Scroll to top

Get In Touch
541 Melville Ave, Palo Alto, CA 94301,
ask@ohio.colabr.io
Ph: +1.831.705.5448

Work Inquiries
work@ohio.colabr.io
Ph: +1.831.306.6725

Generic selectors
Exact matches only
Search in title
Search in content
search in post
search in page

  • We’re Here to Help

    Looking for something specific? Use the search bar to find any product, service, or topic across our website. Can’t find it? Contact us —our team is ready to assist.

  • Top Searches

    Intelligence Solutions Thinking Technology Business Solutions & Research Sebleu Podcast Public Sector Survey Artificial Intelligence Beyond Industry Gen X Quantum Computing & HPC Medical Product and services

    • Privacy Policy

    Sebleu is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you interact with our services. By continuing to use our platforms, you agree to the terms outlined in this policy.

    Privacy Policy

    Here at Sebleu we collect, process and store personal data for a range of business purposes. Data subjects include customers, suppliers, partners, employees, clients and other stakeholders and individuals. 

    Bearing in mind Sebleu’s commitment to uphold the rights of the individual as enshrined in law, our data security policy is designed to protect all past, current and future employees, customers, or partners, from illegal or damaging activity conducted by others using their personal data. 

    Our data security policy outlines how Sebleu will endeavour to guard and protect all personal data. It also sets out to raise the awareness of staff members in relation to the ways in which GDPR impacts their use of an individual’s personal data. 

    This policy applies to all data processing activities involving Sebleu, and includes activities or systems related to both internal business operations, as well as external relations and any third-party agreements.

    Please note that Sebleu data security policy applies to all employees, and this policy may be subject to review and amendment on a regular basis. For more information about this policy and its overall implementation, consult our Data Protection Officer.

    This document is subject to regular review to ensure ongoing regulatory compliance.

    Data Security Policy Definitions

    Personal data 

    Personal data encompasses any type of information that relates to an identifiable individual. Various types of personal data Sebleu may collect, store and process could include:

    • Contact details
    • Financial information
    • Educational background
    • Certifications
    • Skills
    • Nationality
    • Marital status
    • Job title

    The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of personal data can be established and further developed.

    Sensitive personal data

    Under GDPR, sensitive personal data is defined as encompassing any of the following:

    • Racial or ethnic origin 
    • Political opinion 
    • Religious or philosophical beliefs 
    • Trade union membership
    • Genetic data
    • Biometric data
    • Health-related information 
    • Sexual orientation

    It is paramount that all sensitive personal data is kept under stringent control as part of the implementation of our data security policy.

    Purposes of personal data

    Sebleu uses personal data for a range of various purposes. These purposes may include:

    • Financial
    • Administrative
    • Human resources
    • Regulatory compliance
    • Payroll 
    • Business development

    Please note the above list is by no means exhaustive, and should merely be used as a reference point from which a working definition of purpose can be established.

    Business purposes

    Sebleu must carry out a range of functions and processes as part of our operational activity. Data kept in relation to these activities falls under the category of data for business purposes, which includes information of the following nature:

    • Operational
    • Compliance 
    • Policy adherence
    • Human resources and personnel
    • Marketing

    The above list is by no means exhaustive, and should be used merely as a point of reference from which a working definition of business purposes can be established and further developed.

    Fair processing

    At Sebleu, there will be occasions when employees will need to process personal data; however, processing activities must always be carried out in a fair and lawful manner that is compatible with the rights of each corresponding individual. Consequently, we should avoid processing the personal data of any individual who has not provided us with explicit consent.

    Our company must strive to obtain explicit consent at all costs, and we must clearly identify to the individual what data is being processed, why we need to use it and who will have access to their data. These factors must be identified and clearly reiterated to the individual at the point of request for consent.

     

    It’s worth noting there may be exceptional circumstances in which we are asked to process sensitive personal data without consent. An example of an exceptional circumstance could include legal obligations we may need to carry out to comply with health and safety regulations.

