Data privacy policy of DECERNIS LLC
Status: May 2018
1. General information & Contact details
Data protection is taken seriously by Decernis LLC (hereinafter “Decernis“, “we” or “us”). Decernis is the operator of the Decernis Global Compliance Management Service including gComply, gComply Plus, Horizon Scanning, Compliance Dashboard, Supply Chain Management System and other solutions that may be provided available at decernis.com (or any successor site or domain owned by Decernis) (the “Website”) and therefore the responsible body (controller) as regards the processing of the users’ personal data submitted through the Website.
By way of this “Privacy Policy” we want to inform you about personal data, the purpose of our processing of your personal data, how we intend to use it and how you are able to correct or amend your information.
Controller pursuant to the (EU) General Data Protection Regulation (“GDPR”):
Decernis LLC
2101 Gaither Road, Suite 150 Rockville, MD 20850 USA
E-Mail: info@decernis.com
Data Protection Officer (“DPO”): Kevin Kenny, COO
Our data protection officer (“DPO”) can be contacted by email at: kkenny@decernis.com
Website Development:
Winning Solutions – Webdesign & App-Entwicklung Koblenz
Bienenstück 34
56072 Koblenz
www.winning-solutions.de
2. Scope of application
We expressly state that the Privacy Policy shall apply to all users of the Website.
3. What is personal data?
Personal data means “any information relating to an identified or identifiable natural person”. The term therefore includes information concerning known or already identified persons, as well as any information allowing us to directly or indirectly identify you. It therefore also includes information only allowing an indirect identification by assignment to an identifier, an identification number, location data, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (i.e. your address, your telephone number, your email address, or your IP-address).
Information due to which your identity cannot be determined does not qualify as personal data. As an example, such information is all information without any connection to your name.
4. Data identification & purpose for processing
- We collect and process the following types of personal data in order to operate the Website and provide information to our users:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- We do not use this usage data in order to determine your identity and do not combine it with other personal data from third parties.
- Besides the above, you may give us information about you by filling out forms on the Website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you use the Website, search the Website, participate in discussion boards or other social media functions on the website, sign-up to a newsletter and when you report a problem with the Website. The information you give us may include your name, address, e-mail address, phone number, and personal description.
5. Data retention
We will retain the data you provide to us by using the Website for as long as necessary for the purpose of processing, yet no longer than five years.
After that, we may store your information in an aggregated and anonymized format.
6. Transfer & disclosure of personal data
We only use your personal information for internal business purposes and only transfer or disclose it to third parties whenever necessary to fulfil the legitimate purpose or to process a contractual relationship with you and only to such third parties which are supposed to help with the fulfilment of the legitimate purpose or our contract with you.
Apart from this, your personal data will not be transferred or disclosed to a third party, unless you have expressly agreed to any transfer or unless we are obliged to disclose personal data, e.g. by statutory law, court order, or official directive.
7. Cookies
Cookies are small text files, which can be stored on the hard drives of web site users. They enable personalized adjustments to be made to the Website. Furthermore, cookies are used by Decernis to analyze the use of the Website in pseudonymized form, as well as the online advertisement and to store general preferences of the user. Furthermore, we may use such statistics of users of the Website for our market research and product improvement purposes. Most browsers are activated in a form that they accept cookies automatically. You may deactivate cookies or change the settings of your browser so that it informs you as soon as cookies are sent. However, in this event, a smooth functioning of our website is no longer possible.
8. Technical infrastructure
Our technical infrastructure is based on so-called “Root Servers” at the hosting provider OVH or by Decernis. All accesses on the data-processing systems by our employees can exclusively be transmitted using encoded accesses (SSL), for which an additional authorization is necessary. We block all accesses on the data processing systems which occur on non-authorized ports. Only necessary ports and services are open. Our servers are only placed in the United States, Germany, or in the Cloud Hosted Service in France or Germany. All data are processed and stored within the United States or Germany. Decernis may have entered into a separate agreement with you regarding the specific location of the Root Servers.
9. Creation of personal profiles
We permit third parties to record information on the use of our offers without relation to personal information. Due to pseudonymization and anonymization of the gained information as well as our practices, your privacy stays protected all the time. In particular, it is possible that the use of analytical tools (webtracking) results in the creation of specific user profiles. We use – like almost every website operator – analytical tools in the form of tracking software, in order to determine the use frequency, and the number of users on the Website. For example, we use Google Analytics, a web analysis service of Google Inc. as well as other Decernis internal tools to analyze use of our Website and services.
Google Analytics tracking software uses cookies which are stored on a computer of the user and technically enable analyses of the use of the website (see also section “Cookies”). The cookie-generated information about the usage of the Website is used to create reports about the activities on the Website and to provide further services in connection to the Website use. In the case of the Google Analytics process your IP-address will be made unrecognizable, thus it will be anonymous. With Google Analytics neither we, nor the operator of the analyzing tools are able to record personal data that may reveal the identity of the user. Google Analytics can be deactivated by installing a Browser-Add-On (available under http://tools.google.com/dlpage/gaoptout?hl=de).
You can object to the use of cookies for Google webtracking by deactivating interest-based-advertising by Google via this link: https://www.google.com/settings/ads/onweb/. Also you can object to the collection of data regarding your use of this website by Google by downloading and installing the respective Browser-Plug-In via this link: http://tools.google.com/dlpage/gaoptout?hl=de.
10. Newsletter
We occasionally use newsletter services to send out emails with our newsletter on our behalf. If you would like to receive our newsletter you have to provide your email address as well as additional information allowing the verification of the specified email address and consent to receiving the newsletter (“double opt-in”).
