Privacy Policy (CRIPRIV0450 / Revision: 03.12.2020r1 / Updated: March 12, 2020)
Continental Resources, Inc. (“ConRes”)

Overview
Continental Resources, Inc. (“ConRes”) and its corporate affiliates (“Affiliates” or “ConRes Affiliates”) are committed to the protection of your privacy, data, and personal information (“DATA”) as further defined within this Privacy Policy. ConRes will only use any DATA received as needed or required in connection with your requests for information, business or employment relationship with ConRes. The purpose of this Privacy Policy is to define and outline ConRes’ use of any DATA obtained or received to include but not be limited to; the use of our website, online services, business relationships, recruitment, or employment.

To download a PDF copy of the privacy policy click here.

Privacy Policy Sections and Contents

  1. Consent and Contact Information
  2. The ConRes Privacy Mission
  3. The Collection of DATA
  4. Types of DATA Collected by ConRes
  5. Consent and Legal Processing of DATA
  6. If you fail to provide DATA
  7. Change of purpose
  8. Will your DATA be subjected to automated decision making?
  9. Data Sharing
  10. Transferring information outside of the EU or the country of origin
  11. Third Parties
  12. Retention Period
  13. Data Security
  14. Your rights
  15. Access to DATA – No fee usually required
  16. What ConRes may need from you
  17. Complaints
  18. GENERAL
    1. Changes to this privacy notice
    2. Consent to Export of Personal Data
    3. Sensitive DATA
    4. Transfer of Personal Data and ConRes Affiliates
    5. Website Cookies
    6. Legally Compelled Disclosure
    7. Website Third Party Links
    8. Website Data Retention
    9. Your Choices
    10. Accuracy, Access & Further Notification
    11. Security
  19. US Privacy Shield
  1. Consent and Contact Information
    By submitting your DATA to ConRes, you are indicating and providing your consent to allow ConRes the use of such DATA as described within this Privacy Policy. Should you have questions regarding this Privacy Policy, or the use of your DATA please contact us at Privacy@conres.com.
  2. The ConRes Privacy Mission
    When ConRes processes your DATA, ConRes will always comply with any applicable laws and ConRes will also apply the core principles of the General Data Protection Regulation (“GDPR’) to ensure that your DATA is:
    1. Used lawfully, fairly and in a transparent way.
    2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    3. Relevant to the purposes we have told you about and limited only to those purposes.
    4. Accurate and kept up to date.
    5. Will be kept only for as long as necessary for the purposes we have told you about.
      1. Reference the Retention Period section within this Privacy Policy for additional information.
    6. Kept securely. Additionally, ConRes will not share your DATA with unrelated companies, except as provided for in this Privacy Policy or as necessary in connection with normal business operations or internal DATA processing activities. ConRes handles all DATA as highly confidential and ConRes will take all required measures to protect your DATA while it is in our possession.
  3. The Collection of DATA
    ConRes may in the course of normal business operations collect your DATA in one or more of the following ways. Collection of DATA may include but not be limited to one of the following methods:
    1. Public Information.
      1. Information that is already publicly available.
      2. Information received through or by social media mechanisms.
      3. Information requested through or by social media mechanisms.
    2. Voluntary submission of DATA.
      1. Use of our website.
      2. Submission for the request for additional information through a form on our website.
      3. Accepting the use of cookies and the use of the website.
      4. Registration for an event.
      5. Application for employment and other related documents.
    3. Normal business operations / internal DATA processing activities.
      1. Employment.
      2. Application for credit.
      3. Request for a quote, proposal, or statement of work.
      4. Information required to complete a transaction, purchase, or provide services.
      5. Delivery of services / online services.
      6. Various contracts as required that may include but not be limited to:
        1. Non-disclosure agreements.
        2. Purchase agreements.
        3. Service agreements.
        4. Lease agreements.
        5. Bids, RFPs (Requests for Proposals), RFQs (Requests for Quotes), etc.
  4. Types of DATA Collected by ConRes
    The following list represents the types of DATA we may or may not collect during a DATA collection event.DATA types (to include but not be limited to):
    1. Personal Information:
      1. First name / Last name / Phone number / Address / Email address.
      2. Business name, address, and phone number.
      3. Survey responses / Security question responses.
      4. Family member information.
        1. This may include information regarding any children.
        2. Information on children would only be used for employees regarding any benefits offered by ConRes.
        3. ConRes does not want or otherwise require any information regarding children.
    2. Marketing and Corporate:
      1. Blogs, presentations, webinars and other editorial content.
      2. DATA types that may include but not be limited to:
        1. Name, job title, location, experience, qualifications, years of service, specializations, opinion, photographs of you, resumes, education, and references.
