Our legal grounds for processing your personal data
Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:
our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving professional services from us as part of running their organisation (provided these do not interfere with your rights);
our legitimate interests in developing and improving our businesses, services and offerings and in developing new DRC technologies and offerings (provided these do not interfere with your rights);
to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain way);
to perform our obligations under a contractual arrangement with you; or where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose
Transfers of personal data
If we process your personal information, your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.
Where we collect your personal information within the EEA and transfer outside the EEA will be only:
to a recipient located in a country which provides an adequate level of protection for your personal information and/or
under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission.
Third Party Providers
We may transfer or disclose the personal data we collect to third party contractors, subcontractors, and/or their subsidiaries and affiliates. Third parties support DRC in providing its services and help provide, run and manage IT systems. Examples of third party contractors we use are providers of identity management, website hosting and management, data analysis, data backup, security and cloud storage services. The servers powering and facilitating our IT infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.
The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by DRC, and to flow those same obligations down to their sub-processors.
We may also disclose personal information under the following circumstances:
with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business. Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;
when explicitly requested by you;
when required to deliver publications or reference materials requested by you;
when required to facilitate conferences or events hosted by a third party;
to law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation. DRC may also review and use your personal information to determine whether disclosure is required or permitted.