Social Accountability International (SAI) is an international non-profit organization with its headquarters in New York, NY. SAI is the legal entity which houses Social Accountability Accreditation Services (SAAS). SAAS is the current Scheme Manager for the IRIS Certification program which is owned by the International Organization on Migration.
SAAS is committed to protecting your personal data. The purpose of this Policy is to ensure SAAS’s compliance with the EU’s General Data Protection Regulation and other relevant data protection legislation.
The Data we Collect
We collect and store personal information that is provided to us over the telephone, by email, or through online application by individuals/organizations who either contact us for information or pursue IRIS Certification. We also collect information via the donations link on our website and through personal interaction with individuals.
We may collect the following information about you:
- Company you work for and job title/job responsibility
- Work and mobile telephone number, geographic address of work location, email address
- Information about donations that you may have made to us
- Any request that you may have made not to receive marketing communications from us.
Our Legal Basis for Using The Data That We Collect
The processing of stored, personal data is necessary for the legitimate interests pursued by SAAS in the management of the IRIS Certification program to certify labor recruiters against the IRIS Standard. Processing of the stored data for communication, audit, and financial purposes allows SAAS to charge and collect agreed application fees, carry out commercial transactions, move forward IRIS Certification processes, and keep associated companies abreast of relevant developments. It also facilitates SAI’s mission to improve the lives of workers.
Limits on Our Use of Your Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- When it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
- When we need to perform a contract we have entered into with you; and
- When we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to such marketing communications at any time.
We share your personal data within the SAI’s group, with IRIS Audit Companies, and with IOM. This may involve transferring your data outside the European Economic Area (EEA). To ensure that your personal data is protected when transferred outside the EEA, a data transfer agreement will be put in place between SAAS and IRIS Audit Companies, and IOM addressing the EU’s standard contractual clauses.
Whenever we transfer your personal data to external third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by or consistent with the requirements of the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Your rights regarding your personal data
In addition to your rights under applicable data protection legislation and where we are permitted or required by applicable law and regulation and by our professional obligations, we will provide you, upon request, with a copy of your personal data and we will correct any errors identified by you. Except as set forth above, we will not use your data for any automated decision making or any profiling and you have the right to restrict our processing of your personal data as well as the right to lodge a complaint with supervisory authorities regarding the processing of your personal data. We will also comply with your request to stop sending you marketing materials such as our organization’s newsletters. All such requests, should be addressed to us in writing, providing your full name and email address.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You can block cookies by activating the setting on your browser. You should still be able to access our entire website.