    3. Company literature:
      1. Organizational charts, reports, photographs, etc.
      2. Testimonials
    4. Monitoring & Physical Security:
      1. CCTV footage / entry and exit access.
        1. To track entry and exit of buildings/car parks to ensure the physical security of our office sites (to the extent permitted by law)
      2. To monitor your use of information and communication systems to ensure compliance with our company policies (to the extent permitted by law)
      3. To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
    5. Recruitment and Employment:
      1. Recruitment & Selection.
        1. In order to decide about your recruitment and employment.
        2. Determining the terms of an offer of employment.
        3. Checking that you are legally entitled to work in the country of employment.
        4. Applicable DATA that may include but not be limited to:
          1. Personal contact details, name, gender, prior employment history, education and training history, references.
          2. Occasionally, depending on the position, additional information may be required as part of pre-employment checks (criminal records, credit information, etc.).
      2. Staff Administration/Payroll.
        1. Administration of the contract we have with you.
        2. Business management & planning.
        3. Establishing and maintaining applicable benefits, pensions, and policies.
        4. Making arrangements for changes to your contract (promotions, transfers, terminations etc.).
        5. Dealing with legal disputes and regulator enquiries / Preventing fraud.
        6. Executing grievance and disciplinary processes.
        7. Complying with health & safety obligations.
        8. Absence and Time management, Tracking working time, and annual leave (as applicable).
        9. Coordinating travel / Coordinating building and/or car parking access.
        10. Paying you / Withholding and remitting applicable taxes and social security.
        11. Filing reports with the applicable government offices, tax and social security authorities.
        12. Coordinating applicable monetary benefits.
        13. Ongoing employment verification.
        14. Applicable DATA that may include but not be limited to:
          1. Personal contact details, name, gender, next of kin and emergency contact information, date of birth, marital status and dependents, tax /social security ID, bank account details, copies of relevant identification documents (passport, drivers license etc.), details of qualifications, performance ratings, copies of employment contracts and supporting documents, ongoing records of training and vocational development, location of employment, start date of employment, current and historic job titles, working hours, professional memberships, remuneration details and history, disciplinary and grievance information, individual requirements under health & safety regulations, health information relevant to sickness absence, travel information, timesheet information, car registration number, trade union details, collective agreement affiliations, details of termination, census data.
          2. Current and historic remuneration data, pay slips, tax/social security ID number, tax status and relevant notices received from regulators, annual leave, sickness absence and working time information, bank account details.
          3. Occasionally depending on the position – conducting ongoing employment checks (criminal records, credit information, etc.).
      3. Performance Management.
        1. Conducting performance reviews / managing performance.
        2. Making decisions about salary and compensation.
        3. Making decisions about promotions, demotions or termination.
        4. Applicable DATA types may include but not be limited to:
          1. Emails, appraisals, meeting notes, expressions of opinion or future intentions.
      4. Equality.
        1. Ensuring Equal Opportunity compliance.
        2. Managing discrimination and harassment claims.
        3. Applicable DATA types may include but not be limited to:
          1. Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  5. Consent and Legal Processing of DATA
    1. By voluntarily accessing the ConRes website, requesting a quote or statement of work, applications, services or information provided to you by ConRes and any ConRes Affiliate you acknowledge that such access or DATA is requested by you and that you are providing the requested DATA voluntarily.
    2. ConRes and each ConRes Affiliate reserves the right to deny access to or provide any such services or information, where you decline to provide requested DATA, if such consent is required by law in your country of residence for ConRes or any ConRes Affiliate to process or transfer the necessary DATA. By voluntarily disclosing your DATA on a ConRes web site or to a ConRes employee, you will be deemed to have granted your consent to the mutually beneficial uses reasonably contemplated at the time of your consent, including ordinary data processing activities by any third parties on ConRes’ behalf, to the extent such consent is legally sufficient in your country of residence.
