A. This Privacy Notice Getac Technology
Corporation and its subsidiaries (Getac)
is committed to safeguarding the privacy
of personal and sensitive personal data
and is bound to comply with the UK Data
Protection Act 2018 and EU General Data
Protection Regulation (GDPR), along with
similar and applicable laws in other
countries around the world. This Privacy
Notice forms part of Getac’s obligation
to be open and fair with all individuals
whose personal and sensitive personal
data Getac processes and to provide
details around how it processes such
personal data and what it does with it.
Getac processes the personal data of its
customers and partners such as names,
contact details and email addresses,
amongst other things. Processing of this
data implies collecting, storing, using,
disclosing or disposing of individuals’
personal data. Individuals’ of existing
or prospective customers and partners
who leverage Getac’s solutions and
services, or use the Getac website, may
be provided with further privacy notices
which may be contained in a separate
supplemental notice. These additional
privacy notices shall supplement this
Privacy Notice. This Privacy Notice
relates to the processing of personal
data by Getac. Unless otherwise stated,
all references to “we” or “our” shall
imply all Getac lines of business that
process personal or sensitive personal
data. This Privacy Notice is addressed
to individuals outside our organisation
with whom we interact, including
consumers and visitors to our websites
(together, “you”). Defined terms used in
this Privacy Notice are explained in
Section (Q) below. For the purposes of
this Privacy Notice, Getac is the Data
Controller. Contact details are provided
in Section (N) below. This Privacy
Notice may be amended or updated from
time to time to reflect changes in our
practices with respect to the Processing
of Personal Data, or changes in
applicable law. We encourage you to read
this Privacy Notice carefully, and to
regularly check this page to review any
changes we might make in accordance with
the terms of this Privacy Notice. None
of the lists, or examples provided in
this Privacy Notice, are intended to be
exhaustive or fully representative of
every individual. Scope The scope of
this Privacy Notice covers customers
(existing and prospective) and partners
(existing and prospective) personal data
in respect of the following:
• Collecting Personal Data
• Processing Personal Data
• Using Personal Data
• Disclosing Personal Data
• International Data Transfers
• Data Accuracy
• Data Minimisation
• Retaining Personal Data
• Securing Personal Data
• Data Subject Rights
• Cookies
• Contact Details
• Complaints B. Collecting your Personal
Data We may collect Personal Data about
you, such as your name, address and
contact details. Examples of sources
from which we may collect Personal Data
include the following: • Personal Data
you provide to us (e.g. where you
contact us via email or telephone, or by
any other means).
• Personal Data you provide to us in the
ordinary course of our relationship with
you (e.g., if you purchase a product or
service from us).
• Personal Data that you manifestly
choose to make public, including via
social media where you choose to make
your profile publicly visible.
• Personal Data that we receive from
third parties (e.g., partners, credit
reference agencies; law enforcement
authorities; etc.).
• Personal Data that we obtain from you
when you visit any Getac website (a
“Site”) or use any features or resources
available on or through a Site. When you
visit a Site, your device and browser
will automatically disclose certain
information
(such as device type, operating system,
browser type, browser settings, IP
address, language settings, dates and
times of connecting to a Site and other
technical communications information).
We may also create Personal Data about
you, such as records of your
interactions with us, and details of
your purchase history to cover:
• Personal details: given name(s);
preferred name; gender; date of birth /
age; nationality; and photograph.
• Contact details: shipping address;
telephone number; email address; and
social media profile details.
• Payment details: billing address; bank
account number or credit card number;
cardholder or accountholder name; card
or account security details; card ‘valid
from’ date; card expiry date.
• Views and opinions: any views and
opinions that you choose to send to us,
or publicly post about us on social
media platforms. C. Processing your
Personal Data We may use the following
as the Lawful basis for Processing your
Personal Data:
• you have given us your prior express
consent to the Processing which is only
used in relation to Processing that is
entirely voluntary; • the Processing is
necessary in connection with any
contract that you may enter into with
us;
• the Processing is required by
applicable law; or
• we have a legitimate interest in
carrying out the Processing for the
purpose of managing, operating or
promoting our business, and if that
legitimate interest is not overridden by
your interests, fundamental rights, or
freedoms. D. Using your Personal Data We
may use your Personal Data for:
• Operating and managing our Sites:
providing content to you; displaying
advertising and other information to
you; and communicating and interacting
with you via our Sites.