    Sebleu endeavours to take all actions necessary to ensure that all personal data we obtain, process and store is accurate, relevant and adequate in relation to the reason in which we asked for that information. We should not hold excessive or irrelevant data on any individuals, and we will not process any personal data for a purpose unrelated to the purpose in which the relevant individual has consented to the processing of their data.

    Our roles and responsibilities

    Data security is a critical component of our business. It falls on everyone at Sebleu to take responsibility for data security, and all employees must familiarise themselves with our data security policy and do everything within their power to uphold that policy on a day-to-day basis.

    Please note that Sebleu takes data protection incredibly seriously, and we expect all staff members to adhere to this data security policy. Any failure and refusal to comply with this policy could ultimately place our company at risk.

    Bearing that in mind, personal non-compliance with this data security policy could lead to disciplinary action as they relate to ordinary personnel procedures. Please contact your line manager with any further questions concerning data protection at Sebleu.

    As a staff member at Sebleu, you can expect to receive data protection training in line with our data security policy. All incoming employees will be provided training as an aspect of the wider staff induction process, and all staff members can anticipate the requirement to undergo additional training as a result of subsequent regulatory updates to GDPR or other relevant legislation as it relates to data security. 

    Data security will inevitably encompass a range of additional responsibilities for various roles within the company. These roles and their responsibilities include (but are not limited to): 

    Data Protection Officer

    GDPR stipulates our company must appoint a Data Protection Officer. It is our Data Protection Officer’s responsibility to:

    •  Organise data security training for all employees not specifically referenced within this data security policy.
    • Review and analyse all existing data security protocols and processes on a regular basis.
    • Be a point of contact for all employees, clients and stakeholders to answer questions about data protection and data security.
    • Respond to internal or external queries from individuals wanting to know what data relating to them may have been obtained, processed or stored by our company.
    • Conduct due diligence and submit approval in relation to any contractual agreement with a third party involving the processing or storage of data.
    • Maintain constant contact with company directors, board members and stakeholders in relation to data security, company responsibilities and data risk management.

    IT Manager

    Information technology plays a crucial role in the way our company operates. Any processes relating to IT and the processing and storage of data must be carefully monitored, assessed and guided by an IT Manager.

    It is the responsibility of Sebleu IT Manager to:

    • Conduct due diligence and appropriate levels of research into any third-party service that our company may call upon to store or process any data.
    • Make sure that all company software, IT systems, equipment and services meet changing levels of data security standards.
    • Carry out regular checks, audits and scans to ensure security hardware and security software are fully functional and optimised to manage and mitigate data security risks.

    Marketing Manager

    A significant proportion of our marketing activities involve the collection, storage and processing of data. Consequently, our Marketing Manager must oversee the following responsibilities:

    • Accept all queries relating to data security and data protection from leads, media outlets, clients or other individuals and oversee and deliver an adequate response.
    • Work alongside Sebleu Data Protection Officer to make sure that all of our marketing processes, campaigns and activities are compliant with all relevant data security and data protection laws – as well as our own company data security policy.
    • Review, draft and approve any relevant data security statements that must accompany emails, other messages or applicable marketing collateral.

     

    Our data security policies

    Sobleu takes data security extremely seriously, and we place the rights of the individual and regulatory adherence at the heart of everything we do as a company.

    In light of our commitments, it is mandatory all staff members must observe and adhere to the following data security policies:

    Data storage policy

    • All information or data that is collected and processed is subject to all of the applicable requirements as outlined and documented within this policy. This includes information collected electronically, by paper, telephone or data collected through any other means.
    • All data must be collected, stored and protected in a secure location appointed by Sebleu, for a retention period as predefined by corresponding legislature or company policy.
    • Staff members are strictly forbidden to retain confidential information or personal data not relating to themselves on their personal devices. Exceptions to this policy include information that is needed for a purpose that is work-related, temporary and specified and approved by a relevant manager.
    • Staff members should avoid downloading sensitive files or confidential information to local devices wherever possible. Information being necessarily processed for work purposes may be exempt from this policy.
    • Employees must install and use software and systems that have been licensed and approved by the company on devices while carrying out the duties of their role. Downloading or using any software, app or system that is not pre-approved by the company will require prior approval from the company’s IT Manager.
    • All mobile and portable devices used by staff members should be approved by the company’s IT Manager and secured to prevent unauthorised access or breach. Personal devices could include a laptop, smartphone, tablet or any other handheld computing devices. This policy also applies to any shared cloud storage spaces.
    • All internet access and online operations carried out by employees could be subject to monitoring and filtering in accordance with relevant legislation and company policy. This monitoring should be carried out only by the IT Manager or an authorised member of staff.
    • Employees must adhere to all applicable elements of this policy when using personal devices to access company resources. Similarly, employees must observe and adhere to all applicable elements of this data security policy when using equipment provided by Sebleu, to access information externally.
    • Employees are forbidden from using public access devices. This practice is allowed in some circumstances; however, prior and explicit approval from a line manager for regular public access must be obtained and recorded.
    • Employees must use access tools provided to them by a client or partner of Sebleu if access is granted to any third-party storage system or data storage facility.
    • It is forbidden to send, forward or submit any of the information or data referred to within this data security policy to a third-party unless deemed essential to complete approved processes.
    • If an employee needs to carry out an approved submission of data to any relevant third-party, that data must be made secure in accordance with company policy and any relevant third-party data protection protocols.

     

    Please note that Sebleu will carry out regular system audits to monitor and ensure ongoing compliance with this data security policy and all regulatory requirements as outlined under GDPR.

    Data retention policy

    While Sebleu must routinely collect and store data, we are committed to the rights of individuals. That’s why we retain all information and personal data for no longer than we need to. 

    The necessary length of retention will often be decided on a case-for-case basis, bearing in mind the rationale and original purpose surrounding data collection and retention. Decisions of this nature must be made in a way that is compatible with our existing data retention guidelines under GDPR.

    For additional guidance, consult the following corresponding documents:

    • Data retention and erasure policy document

    International data transfer policy

    Employees must observe a series of restrictions that apply towards the international transfer of data or personal information. Employees are not permitted to transfer personal information or data outside of the United Kingdom without having obtained explicit permission in the first instance from the company’s Data Protection Officer.

    Data encryption and anonymisation policy

    deploys encryption to secure and protect data that is stored on devices from unlawful processing or unauthorised access. Encryption is also used to protect information that is in transit.

    We also use the anonymisation of personal data wherever deemed prudent to ensure the rights of the individual are fully protected and observed.

    In line with these principles, we are committed to the use of both encryption and anonymisation as a risk management tool alongside existing systems, to protect the company from accidental loss, as well as from the damage or destruction of data or personal information.

    Activities that are prohibited 

    Unless otherwise noted or informed, employees are strictly forbidden from using company equipment, tools or systems for any purpose unrelated to their role responsibilities, excluding any previously mentioned exceptions. This policy also relates to any relevant systems, tools or equipment belonging to a company client or partner.

    Bearing that in mind, the following activities should be deemed forbidden with no exceptions:

    • Any unauthorised replication of copyrighted materials.
    • The violation of individual rights by way of the unnecessary collection, storage and processing of personal data or information.
    • The violation of rights of an individual or organisation protected under intellectual property law in any jurisdiction.
    • The use of any programme, command or interface designed to interfere with a user or corresponding user session.
    • The accessing of any data, user account or server for any purpose unrelated to the business function of an individual’s company role.
    • Issuing fraudulent product or service offers from a company account.
    • The allowed sharing or use of employee login credentials or company systems by anyone apart from the named individual.
    • The export of proprietary or confidential information as it relates to the company.
    • The export of any software or data that is in breach of regulation or the company’s data security policy.
    • Knowingly causing a network disruption or security breach.
    • An employee is not allowed to access data that is not intended for them by logging into a system or gaining access to a confidential or limited-access account. 
    • The only exception to this rule is if the employee is granted access as part of a specific company project. 

    Please note that any violation of this policy can lead to disciplinary action, alongside legal action where deemed prudent or necessary.

    Reporting security issues

    If you encounter any incidents or issues relating to the security or protection of information or data, you must report this immediately to company management. Management will subsequently take and record any action deemed necessary to prevent damage or loss in relation to a security threat.