    3. ConRes uses your data to better understand your needs and provide you with better service. Specifically, we use your DATA to update you on the benefits and features of ConRes Products and Services and to provide you with information and material requested by you. From time to time, we may also use your DATA to contact you for market research or to provide you with marketing information we think would be of interest. ConRes will always do our best to give you the opportunity to opt out of receiving such direct marketing or market research material and to avoid the delivery of unwanted mail to you, such as allowing you to opt in before receiving unsolicited material, where applicable.
    4. Under the GDPR:
      1. Consent is not considered a lawful basis for processing in situations where there is an imbalance in power – such as employment. Therefore, instead of seeking your consent we are required to apply one of the other legal bases – those outlined in Article 6 of the GDPR– namely:
        1. To perform our contract with you,
        2. To enable us to comply with legal obligations and,
        3. Using your DATA to pursue legitimate interests of our own provided your interests and fundamental rights do not override those interests.
      2. For ‘special categories’ of your DATA (health data, race or ethnicity, religious beliefs, sexual orientation and political opinions, and trade union membership) we must rely on one of the legal bases detailed in Article 9 of the GDPR – namely, where:
        1. processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorized by the applicable governing legal body providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
        2. processing is necessary for reasons of substantial public interest, based on the applicable governing legal body, which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
      3. For information about criminal convictions, in accordance with Article 10 of the GDPR we may only use this data where the law allows us to do so or as required by law applicable to ConRes, or necessary to comply with an order of a court or governmental agency, or necessary for matters of safety and security. We do not envision that we will hold information on criminal convictions, however there may be circumstances where the nature of a role requires us to request and retain this information and if this is the case you will be provided prior notification.
      4. For each of our processing activities listed above we have also detailed the legal basis that allows us to process your data.
  6. If you fail to provide DATA
    If you fail to provide certain DATA when requested, we may not be able to perform the contract or provide products or services that we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
  7. Change of purpose
    ConRes will only use your DATA for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your DATA for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. NOTE – ConRes may process your DATA without your knowledge or consent where this is required or permitted by law.
  8. Will your DATA be subjected to automated decision making?
    Automated decision-making takes place when an electronic system uses DATA to make a decision without human intervention.ConRes can or may use automated decision-making in the following circumstances:
    1. Where we have notified you of the decision and given you 21 days to request a reconsideration.
    2. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
    3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights. If we make an automated decision based on any particularly sensitive DATA, we must have either your explicit written consent, it must be justified in the public interest, or must be required by law and we must also put in place appropriate measures to safeguard your rights. We do not envision that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
  9. Data Sharing
    ConRes may have to share your DATA with third parties, including third-party service providers and other entities. We require third parties to respect the security of your DATA and to treat it in accordance with all applicable laws. We may transfer your DATA outside the EU or the country of origin. If we do, you can expect the same or greater degree of protection in respect of your DATA.
  10. Transferring information outside of the EU or the country of origin
    We may transfer the DATA we collect about you to countries outside the EU or the country of origin in order to perform our contract with you.This is not an adequacy decision by the European Commission or country of origin in respect of these countries, which means they are not deemed to provide an adequate level of protection for your DATA.However, to ensure that your DATA does receive an adequate level of protection we have put in place relevant appropriate measures to ensure that your DATA is treated by those third parties in a way that is consistent with and which respects the laws on data protection. You can contact us if you require further information about these protective measures.
  11. Third Parties
    ConRes may share your DATA with third parties or as required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Third parties may include but not be limited to third-party service providers (including contractors, designated agents, vendors, manufacturers, partners, and other ConRes approved and authorized entities).The following activities (which may include but not be limited to) are carried out by third-party service providers:
    • Payroll,
    • Pension administration (if applicable),
    • Benefits provision and administration,
    • Tax compliance and accounting,
    • HR consulting,
    • Occupational health services,
    • IT products and services,
    • Online /cloud-based services,
    • If required as part of our regular reporting activities on company performance,
    • In the context of a business reorganization or group restructuring exercise or possible sale of assets or the business,
    • For system maintenance support and if applicable the hosting of DATA, ConRes requires our third parties to take all appropriate and required security measures to protect your DATA. We do not allow our third-party service providers to use your DATA for their own purposes. We only permit them to process your DATA for specified purposes, in accordance with our instructions and under the terms of a data processing or similar agreement. Additionally, ConRes will not sell, rent, or lease your DATA to others unless we have specifically informed you, obtained your consent or are required by law. We will only share the DATA you provide with ConRes Affiliates and/or business partners who are acting on our behalf, and then only for the uses described in Use of Data. If there is an instance where ConRes may desire to share such information with such third parties, you will be asked to consent to such disclosure at the time you submit the data. However, the sharing of such information will be made only for purposes consistent with the uses described in the Policy.
