Data Privacy at WHITE HERITAGE
We respect and are committed to safeguarding the confidentiality, data privacy, and security of the information that our customers have entrusted to us, including the confidential information, personally identifiable information, proprietary information, and trade secrets gathered across all of our business operations.
WHITE HERITAGE ’s commitment to data privacy goes beyond the minimum legal and regulatory requirements and strives for best-in-class data protection and privacy management. This commitment is overseen at the executive level by the Chief Privacy Officer who reports to the General Counsel and the Chief Information Security Officer who reports to the Chief Information Officer (with the GC and CIO both reporting directly to the Chief Executive Officer of the company.) The board receives quarterly reports or a read-only report. The Audit Committee agenda includes coverage of data privacy at every Board Meeting.
This privacy notice applies to the personal data collection, use, and disclosure practices of WHITE HERITAGE and its affiliated entities (“ WHITE HERITAGE ”, the “Company”, “we”, “us”, “ours”) pertaining to WHITE HERITAGE websites where this notice is displayed. It also applies to the collection, use and disclosure of information that we collect about our contacts, such as our vendors, clients and those who make enquiries to us. This notice does not apply to our employee personal data or candidate recruiting practices. Please refer to other privacy notices pertaining to those activities. This notice does not cover the privacy practices relating to personal data collected through websites of White Heritages subsidiaries or affiliates who publish their own policies different from this notice.
Where the concept of “controller” and “processor” apply under applicable law, the WHITE HERITAGE entity collecting your personal information through this website is deemed a controller (having discretion about the uses of your personal information). The controller may transfer your personal information to White Heritage affiliates and others as provided in this notice. Those other entities may be deemed joint-controllers or processors depending upon the purposes for which your personal information is disclosed to them.
Privacy Complaints and Inquiries.
The Philippines Ronald Jomocan
Data Protection Officer
European Economic Area Fieldfisher LLP
Data Protection Officer
United Kingdom Fieldfisher LLP
Data Protection Officer
All other countries Chief Privacy Officer
You can also contact us if you have privacy enquiries or concerns through the White Heritage Business Ethics and Compliance Office. To report your inquiries or concerns to the Business Ethics and Compliance Office please contact the WHITE HERITAGE Ethics Helpline.
Collection of Personal Information
You may choose to give us personal information online such as to allow us to communicate with you or provide you with services. Our online forms ask for relevant information, such as name, email, street address, and phone number. If you make a purchase, we may ask for your credit card number and billing information. We may also collect information about your visits to our websites, including your Internet Protocol (IP) address, browser type and language, location information and details of your browsing patterns. This is more fully described under the section entitled “Cookies, Web Beacons and AdChoices” below. We collect this information to determine such things as the number of visitors to various parts of our websites and to personalize your experience on our sites, and tailor our interactions with you.
If you do not want to give personal information to WHITE HERITAGE online, you may communicate with us through the postal addresses or the phone or fax numbers that we also provide on our websites or in this Notice.
This website is not directed toward children under 13 years old. WHITE HERITAGE does not knowingly collect personal information from minors under the age of 13. Where required in accordance with applicable law, WHITE HERITAGE will provide other and further notices, and collect such express consent, as may be deemed appropriate.
Personal information that is submitted in a business capacity may be merged with available business data base directories.
You may choose to give us personal information to allow us to establish and manage our relationship with our customers, service providers, and other partners. This may include information such as your name, email, street address and telephone number. Depending on how we interact with you, you may also provide us with your employment details such as employer and job title, and also financial information such as your bank account details.
In addition, we may correspond with you and that may contain certain personal data that we exchange in the ordinary course of business such as to schedule meetings and calls, or to obtain services from you or your employer.
If you attend one of our events (including online) we may collect certain information from you including your name and contact details. If you attend one of these events as a speaker, we may also use your image or photograph. In addition, for online events, the software we use may automatically collect certain information regarding your use and interaction with the software and the event.
If we ask you to provide any other personal information not described above, then the personal information we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect your personal information.
When we send you marketing communications, the software may automatically collect certain information regarding your interaction with the email.
From time to time, we may receive personal information about you from third party sources (including from your employer and on occasion other suppliers and partners), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
Why Does WHITE HERITAGE Collect Personal Information?
WHITE HERITAGE maintains the information it receives online in strict confidence. Personal information you submit to WHITE HERITAGE is not sold to or shared with third parties, except to our subsidiaries, affiliates, agents, and partners as described in this policy.
WHITE HERITAGE reserves the right to notify you about administrative matters that pertain to your WHITE HERITAGE products or services. We may disclose your personal information as required by law or regulation, in connection with law enforcement, fraud prevention, or other legal action, or if WHITE HERITAGE reasonably believes it is necessary to protect WHITE HERITAGE, our customers, or the public. In the event of a merger or acquisition of one, or more, WHITE HERITAGE affiliates or a substantial portion of its assets, WHITE HERITAGE may disclose, transfer, or sell personal information collected online as needed to assess such transactions and to the surviving or acquiring party, respectively. Personal information collected online will remain subject to promises made in this notice.