• Provision of products and services to
you: providing our Sites and other
services to you; providing you with
products that you have purchased;
providing you with promotional items at
your request; and communicating with you
in relation to those products and
services.
• Marketing communications:
communicating with you via any means
(including via email, telephone, text
message, social media, post or in
person) news items and other information
in which you may be interested, subject
to ensuring that such communications are
provided to you in compliance with
applicable law.
• Communications and IT operations:
management of our communications
systems; operation of IT security; and
IT security audits.
• Health and safety: health and safety
assessments and record keeping; and
compliance with related legal
obligations.
• Financial management: sales; finance;
corporate audit; and vendor
management.
• Surveys: engaging with you for the
purposes of obtaining your views on our
products and services.
• Improving our products and services:
identifying issues with existing
products and services; planning
improvements to existing products and
services; creating new products and
services. E. Disclosing Personal Data We
may disclose your Personal Data to other
entities within the Getac group
(including providing services to you and
operating our Sites). In addition, we
may disclose your Personal Data to:
• legal and regulatory authorities, upon
request, or for the purposes of
reporting any actual or suspected breach
of applicable law or regulation;
• accountants, auditors, lawyers and
other outside professional advisors to
Getac, subject to binding contractual
obligations of confidentiality;
• third party Processors (such as
payment services providers; shipping
companies; etc.), located anywhere in
the world, subject to the requirements
noted below in this Section (E);
• any relevant party, law enforcement
agency or court, to the extent necessary
for the establishment, exercise or
defence of legal rights;
• any relevant party for the purposes of
prevention, investigation, detection or
prosecution of criminal offences or the
execution of criminal penalties,
including the safeguarding against and
the prevention of threats to public
security;
• any relevant third party acquirer(s),
in the event that we sell or transfer
all or any relevant portion of our
business or assets (including in the
event of a reorganization, dissolution
or liquidation); and
• Third party provider of social media
platforms that are available on our
Sites using third party plugins or
content (e.g., LinkedIn, YouTube and
Facebook).
Where we engage a third-party Processor
to Process your Personal Data, the
Processor will be subject to binding
contractual obligations to: (i) only
Process the Personal Data in accordance
with our prior written instructions; and
(ii) use measures to protect the
confidentiality and security of the
Personal Data; together with any
additional requirements under applicable
law. F. International transfer of
Personal Data Because of the
international nature of our business, we
may need to transfer your Personal Data
within the Getac group, and to third
parties as noted in Section (D) above,
in connection with the purposes set out
in this Privacy Notice. For this reason,
we may transfer your Personal Data to
other countries that may have different
laws and data protection compliance
requirements to those that apply in the
country in which you are located. This
includes transferring, processing and
storing Personal Data outside of the
European Economic Area (EEA). Where we
transfer your Personal Data to other
countries, we do so on the basis of
Standard Contractual Clauses. You may
request a copy of our Standard
Contractual Clauses using the contact
details provided in Section (N) below.
As part of providing our services to
You, we use third party data processors
outside of the EEA as outlined
below:
• Salesforce.com for customer, partner
and contact management which is based in
the USA.
• FedEx Corporation for equipment
delivery and service support which is
based in the USA.
• The Rocket Science Group (trading as
Mailchimp) for marketing campaigns which
is based in the USA.
• PayPal Inc. for payment of services
which is based in the USA.
• Zift Solutions (formerly Relayware)
for partner portal which is based in the
USA.
• Amazon Web Services, Inc. for cloud
service which is based in the USA.
• Microsoft Corporation (Microsoft
Azure) for cloud service which is based
in the USA. For further information on
the third party data processors outside
of the EEA and to obtain copies of our
data protection agreement with them,
please contact us by using the contact
details provided in Section (N), below.
G. Data Accuracy We take every
reasonable step to ensure that:
• your Personal Data are accurate and
kept up to date with changes that you
notify us with; and
• we erase or rectify any Personal Data
that you notify us is inaccurate. From
time to time we may ask you to confirm
the accuracy of your Personal Data. H.