  12. Retention Period
    ConRes will only retain your DATA for as long as necessary to fulfill the purposes that ConRes collected it for. This also includes satisfying any applicable legal, accounting, or reporting requirements. To determine the appropriate retention period for DATA, we consider the amount, nature, and sensitivity of the DATA, the potential risk of harm from unauthorized use or disclosure of the DATA, the purposes for which we process your DATA and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your DATA so that it can no longer be associated with you, in which case we may use such information without further notice to you. Additionally, once you are no longer an employee or worker of ConRes, we will retain and/or securely destroy your DATA in accordance with our data retention policy and/or applicable laws and regulations.
  13. Data Security
    ConRes has deployed the appropriate security measures to prevent your DATA from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your DATA to those authorized; employees, agents, contractors and other third parties who have a business need to know. They will only process your DATA on our instructions and they are subject to a duty of confidentiality in addition to any other applicable security or contractual obligations.ConRes has procedures to address any suspected security breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
  14. Your rights
    Under certain circumstances, by law you have the right to:
    • Request access to your DATA (commonly known as a “data subject access request”). This enables you to receive a copy of the DATA we hold about you and to check that we are lawfully processing it.
    • Request correction of the DATA that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your DATA. This enables you to ask us to delete or remove DATA where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your DATA where you have exercised your right to object to processing (see below).
    • Object to processing of your DATA where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your DATA for direct marketing purposes.
    • Request the restriction of processing of your DATA. This enables you to ask us to suspend the processing of DATA about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your DATA to another party.
    • Binding Arbitration – under certain conditions, you have the right, to invoke binding arbitration through the American Arbitration Association (https://www.adr.org). If you want to review, verify, correct or request erasure of your DATA, object to the processing of your DATA, or request that we transfer a copy of your DATA to another party, please contact us at Privacy@conres.com. As stated above, the processing of your DATA is based on a legal basis other than your consent, however in the very limited circumstances where you may have provided your consent to the collection, processing and transfer of your DATA for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at Privacy@conres.com. Once we have received notification that you have withdrawn your consent, we will no longer process your DATA for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
  15. Access to DATA – No fee usually required
    You will not have to pay a fee to access your DATA (or to exercise any of the other rights defined within this Policy). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  16. What ConRes may need from you
    ConRes may need to request specific information from you to help us confirm your identity and ensure your right to access the DATA (or to exercise any of your other rights). This is an appropriate security measure to ensure that DATA is not disclosed to any person or entity that has no right to receive it.
  17. Complaints
    If you are dissatisfied or concerned with the way in which your DATA has been processed please contact us at Privacy@conres.com.If you remain dissatisfied, then you have the right to file a complaint directly with the applicable Data Protection Authority in your country of origin.
  18. GENERAL
    1. Changes to this privacy notice
      1. We reserve the right to update this privacy notice at any time.
      2. Any such changes will be posted on our website and available upon request.
      3. We may also notify you in other ways from time to time about the processing of your DATA.
    2. Consent to Export of Personal Data
      1. Where collection of your DATA may be deemed to be exporting your DATA under the laws of your country of residence, you agree that providing your DATA to ConRes or a ConRes Affiliate located in a jurisdiction other than your country of residence shall be deemed your express consent to the transfer of your DATA outside your country of residence, to that of the designated data controller/administrator, for the mutually beneficial uses reasonably contemplated at the time of your consent.
    3. Sensitive DATA
      1. It is not the objective or intent of ConRes to seek any sensitive DATA through our web site.
      2. Sensitive DATA includes several types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record.
      3. We suggest that you do not provide sensitive DATA of this nature, unless as part of an employment application or your employment.