    If necessary, it is the responsibility of company management to report relevant incidents relating to a data breach or information security threat to regulators or the authorities. Under GDPR, it also falls upon management to contact the individuals involved in any breach or security threat.

    Contacting Us

    Sebleu is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you interact with our services. By continuing to use our platforms, you agree to the terms outlined in this policy.

    For any questions about this Privacy Policy contact our Group Data Protection Officer. Click here

    For any questions about this Privacy Policy or our use of your information, you can contact our Privacy team by submitting a request here.

    71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

    Send email to GroupGDPR@Sebleu.com 

    This Privacy Policy was last updated on 8th, March 2025.

    Privacy Policy

    At Sebleu, we are committed to providing our clients, customers, and members with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about our clients, customers, members, protecting their personal information is one of our highest priorities.

    While we have always respected our clients, customers, members privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of British Columbia’s Personal Information Protection Act (PIPA).  PIPA, which came into effect on January 1, 2004, sets out the ground rules for how B.C. businesses and not-for-profit organizations may collect, use and disclose personal information.

    We will inform our clients, customers, members of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.

    This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we will follow in protecting clients’, customers’, members’ personal information.  Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’, customers’, members’ personal information and allowing our clients, customers, members to request access to, and correction of, their personal information.

    Definitions

    Personal Information –means information about an identifiable individual considered providing examples of personal information your organization collects.  E.g., including name, age, home address and phone number, social insurance number, marital status, religion, income, credit history, medical information, education, employment information].  Personal information does not include contact information (described below).

    Contact information – means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number.  Contact information is not covered by this policy or PIPA.

    Privacy Officer – means the individual designated responsibility for ensuring that the organisation complies with this policy and PIPA. 

    Policy 1 – Collecting Personal Information

    1.1  Unless the purposes for collecting personal information are obvious and the client, customer, member voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection. 

    1.2  We will only collect client, customer, member information that is necessary to fulfill the following purposes: 

    Verify Identity- Consider including after each applicable purpose statement the personal information you collect to fulfill that purpose.  For example: To verify identity, we may collect name, home address, home telephone number and birth date;]

    Policy 2 – Consent

    2.1  We will obtain client, customer, member consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent). 

    2.2  Consent can be provided e.g., orally, in writing, electronically, through an authorized representative] or it can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious and the client, customer, member voluntarily provides personal information for that purpose. 

    2.3  Consent may also be implied where a client, customer, member is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new services or products, fundraising and the client, customer, member does not opt-out. 

    2.4  Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), clients, customers, members can withhold or withdraw their consent for Name of organization to use their personal information in certain ways.  A client’s, customer’s, member’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product.  If so, we will explain the situation to assist the client, customer, member in making the decision. 

    2.5  We may collect, use or disclose personal information without the client’s, customer’s, member’s knowledge or consent in the following limited circumstances: 

    A full listing of such circumstances can be found in sections 12, 15, and 18 of PIPA. When the collection, use or disclosure of personal information is permitted or required by law;

    In an emergency that threatens an individual’s life, health, or personal security;

    3.1  We will only use or disclose client, customer, member personal information where necessary to fulfill the purposes identified at the time of collection [or for a purpose reasonably related to those purposes such as: 

    • To conduct client, customer, member surveys in order to enhance the provision of our services;
    • To contact our [clients, customers, members] directly about products and services that may be of interest;] 

    3.2  We will not use or disclose client, customer, member personal information for any additional purpose unless we obtain consent to do so.

    3.3  We will not sell client, customer, member lists or personal information to other parties [unless we have consent to do so]. 

    Policy 4 – Retaining Personal Information

    4.1  If we use client, customer, member personal information to make a decision that directly affects the client, customer, member, we will retain that personal information for at least one year so that the client, customer, member has a reasonable opportunity to request access to it. 

    4.2  Subject to policy 4.1, we will retain client, customer, member personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose. 

