DATA PRIVACY NOTICE
HOW WE HANDLE YOUR PERSONAL DATA
We take protection of personal data very seriously. We follow national and international laws, regulatory obligations, guidelines, and best practices to guarantee the highest level of security and transparency of personal data for our clients. This document summarizes these efforts and answers the following questions:
Why and how is scip collecting and storing personal data
What is the lawful basis on which personal data is processed
What are your rights and our obligations related to this data handling
If you have any more comments or questions regarding the collection and processing of your personal data please contact us with the contact form on our web site.
PERSONAL DATA COLLECTING AND PROCESSING
Types of Personal Data
We are, depending on the client relationship (if any), collecting and processing this kind of personal data:
Any access to our web services including data submitted by your web browser like timestamp, IP address, hostname, browser name, browser language, operating system and requested resource;
Any records of phone calls with customers and partners including timestamp, phone number, company and name. This might also include recordings of voice communication for educational and legal purposes. Such a recording would be announced beforehand;
Where applicable, professional information about customers and partners like associated company, job title and contact information.
Depending on the customer relationship, data will fall into one of the following categories:
Necessary for the legitimate interest, without affecting personal interest or fundamental right in freedoms;
Necessary for preparing or executing services or products a customer has requested;
Required to meet our national and international legal or regulatory obligations.
Purposes of Processing
We are processing personal data only for a specific purpose in the interest of the client relationship. This is in particular:
Client on-boarding processes to verify your identity;
Managing our relationship with existing clients;
Providing products and services requested by clients;
Guarantee proper execution of requested products and services;
Helping us to learn about the demands of our customers to optimize products and services;
Meeting our on-going legal, regulatory, and compliance obligations;
Ensuring security and safety for our employees and clients.
If there is any other purpose, we will inform you in time which will allow you to prohibit further collecting and processing of your personal data.
ACCESS TO PERSONAL DATA
Data is accessible by internal employees only. We follow the least privilege principle where access is limited to employees only, if they are assigned to a project or process. All employees are required to sign a non-disclosure agreement and complete mandatory confidentiality and privacy trainings, as well as our code of conduct training. We are not sharing any kind of personal data with third parties, service providers, authorities, or the public.
During your access or submission data might traverse other countries and adjacent companies (like internet service provider, mail server, web hoster). We have no influence based on technological and topological structure of such Internet connections.
We are not working with ad networks nor are we embedding social media buttons. All files delivered to customers are hosted on WIX servers. Under some circumstances we may embed videos from external sources if it helps to enrich the user experience. Such embedded objects always enable all available privacy features (e.g. encryption, disabling 3rd party cookies, http security header).
We are providing a Secure Transfer Server, an in-house solution to exchange data via secure channels and to prevent exposed transmission via other countries and companies. Please use additional security measures like encryption (e.g. PGP/SMIME) to increase the security of all your exchanges.
We will only retain personal data as long as necessary to fulfil the purpose for which it was collected. This retention time will comply with legal, regulatory and internal policy requirements. After that retention period the data will be deleted.
You have the right to correct inaccurate personal data we collect and process. We are committed to keep your personal data accurate and up-to-date. Therefore, if your personal data changes, please inform us as soon as possible.
Where we process your personal data on the basis of your consent you have the right to withdraw this consent at any time. Please note that this withdrawal may not affect our legal or regulatory obligations of data processing.
You have the right to ask us to stop processing your personal data. You have also the right to ask us to delete personal data already collected and processed. If you are object to direct marketing, you have always the possibility to click an unsubscribe button to halt further direct marketing. We need to store such inquiries to prevent unwanted processing in the future.
Where personal data is processed after your agreement, it is possible to ask that we transfer all collected data back to you applicable under the data protection laws.
You can exercise the rights set out above by contacting our DPO (Data Protection Officer). See below for contact possibilities.
Exercising Rights and Complaints
If you have any questions or are not satisfied with the collecting and processing of your personal data, we would be happy to discuss the matters with you and find an acceptable solution. If you would like to speak to us about the use of your personal data, you can do this:
Contacting your account manager directly
Contact our DPO (Data Protection Officer) with the contact form on our web site
We have state-of-the-art technical and organizational security measures in place to prevent the unauthorized and unlawful access and misuse of personal data. Regular security testing of our services helps us to reduce the attack surface. And further monitoring, logging, and alerting systems help us to identify and react to attack attempts quickly.
Status of Privacy Notice
This privacy notice was updated in May 2018. It is a notice explaining what we do. It is not a contractual agreement with customers. We reserve the right to change this notice as needed.