Last updated: April 30, 2018
SSCI is committed to protecting the privacy of visitors of the SSCI website(s), individuals who register to use the products and services, individuals who register to attend the Company’s corporate or other events, and business partners. The following privacy notices explain our privacy practices related to these activities and how SSCI may collect, use, and/or share personal information.
The EU General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to strengthen the security around and enhance the protection of personal data of EU residents. SSCI has a dedicated, cross-functional team overseeing SSCI’s GDPR readiness. We discuss SSCI’s efforts and commitment to GDPR below.
SSCI is committed to protecting the privacy of those involved in its business. This Privacy Notice is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.
Last updated: April 30, 2018
SSCI Worldwide, LLC and its affiliated companies and subsidiaries (“SSCI,” “we” or “us”) are committed to protecting the privacy of visitors of the SSCI website(s), individuals who register to use the products and services, individuals who register to attend the Company’s corporate events, and business partners (“Customers”). This Privacy Notice (“Privacy Notice” or “Notice”) describes our privacy practices in relation to the use of SSCI websites (including any customer portal or interactive customer website), its software, services, solutions, tools, and related applications, services, and programs, including attendance of corporate events and research and marketing activities, offered by SSCI (the “Services”) as well as your choices regarding use, access and correction of personal information.
This Privacy Notice describes how we collect, use, disclose and otherwise process personal data collected related to our Services and otherwise in the course of our business activities, including the information practices of the websites that link to this Privacy Notice (“Sites”).
This Privacy Notice does not apply to information collected about SSCI employees, applicants, or other personnel.
The SSCI Sites may contain links to other websites; and information practices and/or the content of such other websites shall be governed by the privacy statements of such other websites.
SSCI provides its Services – which include IT management and monitoring solutions such as network, systems and database management, security solutions, applications and infrastructure monitoring, and IT helpdesk tools – to business customers, directly, and through distributors, resellers, and managed service providers (MSPs).
SSCI has certified its compliance to the Privacy Shield principles of: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability (the “Principles”), with respect to personal data that we process on behalf of our Customers established in the European Union and Switzerland. For more information about our Privacy Shield commitment, refer to the Privacy Shield section below.
You can learn more about Privacy Shield at https://www.privacyshield.gov and see our Privacy Shield self-certification at https://www.privacyshield.gov/list. SSCI’s self-certification to the Privacy Shield is subject to the investigatory and enforcement authority of the Federal Trade Commission.
Customer Owned Data
As a provider of Services, we may receive, process or store certain information, including personal information, on behalf of our Customers. All such information (“Customer Data”) is owned and controlled by our Customers, who are the data controllers for such information with respect to EU data protection law. Customer Data may include information from the end points and other systems, tools or devices that Customers manage or monitor using our Services, and end user data related to individuals activities on Customer’s network and systems. It may also include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. SSCI is a data processor for Customer Data.
Data Relating to Our Customers and Users of Our Sites. SSCI collects information as part of its normal business operations and in the administration of its relationship with Customers, which may include personal information.
Business Contact and Customer Relationship Management. We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, financial account, credit card information, order details, subscription and license information, and usage details. In addition, we collect user credential and profile data (name, contact, authorized users) of Customer’s authorized users and account administrators.
Data Submitted on Sites. In order to access or use certain portions of the Sites, to enjoy the full functionality of the Sites, or to conduct or seek to conduct business with us, you may be prompted to provide certain personal data to us, including in the following ways:
by filling in forms (for example, a ‘Contact Us’ form) on our Sites or at a trade show or anywhere else we conduct business;
by downloading or accessing the SSCI Services;
by downloading documentation from our Sites;
by subscribing to newsletters or other communications; or
by corresponding with us by phone, e-mail or otherwise using our contact details.
Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to resolve any enquiries or complaints.
Third Parties. We may also obtain personal data about Customers from third parties, such as LinkedIn and other publicly accessible sources.
Customer Support and Service. When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers related to such support or service requests. We may also collect call recordings related to support and customer service-related calls.
Usage Details. We collect information about Customers’ usage of our Services, including IP address, Customer ID, email address, and other usage statistics. We do not collect usage details about Customer end users, except as necessary for support or to provide the Services requested by Customers (in which case we are a data processor of such data).
When you visit our Sites, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:
- your domain;
- your IP address;
- your date, time and duration of your visit;
- your browser type;
- your operating system;
- your page visits;
- information from third parties;
- other information about your computer or device; or
- Internet traffic.
De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular customer or an individual data subject (“De-identified Data”), subject to the terms of any applicable customer agreements. We may use this data to improve our Services, analyze trends, publish market research, and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.
Other Data. SSCI collects, uses and maintains certain data related to its business and the Services it provides to Customers, which is not personal data; this privacy notice does not restrict our use and processing of such data, including:
Use of Personal Data
The following is an overview of our purposes for using personal data that we process as a data controller. Additional details on how we process your personal data may be provided to you in a separate notice or contract.
