Online Privacy Statement
The SGS Group is committed to the responsible handling and protection of your personal data.
We have created this statement to provide you with clear and understandable information regarding our privacy practices when you are accessing or using our website (www.sgs.com or its local equivalents) so that you can make informed choices about the use of your personal data by SGS.
When accessing other services or applications through our website, please read the specific privacy conditions which may apply to them.
SGS reserves the right to update this statement from time to time by publishing a new version online. This statement was last updated in May 2018.
When this statement refers to SGS, it means SGS as the controller of your data, namely the SGS Affiliates with which you had, have or will have a business relationship or that otherwise decides which of your data is collected and how it is used, as well as SGS SA (Registration number CHE-105.923.438 Switzerland). You may obtain a list of SGS Affiliates by visiting the Office Directory.
For residents of California, the United States Data Privacy and CCPA Notice is part of the SGS Online Privacy Statement.
SGS collects personal data that you provide to us directly when you request information about our services; subscribe to our website services, email notifications and/or newsletters; make an enquiry through our different enquiry forms and helplines such as our Integrity Helpline; or carry out a transaction or place an order through our website. This may include:
- Identification and contact data such as name, surname, job title, phone number, email, address and country
- Financial and transactional data such as credit card details
- Any information that you voluntarily share with us such as feedback, opinions or information provided via any of our helplines
SGS also collects personal data automatically when you visit our website. This may include:
- Device information such as IP address, referring website, SGS pages your device visited and the time that your device visited our website
- Internet log information and details, collected through our third parties such as Google Analytics, that does not specifically identify you
SGS will use your personal data for the following different purposes:
- To improve our website with the objective of ensuring that content is presented in the most effective manner for you and for your device
- To send email and communicate with you via email regarding our services and events which may be of interest to you if this is in accordance with your marketing preferences
- To analyze your use of our website for trend monitoring and promotional purposes
- To respond to enquiries and comments and provide you with support via communication channels, such as customer or contact center support
- To keep our website safe and secure and comply with our legal requirements and obligations
- To perform or finalize any transaction or order which you have placed on SGS Group websites
- To set up and manage your user account
- To share it with SGS Group companies so that they may offer you their products or services
- For any other new purpose for which we notify you before collecting any personal data
SGS shares and transfers your personal data as described here and only in accordance with all privacy practices and local privacy requirements. We may occasionally share non-personal, anonymized and statistical data with third parties for our own business purposes.
The following are the parties with whom we may share personal information and why:
- To other SGS Group companies and those companies in which SGS owns more than 50% where it is necessary to meet the purpose for which you have submitted your personal data and in particular if necessary for the provision of services, account administration, sales, marketing and support. We take steps to ensure that SGS Affiliates, including the ones located outside the EEA, follow our global data protection policy, this privacy statement and applicable local law when handling personal data.
- Occasionally to third party contractors and providers which perform certain functions on behalf of SGS, such as picking up and delivering samples, fulfilling inspection orders, sending email, removing repetitive information from client lists, analyzing data and processing credit card payments, direct marketing services, and cloud hosting services. These parties only have access to such information as necessary to perform their functions and may not use it for any purpose other than to provide services to us.
- For any reason if, in SGS's sole discretion, SGS believes it is reasonable to do so, including to satisfy any laws, regulations, or governmental or legal requests for such information; in the event of a merger, sale, restructure, acquisition, joint venture or assignment to disclose information that is necessary to identify, contact or bring legal action against someone who may be violating our Business Principles values or other terms and conditions; or to otherwise protect the SGS Group of companies.
SGS will retain your personal data for the period of time that is necessary to fulfill the original purposes for which it has been collected. Please keep in mind that in certain cases a longer retention period may be required or permitted by law or to allow SGS to pursue its business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute.
The criteria used to determine our retention periods include:
- How long is the data needed to provide you with our products or services or to operate our business?
- Do you have an account with us? In this case, we will keep your data while your account is active or for as long as needed to provide the services to you
- Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation
SGS follows strict security procedures in the storage and disclosure of information which you have given us in order to prevent unauthorized access, loss or destruction of your personal data. These may include:
- Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing your personal data
- Technology safeguards, like the use of anti-virus and endpoint protection software, and monitoring of our systems and data centers to ensure that they comply with our security policies
- Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect your personal data
SGS does not seek to collect sensitive personal data (also known as special categories of data). If we do so we will always collect the data in accordance with local data privacy requirements. If you choose to provide us with unsolicited sensitive personal data, you will be asked to consent to our processing of such data on a case-by-case basis by using a specific express consent form.
SGS does not knowingly collect or solicit personal data from anyone under the age of 16. If you are aged under 16, please speak to your parent/guardian to get their permission before you provide any personal information to SGS because without this consent, you are not allowed to provide us with your personal data. If we learn that we have collected data from a person aged under 16, we reserve the right to delete such data with no prior notification or consent.
We are committed to ensuring that you can exercise your right of access and you can control your data.
If you have registered for an account on www.sgs.com and/or its local equivalents, you may directly and autonomously access your online profile and other personal details and update, amend, if legally possible, add or delete the data about yourself by logging into the applicable website or service with your account credentials.
Otherwise, and in accordance with our internal procedures, we will respond to the following requests as described below. All requests shall be addressed via our online privacy request form or by contacting us in writing as described in the section “contact us”:
- Access to personal information: you have the right to request what personal data we hold about you subject to our right to identity verification. If you request a copy of your data, we may charge you a fee, except where this is not permissible under local law.
- Correction and deletion: in some jurisdictions, including the EU (according to data protection laws for data subjects in the EU), you have the right to correct or amend your personal data if it is inaccurate or needs to be updated. You may also have the right to request the deletion of your personal information, however this may not be always possible due to legal requirements and other obligations to keep such data. If we are asked to delete your data, we may keep some minimal information about you to be able to demonstrate that we have fulfilled our obligations.
- Filing a complaint: Any complaints about our adherence to the practices described in this Statement shall be addressed as described here. In some jurisdictions, including according to data protection laws in the EU for complaints issued from subjects in the EU, you have the right to lodge a formal complaint with a data protection authority.
- Marketing preferences: SGS may send you regular marketing communications about our services, via different channels such as email, phone, SMS, postal mailings and third-party social networks, in accordance with relevant marketing laws. When required by applicable law, we will obtain your consent before starting these activities.
In order to provide you with the best personalized experience, these communications may be tailored to your preferences by using our subscription center. Our targeted emails contain email messages which use web beacons, cookies and similar technologies to allow us to know whether you open, read or delete the message and which links you open. When you open a link in a marketing email you receive from SGS, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered or signed into our site.
In addition, you can exercise your right to prevent marketing communications to you by opting out of emails we send to you. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again. Please note that even if you opt out from receiving marketing communications, you might still receive administrative communications from us, such as technical updates for our products or services, order confirmations, notifications about your account activities, and other important notices.