1.0 Introduction

We are committed to ensuring privacy in processing personal and business data and offering accurate, complete, and timely data at all times. Therefore, the data privacy policy is designed for Third Wish Group, hereinafter referred to as “Third Wish”, in compliance with the requirements of the General Data Protection Regulation (GDPR) and the US data laws and regulations.

1.1 Objective

The data privacy policy sets out the general principles of privacy, protection, and ethics for Third Wish. It is also essential for cultivating an organization-wide privacy culture to protect the privacy and rights of our stakeholders who are essential to our business.

1.2 Scope

This policy applies to all online and offline personal data collected, received, processed, stored, controlled, and disclosed by Third Wish regarding its past, current, and prospective interested parties (i.e., Personnel, Clients, Suppliers, Contractors, Shareholders, and Business Associates).

1.3 Responsibility

All interested parties shall be accountable for upholding the requirements of the policy.

1.4 Accountability

All systems are being maintained to comply with the GDPR and the US Data Protection Act Standards among others. The Data Protection Officer shall be responsible for ensuring compliance with the Policy.

The Data Protection and Compliance Officers shall be responsible for ensuring compliance with the policy.

Where necessary, audits will be performed in accordance with regulatory requirements.

2.0 Guidelines

2.1 Sources of Personal Data

Personal data from or about interested parties is obtained through methods described below:

• Website: Stakeholder-directed websites operated by Third Wish under its domains.
• Mobile app: Customer-directed mobile apps operated by Third Wish.
• Email, text, and other electronic messages: Includes electronic interactions between Third Wish and interested parties.
• Service desk: Includes information received from live interactions with customers regarding contractual services.
• Offline registration forms: Includes printed or digital forms such as postal mails, in-store demos, promotions, and other events.
• Interactions from advertising: Information on interactions with our advertisements on third-party websites may be received.
• Other sources: This includes third-party social networks (e.g., Google, LinkedIn, Facebook, etc.).

2.2 Personal Data Collected

Depending on the interaction of interested parties with Third Wish as stated in 2.1 Sources of personal data, the various types of information collected are:

• Personal contact information: Name, email address, postal address, mobile phone number, and social networks.
• Professional information: Job title, employer name, and industry.
• Account login information: Login ID, email address, username, password, and security questions with answers.
• Demographics: Gender, date of birth, age/age range, location (postcode or zip code), interests, etc.
• Website information: Actions on our website or newsletters, including cookies and web beacons.
• Information from computers and mobile devices: IP address, type of operating system, web browser, and version.
• Stakeholder-generated content: Content created by stakeholders and shared via third-party social networks.
• Third-party information: Publicly shared information via third-party social networks.
• Payment/financial information: Debit or credit card details.
• Service desk information: Recordings of interactions in accordance with applicable laws.

2.3 How We Use Personal Information

Personal data is used for the following purposes, including but not limited to:

• New customer and project creation.
• Products and services updates.
• Business referrals.
• Product and service sales and purchase (e.g., invoice, Service Level Agreements (SLA), Statement of Work (SOW)).
• Compliance with legal, statutory, and regulatory requirements.
• Transparency in communication with interested parties.
• Continual improvement of products, services, resources, and information flow.
• Review and notification of business operations and documentation.
• Resolve any disputes that may arise while executing business functions/processes.

2.4 Purpose and Legal Basis for Processing of Personal Data

• Calling and visiting the Third Wish website: Data is collected for technical provision and system security.
• Contact Form: Personal data is collected to process your request.
• Newsletters: Email addresses are required for newsletter registration.
• Downloading reports: Email addresses are required for receiving reports.
• Downloading event publications: Email addresses are required for event updates.
• Account/Orders for the Third Wish Group online store: Customer account creation requires personal information.
• Applications: Personal data is collected for job applications.
• Cookies: Used for personalizing content, providing social media features, and analyzing traffic.

2.5 Data Disclosure

Third Wish may disclose personal information only in the following circumstances:

• To employees, consultants, authorized agents, service providers, and shareholders or business partners for business needs.
• With explicit stakeholder consent.
• In response to legal requests.
• To comply with legal, statutory, and regulatory requirements.
• To protect the rights, safety, and property of Third Wish and its stakeholders.

2.6 Data Retention and Minimization

Third Wish will retain all documents with personal information for the minimum legally required period. After this period, all data will be destroyed or deleted appropriately.

2.7 Data Security

Third Wish has implemented appropriate measures to protect personal information from loss, misuse, and unauthorized access. Security assessments are conducted regularly to ensure compliance.

2.8 Your Rights as an Interested Party (Stakeholder)

Under the GDPR, stakeholders have the following rights:

• Right to information about stored data (Article 15).
• Right to rectify inaccurate data (Article 16).
• Right to deletion of data (Article 17).
• Right to limitation of data processing (Article 18).
• Right to data portability (Article 20).
• Right to revocation of consent (Article 7(3)).
• Right to file a claim with a supervisory authority (Article 77).
• Right of opposition to processing based on legitimate interests.

2.9 Obligation to Provide Data

You are not required to provide personal data, but not providing it may limit access to our website and services.

2.10 Automated Decision Making/Profiling

Third Wish does not use automated decision-making or profiling.

3.0 Policy Review

This policy shall be reviewed annually to ensure:

• Information is accurate and up to date.
• Compliance with applicable directives and regulations.
• Adaptability to business demands.

The Compliance Officer and the Director for International Operations shall be responsible for reviewing the policy.

Contact Us

Please contact us (Third Wish Group, legal department) if you have any other questions about our data privacy policy.