In addition to the purposes otherwise discussed in this notice, we use personal information submitted through this site to:
respond to your questions;
provide customer support;
share news, updates, or helpful tips about WHITE HERITAGE products and services;
inform you of special promotions;
sign up for online services;
customize, analyse, and improve our products, services, technologies, communications, and relationships with you;
monitor interaction with, and the success of, any marketing activities or online events;
deliver products and services requested by you;
obtain products and services requested by us;
protect our legal rights to the extent authorized by applicable law;
provide security mechanisms and fraud control measures to the extent authorized by applicable law; and
protect the rights and vital interests of you and other people.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so, for example responding to your queries or providing you with a service you have requested. Note that we may need to retain personal information for longer periods to comply with applicable legal, tax or accounting requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally process personal information about you only:
where we need the personal information to perform a contract with you, for example when you request services from us
where the processing is in our legitimate interests and not overridden by your rights, for example when we respond to your queries, improve our website. provide security mechanisms and fraud control measures or in the context of providing or receiving services or for the purpose of the collaboration or partnership
where we have your consent to do so
where we have a legal obligation to collect personal information from you, for example in relation to financial or tax matters
where, in rare cases, it is necessary to protect the health or wellbeing of another person
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided above.
Communication Preferences, Sharing and User Generated Content
WHITE HERITAGE may send commercial email to you advertising our products and services. You can also subscribe to various product and service-specific communications on our websites. If you receive direct marketing email from WHITE HERITAGE and wish to discontinue these mailings, you may unsubscribe at www.whiteheritage.org/unsubscribe, and/or in any unsubscribe opt-out method provided in the communications.
You may also mail an unsubscribe request to:
Marketing Privacy Preferences
Where allowed by applicable law, the unsubscribe options provided to you may not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, software updates where you are provided with appropriate choice in accordance with applicable law, or other administrative and transactional notices, the primary purpose of which is not promotional in nature. This means that even if you opt-out of receiving direct marketing communications, we may still need to retain some of your personal information necessary to communicate with you on these topics where required for these purposes.
WHITE HERITAGE does not share your personal information obtained through this site for the purpose of third-party direct marketing.
If you are a California resident under the age of 18, and a registered user of any sites where this notice is posted, California Business and Professions Code Section 22581 permits you to request and obtain the removal of content or information you have publicly posted, if the site allows public postings. To make such as request please send an email to the How to Contact Us section for subject access rights requests. To make such a request, please provide a detailed description of the specific content or information for which you seek removal. Please note such a request may not ensure complete or comprehensive removal of the content you may have posted and that there may be circumstances where the law does not require or allow removal even if requested.
Security of Personal Information
WHITE HERITAGE uses technical, organizational, and physical measures designed to protect the integrity, confidentiality, security, and availability of personal information. Among other measures, only authorized personnel of WHITE HERITAGE and of our third-party service providers with a legitimate need to know are provided access to personal data, and these employees and third-party service providers are required to treat this information as confidential where applicable. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data.
If you arrange for services through this website, it may be necessary for us to transfer your personal information to our affiliates or third parties for the purposes of their assisting us with fulfilling the services.
If you are a resident in the European Economic Area, the UK, or another country where similar rights may apply, you may have certain rights such as:
You may have a right to access, correct, update or request deletion of your personal information. If you have such right, you can do so by contacting us using the contact details provided under the “How to contact us” heading above.
In addition, you may be able to object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. You can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading above.
You may have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing communications we send you. To opt-out of marketing generally, please contact us using the contact details provided under the “How to contact us” heading above.
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to request access to your personal data and obtain information on and a copy of that personal data. You may request rectification of that data if it is inaccurate or incomplete.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Data Security Risk Approach
WHITE HERITAGE’s security program is aligned with applicable industry regulatory requirements, including but not limited to NIST, HITRUST, GDPR, HIPAA, ISO, and PCI. The program encompasses information security and cyber operations capabilities that protect WHITE HERITAGE and our clients. It is continuously reviewed and strengthened as necessary to ensure responsiveness to and protection against emerging threats. WHITE HERITAGE maintains a highly qualified workforce and utilizes external experts to support the program. We administer internal education, training, and communication programs to ensure ongoing awareness and vigilance. We maintain and communicate formal documented policies and standards. We monitor and assess the overall operating effectiveness of our program through risk assessments that include identification and remediation of vulnerabilities and threats. We maintain and test our cyber incident response plan, and undertake various independent reviews in conjunction with PCI DSS, external audits, internal audits, and client assurance efforts. Various additional operational protections, controls, and processes exist, including but not limited to malware protection, intrusion prevention, and detection protocols, user access reviews, network segmentation, implementation and maintenance of network and application firewalls, vulnerability scanning, data encryption, penetration testing, and patching.