Booth and Partners Philippines Incorporated
and the GDPR

Introduction

This European Union General Data Protection Regulation (“GDPR”) and Company Privacy Policy (“Policy”) applies to individuals that visit www.boothandpartners.com (“Site”) from the European Economic Area (“EEA”), United Kingdom (“UK”), and Switzerland and describes how Booth and Partners, Inc. and its subsidiaries (“Booth and Partners” or “We” or “Us”) collects, uses, and discloses information that relates to an identified or identifiable individual located in the European Economic Area (EEA), United Kingdom, or Switzerland (the “Personal Data”) through our website at www.boothandpartners.com (“Site”). This Policy supplements the Company Privacy Policy located at https://www.boothandpartners.com/privacy-policy/, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as in the Company Privacy Policy.

Booth and Partners is committed to our customers’ success, including compliance with the GDPR. The GDPR will require a closer partnership between Booth and Partners and our customers in their use of our services and products. Booth and Partners has closely analyzed the requirements of the GDPR, and has made enhancements to our services, products, documentation, and contracts to support our own compliance with the GDPR. In addition, Booth and Partners is dedicated to assisting our customers with their GDPR compliance efforts.

For European Citizens and Residents Only

If you are a European citizen or resident in the European Economic Area (“EEA”), or other regions with laws governing data collection and use that may differ from the laws in the Philippines, please note that we may transfer your information to a country or jurisdiction that does not have the same data protection laws as your jurisdiction. It may also be process your information by staff operating outside the EEA who works for us or for one of service providers. If required by applicable law, we will seek your explicit consent to process your Personal Information collected on our Website or volunteered by you.

The following provisions apply to you if you are a European citizen or resident. All processing of your Personal Information is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the “Directive”), and the implementations of the Directive in local legislation. As of May 25, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”), and our processing will take place in accordance with the GDPR. For purposes of the GDPR, we will be the “data controller” of Personal Information (referred to in the GDPR as “personal data”, and which is defined differently than in this Privacy Policy) we collect through the Website, unless we collect such information on behalf of a “data controller” in which case we will be a “data processor.” This Privacy Policy does not apply to websites, applications or services that do not display or link to this Privacy Policy or that display or link to a different privacy policy. For EU residents, to the extent any definition in this Privacy Policy conflicts with a definition under the GDPR, the GDPR definition shall control.

Your Data Rights under GDPR

Your rights under GDPR include the following:

• The right to access – Upon request, we will confirm any processing of your Personal Information and, and provide you with a copy of that Personal Information in an acceptable machine-readable format. To submit your request, please send an email to dpo@boothandpartners.com.
• The right to rectification – You have the right to have us correct any inaccurate Personal Information or to have us complete any incomplete Personal Information.
• The right to erasure – You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion).
• The right to restrict processing – You have the right to ask us to suppress the processing of your Personal Information but we may still store your Personal Information. See below for more information.
• The right to object to processing – You have the right to object to your Personal Information used in the following manners: (a) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (b) direct marketing (including profiling); and, (c) processing for purposes of scientific/historical research and statistics. See below for more information.
• The right to data portability – You have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform fulfillment of member benefits with you. We will give you your Personal Information in a structured, commonly used and machine-readable format.
• The right to complaint to a supervisory authority – You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Information relating to you infringes upon your rights.
• The right to withdraw consent – We rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.

Data Transfers

We are headquartered in the Philippines. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the EEA or Switzerland, we provide adequate protection for the transfer of Personal Information to countries outside of the EEA or Switzerland through a series of intercompany agreements based on the Standard Contractual Clauses. We may also need to transfer your information to other group companies or service providers in countries outside the EEA. This may happen if our servers or suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.
If you are a resident of country other than the United States, you acknowledge and consent to our collecting, transmitting, and storing your Personal Information out of the country in which you reside.

European Representative

We have appointed a European representative to act on our behalf regarding our compliance with the EU General Data Protection Regulation. If you are based in the EEA, you may contact our European representative regarding data protection matters relevant to you. Details for our European representative are as follows:

Our EU GDPR Representative
Rickert Rechtsanwaltsgesellschaft mbH
– Booth and Partners PTE LTD. –
Colmantstraße 15, 53115 Bonn Germany
art-27-rep-booth@rickert.law

Our UK GDPR Representative
Rickert Services Ltd UK
– Booth and Partners PTE LTD. –
PO Box 1487 Peterborough, PE1 9XX, United Kingdom
art-27-rep-booth@rickert-services.uk