Status: May 2018
1. General information & Contact details
Data protection is taken seriously by Decernis LLC (hereinafter “Decernis“, “we” or “us”). Decernis is the operator of the Decernis Global Compliance Management Service including gComply, gComply Plus, Horizon Scanning, Compliance Dashboard, Supply Chain Management System and other solutions that may be provided available at decernis.com (or any successor site or domain owned by Decernis) (the “Website”) and therefore the responsible body (controller) as regards the processing of the users’ personal data submitted through the Website.
Controller pursuant to the (EU) General Data Protection Regulation (“GDPR”):
2101 Gaither Road, Suite 150 Rockville, MD 20850 USA
Data Protection Officer (“DPO”): Kevin Kenny, COO
Our data protection officer (“DPO”) can be contacted by email at: email@example.com
2. Scope of application
3. What is personal data?
Personal data means “any information relating to an identified or identifiable natural person”. The term therefore includes information concerning known or already identified persons, as well as any information allowing us to directly or indirectly identify you. It therefore also includes information only allowing an indirect identification by assignment to an identifier, an identification number, location data, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (i.e. your address, your telephone number, your email address, or your IP-address).
Information due to which your identity cannot be determined does not qualify as personal data. As an example, such information is all information without any connection to your name.
4. Data identification & purpose for processing
- We collect and process the following types of personal data in order to operate the Website and provide information to our users:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- We do not use this usage data in order to determine your identity and do not combine it with other personal data from third parties.
- Besides the above, you may give us information about you by filling out forms on the Website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you use the Website, search the Website, participate in discussion boards or other social media functions on the website, sign-up to a newsletter and when you report a problem with the Website. The information you give us may include your name, address, e-mail address, phone number, and personal description.
5. Data retention
We will retain the data you provide to us by using the Website for as long as necessary for the purpose of processing, yet no longer than five years.
After that, we may store your information in an aggregated and anonymized format.
6. Transfer & disclosure of personal data
We only use your personal information for internal business purposes and only transfer or disclose it to third parties whenever necessary to fulfil the legitimate purpose or to process a contractual relationship with you and only to such third parties which are supposed to help with the fulfilment of the legitimate purpose or our contract with you.
Apart from this, your personal data will not be transferred or disclosed to a third party, unless you have expressly agreed to any transfer or unless we are obliged to disclose personal data, e.g. by statutory law, court order, or official directive.
Cookies are small text files, which can be stored on the hard drives of web site users. They enable personalized adjustments to be made to the Website. Furthermore, cookies are used by Decernis to analyze the use of the Website in pseudonymized form, as well as the online advertisement and to store general preferences of the user. Furthermore, we may use such statistics of users of the Website for our market research and product improvement purposes. Most browsers are activated in a form that they accept cookies automatically. You may deactivate cookies or change the settings of your browser so that it informs you as soon as cookies are sent. However, in this event, a smooth functioning of our website is no longer possible.
8. Technical infrastructure
Our technical infrastructure is based on so-called “Root Servers” at the hosting provider OVH or by Decernis. All accesses on the data-processing systems by our employees can exclusively be transmitted using encoded accesses (SSL), for which an additional authorization is necessary. We block all accesses on the data processing systems which occur on non-authorized ports. Only necessary ports and services are open. Our servers are only placed in the United States, Germany, or in the Cloud Hosted Service in France or Germany. All data are processed and stored within the United States or Germany. Decernis may have entered into a separate agreement with you regarding the specific location of the Root Servers.
9. Creation of personal profiles
We permit third parties to record information on the use of our offers without relation to personal information. Due to pseudonymization and anonymization of the gained information as well as our practices, your privacy stays protected all the time. In particular, it is possible that the use of analytical tools (webtracking) results in the creation of specific user profiles. We use – like almost every website operator – analytical tools in the form of tracking software, in order to determine the use frequency, and the number of users on the Website. For example, we use Google Analytics, a web analysis service of Google Inc. as well as other Decernis internal tools to analyze use of our Website and services.
We occasionally use newsletter services to send out emails with our newsletter on our behalf. If you would like to receive our newsletter you have to provide your email address as well as additional information allowing the verification of the specified email address and consent to receiving the newsletter (“double opt-in”).
Your consent regarding the collection, storage and use of your email address can be revoked at any time, i.e. via the “unsubscribe”-link in the newsletter or via firstname.lastname@example.org.
11. Data Subject rights
You have certain rights in relation to the personal data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by sending us a scanned copy of your ID-card. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us by email at email@example.com.
- Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and whom we share it with.
- Portability: You have the right to receive a subset of the personal data we collect from you in PDF-format and a right to request that we transfer such personal data to another party. If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights.
- Correction: You have the right to correct any personal data held about you that is inaccurate. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required.
- Erasure: You may request that we erase the personal data we hold about you in the following circumstances:
- you believe that it is no longer necessary for us to hold the personal data we hold about you;
- we are processing the personal data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
- we are processing the personal data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data;
- you no longer wish us to use the personal data we hold about you in order to send you marketing material;
- you believe the personal data we hold about you is being unlawfully processed by us.
- Restriction of processing: You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
- Objection: At any time you have the right to object to our processing of data about you in order to send you marketing material, including where we build profiles for such purposes and we will stop processing the data for that purpose. Besides that, you may also object
- If we are processing the data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding;
- If we are processing the data on the basis of historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.
- Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
12. Right of modification