Data Minimisation We take every
reasonable step to ensure that your
Personal Data that we Process are
limited to the Personal Data reasonably
required in connection with the purposes
set out in this Privacy Notice. I. Data
Retention The criteria for determining
the duration for which we will keep your
Personal data are as follows:
• we will retain copies of your Personal
Data in a form that permits
identification only for as long as is
necessary in connection with the
purposes for which we use it;
• applicable law requires a longer
retention period. In particular, we may
retain your Personal Data for the
duration of any period necessary to
establish, exercise or defend any legal
rights. J.
Securing Personal Data Where Getac acts
as the controller of Personal Data, it
will ensure that necessary and adequate
safeguards are in place to prevent
unauthorised access, loss, misuse or
alteration of your Personal Data. We
store all personal information on secure
servers with relevant access and
firewall controls. Any Personal Data
sent to us, either in writing or email,
may be insecure in transit and we cannot
guarantee its delivery. Passwords must
be kept confidential and not disclosed
to a third party. Getac does not ask you
for your password. K. Data Subject
Rights Subject to applicable law based
upon your nationality (e.g. EU Citizen)
and domicile, you may have a number of
rights regarding the Processing of your
Personal Data, including:
• the right to request access to, or
copies of, your Personal Data that we
Process or control;
• the right to request rectification of
any inaccuracies in your Personal Data
that we Process or control;
• erasure of your Personal Data that we
Process or control; or
• restriction of Processing of your
Personal Data that we Process or
control;
• the right to object, on legitimate
grounds, to the Processing of your
Personal Data by us or on our
behalf;
• the right to have your Personal Data
that we Process or control transferred
to another Controller, to the extent
applicable;
• where we Process your Personal Data on
the basis of your consent, the right to
withdraw that consent; and
• the right to lodge complaints with a
Data Protection Authority regarding the
Processing of your Personal Data by us
or on our behalf.
This does not affect your statutory
rights. To exercise one or more of these
rights, or to ask a question about these
rights or any other provision of this
Privacy Notice, or about our Processing
of your Personal Data, please use the
contact details provided in Section (N)
below. L. Cookies A cookie is a small
file that is placed on your device when
you visit a website (including our
Sites). It records information about
your device, your browser and, in some
cases, your preferences and browsing
habits. We may Process your Personal
Data through cookie technology, in
accordance with our Cookie Policy. For
further information on how we use
Cookies please see our Cookie Policy. M.
Terms of Use All use of our Sites is
subject to our Terms of Use. N. Contact
details If you have any comments,
questions or concerns about any of the
information in this Privacy Notice, or
any other issues relating to the
Processing of Personal Data by Getac,
please contact: Legal Affairs Center,
5F., Building A, No. 209, Sec. 1,
Nangang Rd., Nangang Dist., Taipei City,
11568, Taiwan, R.O.C. Attn:Data
Protection Manager Email:
dpm.LAC@getac.com.tw Telephone: +886
(0)2 2785 7888 O. Data Protection
Registration We are registered as a data
controller with the UK Information
Commissioner’s Office and our data
protection registration number is
ZA467078. P. Complaints If you are a
European Citizen and feel your rights
have not been respected, or do not feel
a situation was resolved satisfactorily,
you have the right to raise a complaint
with your local Supervisory Authority.
The contacts details of the Supervisory
Authorities with whom Getac has Data
Protection registrations are: The UK
Information Commissioner (United
Kingdom). You can contact them as
follows: – Web:
https://ico.org.uk/concerns/ Telephone:
+44 (0)303 123 1113 In Writing:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow
Cheshire SK9 5AF Q. Definitions ‘Data
Controller’ means the entity that
decides how and why Personal Data is
Processed. In many jurisdictions, the
Controller has primary responsibility
for complying with applicable data
protection laws. ‘Data Protection
Authority’ means an independent public
authority that is legally tasked with
overseeing compliance with applicable
data protection laws. ‘Personal Data’
means information that is about any
individual, or from which any individual
is identifiable. Examples of Personal
Data that we may Process are provided in
Section (B) above. ‘Process’,
‘Processing’ or ‘Processed’ means
anything that is done with any Personal
Data, whether or not by automated means,
such as collection, recording,
organisation, structuring, storage,
adaptation or alteration, retrieval,
consultation, use, disclosure by
transmission, dissemination or otherwise
making available, alignment or
combination, restriction, erasure or
destruction. ‘Data Processor’ means any
person or entity that Processes Personal
Data on behalf of the Controller (other
than employees of the Controller).