    Policy 5 – Ensuring Accuracy of Personal Information

    5.1  We will make reasonable efforts to ensure that client, customer, member personal information is accurate and complete where it may be used to make a decision about the client, customer, member or disclosed to another organization. 

    5.2  Clients, Customers, Members may request correction to their personal information in order to ensure its accuracy and completeness.  A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. 

    A request to correct personal information should be forwarded to the Privacy Officer: groupPIPA@Sebleu.com

    5.3  If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year.  If the correction is not made, we will note the clients’, customers’, members’ correction request in the file. 

    Policy 6 – Securing Personal Information

    6.1  We are committed to ensuring the security of client, customer, member personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks. 

    6.2  The following security measures will be followed to ensure that client, customer, member personal information is appropriately protected: 

    the use of locked filing cabinets; physically securing offices where personal information is held; the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate (i.e., only those that need to know will have access; contractually requiring any service providers to provide comparable security measures].

    6.3  We will use appropriate security measures when destroying client’s, customer’s, member’s personal information such as [Fill in destruction methods your organization employs.  Examples may include:  shredding documents, deleting electronically stored information]. 

    6.4  We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security. 

    Policy 7 – Providing Clients, Customers, Members Access to Personal Information

     7.1  Clients, Customers, Members have a right to access their personal information, subject to limited exceptions. 

    A full listing of the exceptions to access can be found in section 23 of PIPA.  Some examples include:  solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns]

    7.2  A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.  [IF APPLICABLE:  A request to access personal information should be forwarded to the Privacy Officer: groupPIPA@sebleu.com 

    7.3  Upon request, we will also tell clients, customers, members how we use their personal information and to whom it has been disclosed if applicable. 

    7.4  We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. 

    7.5  A minimal fee may be charged for providing access to personal information.  Where a fee may apply, we will inform the client, customer, member of the cost and request further direction from the client, customer, member on whether or not we should proceed with the request. 

    7.6  If a request is refused in full or in part, we will notify the client, customer, member in writing, providing the reasons for refusal and the recourse available to the client, customer, member. 

    Policy 8 – Questions and Complaints:  The Role of the Privacy Officer or designated individual

    8.1  The Privacy Officer or designated individual is responsible for ensuring the Name of organization’s compliance with this policy and the Personal Information Protection Act.

    Contacting Us

    For any questions about this Privacy Policy, please contact our Group Data Protection Officer.

    Click here.

    For any questions about this Privacy Policy or our use of your information, you can contact our Privacy team by submitting a request here.

    777 Dunsmuir St suite 1700, Vancouver, BC V7Y 1K4, Canada

    Send email to GroupPIPA@sebleu.com 

    OR 

    Clients, Customers, Members should direct any complaints, concerns or questions regarding Sebleu compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the client, customer, member may also write to the Information and Privacy Commissioner of British Columbia. 

    This Privacy Policy was last updated on 8th, March 2025.

    Privacy Policy

    The following is subject to the terms and conditions of the Singapore Personal Data Protection Act, where personal data has been provided to Sebleu. By accessing our website, supplying any information and continuing to use our products and services, you agree to all the terms of this Privacy Policy as it is constantly updated.

    International Users 

    By agreeing to the privacy policy and providing us with personal information, you agree and consent that data and information may be transferred out of Singapore. 

    Your Rights

    You have the right to access your personal data under Singapore law. If you wish to exercise your rights to data protection and management subjected to specific exemptions in specific cases, you may contact Sebleu Privacy Office at any time. Click here

    Contacting Us

    For any questions about our Privacy Policy or the use of your personal information, please contact our Group Data Protection Officer and Privacy team by submitting your request to:

    Group Data Protection Officer, 

    Sebleu Privacy Team,

    7 Straits View, #05-01 Marina One East Tower, Singapore 018936

    Send email to GroupPDPA@sebleu.com

    This Privacy Policy was last updated on 8th, March 2025.

    Already have an account?

    Sign in to access your Sebleu account, manage your profile, and engage with our platforms, services, and insights.

    Your access is secured. We use essential technologies to support authentication and platform functionality. View our Cookie Policy for more information.

    Skip to toolbar