Assure Consulting is strongly committed to protecting personal data. This privacy statement explains what information we gather about you, what we use that information for and to whom we give that information. It also sets out your rights in relation to your information and who you can contact for more information or queries.
Assure Consulting, Bahrain (“Assure”, “we” or “us”), is dedicated to protecting the confidentiality and privacy of information entrusted to us. As part of this obligation, Assure is committed to the appropriate protection and use of personal information (sometimes referred to as “personal data”) that has been collected online. We comply with Bahrain’s Personal Data Protection Law No. 30 of 2018.
Please read this privacy statement (“Privacy Statement”) to learn about how we collect, use, share and protect the personal information that we have obtained.
What personal data do we collect?
We log your Internet Protocol (IP) address in order to receive and send information from and to you over the internet. When you visit our website, make an enquiry, order publications or request more information, you may be asked to provide some personal data such as your name, address, telephone number and e-mail address.
How do we collect personal data?
Directly. We obtain personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us their business card, complete our online forms, subscribe to our newsletters and preference center, register for webinars, attend meetings or events we host, visit our offices or apply for open roles. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including recruitment services and our clients. We may attach personal data to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
Public sources: Personal data may be obtained from public registers (such as Companies House), news articles, sanctions lists, and Internet searches.
Social and professional networking sites: If you register or login to our website using social media (e.g., LinkedIn, Google) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
Business clients: Our business clients may engage us to perform professional services which involve sharing personal data they control as part of that engagement. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility and pension services. Our services may also include processing personal data under our clients’ control on our hosted software applications, which may be governed by different privacy terms and policies.
Recruitment services: We may obtain personal data about candidates from an employment agency, and other parties including former employers, and credit reference agencies.
We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorized persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Your legal rights in relation to personal data
You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right to:
Obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data
The right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed
The right to delete your personal data in the following cases:
the personal data is no longer necessary in relation to the purposes for which they were collected and processed;
our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;
our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;
you object to processing for direct marketing purposes;
your personal data has been unlawfully processed; or
your personal data must be erased to comply with a legal obligation to which we are subject.
The right to restrict personal data processing in the following cases:
for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;
your personal data have been unlawfully processed and you request restriction of processing instead of deletion;
your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or
for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
The right to object to the processing of your personal data in the following cases:
our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or
our processing is for direct marketing purposes.
The right to data portability
The right to receive your personal data provided by you to us and the right to send the data to another organization (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
The right to withdraw consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).
If you consider that the processing of your personal data infringes the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.
Changes to this privacy statement
This privacy statement was last updated on 2nd February 2023
We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.