For individuals in the European Union, our processing (i.e. use) of your personal data is justified on the following legal bases:
- the processing is necessary to perform a contract with you or take steps to enter into a contract at your request;
- the processing is necessary for us to comply with a relevant legal obligation;
- the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities; or
- you have consented to the processing.
We use the personal data we collect to:
- conduct and develop our business with you and with others;
- process, evaluate and complete certain transactions involving the Sites, and more generally transactions involving SSCI’ Services;
- operate, evaluate, maintain, improve and develop the Sites (including by monitoring and analyzing trends, access to, and use of the Sites for advertising and marketing);
- evaluate, improve and develop our Services generally;
- customize our Sites to users’ needs;
- engage you about events, promotions, the Sites and SSCI’ Services;
- provide you with documentation or communications which you have requested;
- correspond with users to resolve their queries or complaints;
- provide you with any Services you request;
- send you marketing communications, where it is lawful for us to do so;
- protect and ensure safety of the Sites, SSCI confidential and proprietary information, and SSCI employees;
- manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.
Disclosure of Personal Data
SSCI is a global group of companies, and we may share personal data with our affiliated businesses as part of our business operations and administration of the Services. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services or the Sites. SSCI may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by SSCI to perform on SSCI’s behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or it believes that the disclosure will further an investigation of suspected or actual illegal activities.
SSCI reserves the right to share any information that is not deemed personal data or is not otherwise subject to contractual restrictions.
If personal data is transferred outside the EU to other SSCI group companies or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield. For transfers to other SSCI group companies in the United States (a country that has not received a decision from the European Commission determining that the United States provides adequate protection to personal data), we have put in place European Commission approved Standard Contractual Clauses, which protect personal data transferred between SSCI entities. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting firstname.lastname@example.org.
We contractually require agents, service providers, and affiliates who may process personal data related to the Services to provide the same level of protections for personal data as required under the Principles. SSCI currently does not transfer personal data to a third party for the third party’s own use, but only for SSCI’ purposes as outlined above. SSCI will remain liable under the Principles if one of its third party processors processes personal data in a manner inconsistent with the Principles, if we are responsible for the event giving rise to the damage.
Law Enforcement or National Security. In accordance with our legal obligations, we may also transfer Customer Data, subject to a lawful request, to public authorities for law enforcement or national security purposes.
Additional Disclosures. We may also disclose Customer Data (including any personal data), where otherwise required by law.
Business Transfers. We may share personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets.
Just-in-Time Disclosures. Additional disclosures or information about processing of personal information related to specific websites, mobile applications, products, services, or programs may be provided to you. These may supplement and/or clarify SSCI privacy practices in specific circumstances and provide you with additional choices as to how SSCI may process your personal information.
The Sites, Services and Portal are not for use by children under the age of 16 years and SSCI does not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the Sites to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify SSCI and SSCI will delete all such personal data.
Where lawful to do so, and subject to your consent where required, we may communicate with Customers (and related business contacts) about our Services. If you wish to unsubscribe from receiving marketing communications, please visit the Email Preference Center on our Site to request that we will stop sending you communications.
SSCI aims to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and SSCI utilizes and maintains certain reasonable processes, systems, and technologies to do so. However, you acknowledge that no environment is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by SSCI are subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
Retention of Your Personal Data
We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
The Sites may contain links to third party sites. Since SSCI does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Policy applies solely to personal data collected by our Sites or in the course of our business activities.
Subject to applicable law, you may have rights available to you in respect of your personal data, including:
· to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
· to rectify inaccurate personal data (including the right to have incomplete personal data completed);
· to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
· to restrict processing of your personal data under certain circumstances
· to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
· to withdraw your consent to our processing of your personal data (where that processing is based on your consent); and
· to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.
In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.
You also have the right to lodge a complaint with your local supervisory authority for data protection.
In relation to all of these rights, please contact us at email@example.com . Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.
If you contact us regarding Customer Data for which we are a data processor, we will attempt to refer your request to the relevant Customer, and data controller for your personal data.
Privacy Shield Dispute Resolution
We encourage EU and Swiss individuals who have questions or complaints about how we process their personal data under Privacy Shield to contact us at firstname.lastname@example.org . We will work to resolve your issue as quickly as possible, but in any event, within 45 days of receipt.
If you have an unresolved privacy or data use complaint that we have not addressed satisfactorily, please contact, free of charge, our dispute resolution provider, JAMS, at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
If you are an EU or Swiss individual and unable to resolve any complaints through any of the above methods, you may be able to invoke binding arbitration through a Privacy Shield panel, in accordance with the Privacy Shield Framework at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.
If you have any questions in relation to this Notice, please contact us at: email@example.com .