Your consent regarding the collection, storage and use of your email address can be revoked at any time, i.e. via the “unsubscribe”-link in the newsletter or via info@decernis.com.
11. Data Subject rights
You have certain rights in relation to the personal data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by sending us a scanned copy of your ID-card. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us by email at info@decernis.com.
- Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and whom we share it with.
- Portability: You have the right to receive a subset of the personal data we collect from you in PDF-format and a right to request that we transfer such personal data to another party. If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights.
- Correction: You have the right to correct any personal data held about you that is inaccurate. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required.
- Erasure: You may request that we erase the personal data we hold about you in the following circumstances:
- you believe that it is no longer necessary for us to hold the personal data we hold about you;
- we are processing the personal data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
- we are processing the personal data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data;
- you no longer wish us to use the personal data we hold about you in order to send you marketing material;
- you believe the personal data we hold about you is being unlawfully processed by us.
- Restriction of processing: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
- Objection: At any time you have the right to object to our processing of data about you in order to send you marketing material, including where we build profiles for such purposes and we will stop processing the data for that purpose. Besides that, you may also object
- If we are processing the data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding;
- If we are processing the data on the basis of historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.
- Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
12. Right of modification
If we make any material changes to this privacy policy, we will post the updated privacy policy here and notify our users. Please check this page frequently to see any updates or changes to this privacy policy.
Karen Everstine is Senior Manager, Scientific Affairs with Decernis, which delivers technology-enabled global risk management solutions for product development, compliance, safety, regulatory, and market access. She has fifteen years of food protection experience, most recently focused on supporting the food industry in their efforts to ensure food authenticity and compliance with GFSI food fraud requirements and the EMA-provisions of the Food Safety Modernization Act. She leads food fraud support at Decernis with the Food Fraud Database, a resource that collects and standardizes relevant food fraud data to support vulnerability assessments. She has previously held both research-based and applied roles in academia, government, and non-profit organizations, and has collaborated with members of the food industry and regulatory agencies on many projects, working with expert committees on this issue. She received her PhD and MPH from the School of Public Health at the University of Minnesota and began her food safety career on “Team D” at the Minnesota Department of Health. Her areas of expertise include a strong knowledge of the food regulatory landscape, food safety and authenticity. She has authored many peer-reviewed journal articles, trade journal pieces, and regularly responds to media requests.
Robert Fellous is Senior Director, Scientific Affairs with Decernis. Robert Fellous has more than twenty years of experience in Analytical, Clinical testing and Toxicology and Regulation, particularly with the cosmetics and personal care industry. Previously, in his work at Intertek, Dr. Fellous managed: Clinical Research Services with 35 professionals; Analytical Services Lab with 35 employee providing R&D and routine tests: contaminants & controlled ingredients, characterization & identification of nanoparticles, stability tests, packaging issues (migration of species, interaction between packaging and product), in vitro test (safety and efficacy) and microbiology tests; and Consulting Services Regulatory and Toxicology for Cosmetic and Pharmaceutical products with 25 professionals: e.g. preparation of PIF (Product information file), labelling review, electronic notification to European portal, safety assessment of cosmetic raw materials and API including complex raw materials such as botanicals, literature search, in silico study (SAR Modelling (Structure Activity Relation), design and optimization of toxicological protocols to meet global regulations, placement and monitoring of studies and submission of safety dossier to SCCS, INCI Dossier submission to PCPC).
Rich LeNoir has 37 years of experience in the industry. He currently works as a
In my current role, I serve as an advisor to various clients regarding food labeling as well as supplements labeling. Key activities include:
Kim Milone is an attorney and Senior Director of Regulatory Affairs for the Company, managing all research activities and the work of Decernis’ global research team. She also coordinates the work of the Global Advisory Services practice with that of the global research team. She has served as project lead and expert in Decernis projects with major food, beverage and supplement companies.
Julie Holt is a subject matter expert in the area of food, food ingredients, additives and supplements. She has more than twenty-three years of regulatory experience in the food and food ingredients industries and managed her own advisory firm, Scientific & Regulatory Solutions LLC, for a decade. During this time, her primary client was PepsiCo. Her food ingredient competencies include: flavors, sweeteners, colors, enzymes, probiotic blends, beverages, snack foods, juice, dairy products, supplements and fine chemicals. She has provided global regulatory coverage for more than 200 countries for various employers and clients including Givaudan Flavors Corp. and Degussa AG.
Mitchell Cheeseman has 29 years of experience advising manufacturers on compliance issues for a variety of FDA regulated products including food, food additives, GRAS ingredients, processing aids, color additives, dietary supplements and dietary ingredients, animal feed and animal feed additives, cosmetics, over the counter drugs and medical devices.
Henrik Jungclas is a Project Manager at Decernis, mainly focusing on Food Contact Projects, Supply Chain Management and Auditing. Prior to his recent position, he has worked as a Regulatory Affairs Manager and auditor for quality and hygiene standards at Tetra Pak, Weidenhammer and Sonoco Consumer Products Europe since 2006. He is a trained quality manager and Six Sigma Green Belt.
Kevin is co-founder of Decernis and is an experienced regulatory attorney who has worked and consulted for 24 years in the food and consumer products space. He advises some of the world’s largest manufacturers on Food compliance and Supply Chain challenges globally. Kevin is responsible for both the regulatory content of its products and its Subject Matter Expertise across the 219 countries Decernis covers.