform (https://app.corlytics.com/login), Website (www.corlytics.com), and RED App (https://www.corlytics.com/corlytics-red/).
Personal data will be collected, used, and disclosed by CORLYTICS in accordance with the requirements and prohibitions of applicable laws and regulations.
GDPR AND THE LAWFUL BASIS FOR PROCESSING USER’S DATA.
When CORLYTICS processes user’s personal information, CORLYTICS are required to have a legal basis for doing so. There are various legal bases on which CORLYTICS may rely, depending on what personal information is processed and why.
The legal bases CORLYTICS may rely on include:
- To Perform a Contract: where the processing is necessary for the performance of contractual obligations and services.
- Consent: where users have given clear consent for to process their personal information for a specific purpose.
- Legitimate Interest: where use of user’s personal information is for legitimate business purpose or to support a legitimate interest such as administering user accounts, login credentials and providing users with information on products and services.
Under the General Data Protection Regulation (GDPR) users have rights in relation to their personal information and personal data. These rights include:
- Right of Access: Users have the right to request a copy of their personal data.
- Right of Rectification: Users have the right to correct their data if it is inaccurate or incomplete without undue delay.
- Right of Erasure (Right to be Forgotten): In certain circumstances users can ask for their data to be erased, e.g., where it is no longer necessary for CORLYTICS to hold a user’s personal data for the administration of their account.
- Right to Restriction: In certain circumstances users have the right to restrict processing e.g., where the accuracy of their data is contested or in other circumstances proscribed by law.
- Right of Portability: Users have the right to have their data transferred to them in a structured, commonly used, and machine-readable format.
- Right to Object: Users have the right to object to certain types of processing such as direct marketing and automated processing, including profiling.
The above rights are not absolute and may be limited where it is necessary to protect competing rights and the rights of others. CORLYTICS reserves the right, where permitted by law, to verify a user’s identity.
WHAT KIND OF PERSONAL INFORMATION DOES CORLYTICS COLLECT?
In the course of our business, CORLYTICS may collect personal data about users from the following sources:
- From applications or other forms of communication CORLYTICS receive from users;
- From CORLYTICS Website;
- From Client organisations when they arrange user licenses and access to our products and services.
The personal information provided to CORLYTICS by licensed users consists of:
- Email Address
HOW DOES CORLYTICS USE THE PERSONAL DATA COLLECTED?
CORLYTICS uses the data collected to assist in providing products and services to users, to provide users with information about those products and services and for other legitimate business purposes.
The personal information required for access to CORLYTICS web applications includes:
- A users Name is required in order to provide support to user and so CORLYTICS can distinguish between users.
- A users Email Address us used to uniquely identify users in our web applications. It is also required to enable users to receive emails, notification, reports, and alerts from our web applications.
- A Password is required to secure each user’s account. After a user’s first successful login, CORLYTICS has no knowledge of each user’s password. It is stored using non-reversible encryption.
HOW DOES CORLYTICS SAFEGUARD THE PERSONAL DATA COLLECTED?
CORLYTICS maintains electronic and procedural safeguards designed to protect user’s personal data from unauthorised access or intrusion. These measures include encryption, user access security measures and information security controls. All CORLYTICS employees and contractors receive annual training regarding CORLYTICS privacy and information security policies and procedures.
WHO HAS ACCESS TO THE PERSONAL INFORMATION CORLYTICS COLLECT?
CORLYTICS limits access to personal information to those employees, contractors, business partners or agents who require such access in connection with providing products or services to users or for other legitimate business purposes.
WHERE DOES CORLYTICS STORE THE PERSONAL INFORMATION COLLECTED?
CORLYTICS securely stores all client personal information in an encrypted cloud-based data centre geographically located in Dublin, Ireland.
INTERNATIONAL DATA TRANSFERS
CORLYTICS may need to store and process user’s personal data in a non-European Economic Area (EEA) country where CORLYTICS have operations. CORLYTICS may be required to send personal data to recipients in countries other than the country in which it is collected. Where these non-EEA countries have different data protection laws, CORLYTICS will take measures to ensure users personal data remains protected.
CORLYTICS will ask for a user’s permission (Consent) to place cookies or other similar technologies on user’s devices, except where they are essential for CORLYTICS to provide users with a service that they have requested.
For more information, you can find CORLYTICS Cookies Policy at www.corlytics.com/cookie-policy/
PRIVACY NOTICE UPDATES
This Privacy Notice is subject to change. Please review this notice periodically. All changes are effective from the date of publication.
CORLYTICS SUPPLEMENTAL PRIVACY STATEMENT FOR CONTENT DISTRIBUTED BY CORLYTICS
This supplemental Privacy Statement governs external, third party content (informational content) republished and distributed via CORLYTICS Client Platform (https://app.corlytics.com/login), and RED App (https://www.corlytics.com/corlytics-red/)
WHY DOES CORLYTICS PUBLISH INFORMATIONAL CONTENT?
CORLYTICS republishes publicly available content sourced from external third parties such as Financial Regulators, Prudential Regulators, Central Banks, Fining Authorities, and Industry Bodies. For each notice republished CORLYTICS acknowledges the original source, URL, and associated copyright of each notice and original source. CORLYTICS also curates and produces summarised analysis of these notices.
These sources publish regulatory enforcement notices levied against firms and private individuals which may include personal information on private individuals. CORLYTICS republishes and distributes these regulatory enforcement notices as informational content via the Corlytics Platform and RED App. This informational content provides the basis for Corlytics Regulatory Risk products and services.
HOW DOES CORLYTICS OBTAIN INFORMATIONAL CONTENT AND WHAT TYPES OF INFORMATIONAL CONTENT ARE PUBLISHED?
CORLYTICS obtains informational content (i) under license from the original source, (ii) with authorisation from the original source, or (iii) where the content is publicly available or in the public domain.
Where informational content is sourced from regulatory enforcement notices against private individuals the following personal information may be included in the original source publication: (i) name, (ii) occupation/qualifications, (iii) employer/employment history, (iv) job title/function (v) period of misconduct/disciplinary history, (vi) Jurisdiction/Regulator that brought the enforcement action against an individual, (vii) monetary penalty imposed, and (viii) non-monetary penalty imposed.
WHAT IF A PRIVATE INDIVIDUAL WISHES TO CORRECT OR REMOVE PERSONAL INFORMATION CONTAINED IN CORLYTICS INFORMATIONAL CONTENT?
CORLYTICS is not the original publisher or source of the informational content. CORLYTICS is not obliged to change or delete the substance of the original content, as it relates to personal information, unless requested to do so under a verified request from the original source or publisher of the regulatory enforcement action.
Should a private individual wish to correct or remove their personal information they should contact the original source or publisher of the regulatory enforcement action.