      4. If you elect to provide sensitive DATA not requested by ConRes, you expressly provide consent to ConRes for the use of that data consistent with the mutually beneficial uses reasonably contemplated at the time of your consent or as more specifically described at the point where you choose to disclose your DATA.
    4. Transfer of Personal Data and ConRes Affiliates
      1. DATA collected by ConRes may be transferred to ConRes Affiliates, where it is necessary to meet the purpose for which you have submitted the information.
      2. By submitting DATA on the ConRes web site, you are providing explicit consent to worldwide transfer of such DATA to, and use by ConRes or any ConRes Affiliate, within the scope of the privacy policies stated by ConRes or any ConRes Affiliates.
    5. Website Cookies
      1. Cookies may be used on some or all of the pages on our site.
      2. Cookies are small text files placed on your device that assist ConRes in providing a more customized web site experience. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area.
      3. The use of cookies is intended to make navigation of our web sites easier for you and to facilitate efficient registration procedures.
      4. Cookies also enable us to monitor individuals use of our site for the purpose of continuing to improve its usefulness.
      5. If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, you may refuse a cookie and still fully navigate our web sites.
    6. Legally Compelled Disclosure Despite ConRes’ commitment to protecting your DATA, there may be circumstances under which ConRes may be deemed to be legally compelled to disclose your DATA. These circumstances may include, among others:
      1. Situations where disclosure is required by law applicable to ConRes, or necessary to comply with an order of a court or governmental agency, or necessary for matters of safety and security.
      2. In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
      3. In such cases, ConRes will make good faith efforts to provide only that DATA which is the subject of the official order or request.
    7. Website Third Party Links
      1. There are several places throughout the ConRes web site that may link to other web sites that do not operate under ConRes’ privacy practices.
      2. ConRes does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them.
      3. When you link to other web sites, the ConRes Privacy Policies no longer apply and ConRes assumes no responsibility for the information or other practices of a site that is accessible through ConRes.
      4. We encourage you to review each sites privacy policy before disclosing any DATA.
    8. Website Data Retention
      1. ConRes does not retain all the DATA that we receive.
      2. Contact information about visitors will be kept as long as the information is valid or until a user with appropriate authorization requests in writing that we delete that information.
    9. Your Choices
      1. ConRes respects your right to make your own choices about how your DATA is handled.
      2. Should you choose to subscribe to mailing lists or any registrations, and later decide to unsubscribe we will provide instructions, on the appropriate web site area or in communications to you or you may contact us at Privacy@conres.com
      3. In addition, access to certain applications or services may involve certain uses, disclosure or transfer of the DATA being collected during registration for that application or service. If required under the laws of your country of residence, you will be notified of such intended uses, transfer or disclosure and asked to provide your consent. Failure to provide your consent where so requested may mean you will not be provided access to the applications or services for which your DATA can not be lawfully processed.
    10. Accuracy, Access & Further Notification
      1. ConRes strives to ensure the accuracy of your DATA, as provided to ConRes.
      2. Depending on the privacy laws in your country of residence, you may have the right to view, update or correct data submitted through the web sites to ConRes, or to receive additional notification of changes in the use of your information.
      3. When DATA is retained, ConRes undertakes to make all reasonable efforts to maintain the accuracy of the DATA submitted and verified by you.
      4. ConRes does not assume responsibility for verifying the DATA you submit, or for establishing the ongoing accuracy of the content of DATA. If ConRes is informed that any DATA collected through a web site is no longer accurate, ConRes will make appropriate corrections based on the updated information provided by the authenticated visitor. Queries in this regard should be directed to us at Privacy@conres.com.
    11. Security
      1. ConRes is committed to ensuring the security of your DATA.
      2. To prevent unauthorized access, misuse or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate procedures to safeguard and secure the information we collect online.
  19. US Privacy Shield
    1. ConRes complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. ConRes has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
    2. Additionally, ConRes commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources DATA.
    3. Please NOTE: ConRes is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or the Department of Transportation (if applicable).
    4. ConRes’s accountability for DATA that it receives under the Privacy Shield and subsequently transfers to a third party is further described in the Privacy Shield Principles (https://www.privacyshield.gov/). Specifically, ConRes is responsible and liable under the Privacy Shield Principles if any third-party agents that it engages to process the DATA on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless ConRes proves that it is not responsible for the event giving rise to the damage.