DIRECT DATASHEET and its subsidiaries around the world (collectively “Direct Datasheet”) are committed to respecting and protecting the privacy of those from whom they collect personal information.
This policy establishes and communicates the key principles DIRECT DATASHEET follows in protecting the personal information that it collects. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case DIRECT DATASHEET will comply with the local legal requirements.
Data Subject is any individual about whom DIRECT DATASHEET holds personal data.
Personal data is any information that allows an individual to be identified directly or indirectly (e.g., name, date of birth, title, address, telephone number and email address).
Sensitive personal data is that which, in cases of misuse, may cause unlawful or arbitrary discrimination or other serious risk to a data subject (e.g., racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, and physical or mental health conditions). Collectively, personal data and sensitive personal data are referred to as “personal information”.
Collecting and Processing Personal Information
DIRECT DATASHEET collects and processes personal information that is necessary for legitimate business purposes, which will be disclosed to the data subject at the time of collection. DIRECT DATASHEET will use and process this information only for the purposes for which it was collected, retaining the personal information only for so long as is required for the specific purpose for which the information was collected.
DIRECT DATASHEET will not collect sensitive personal data except when permitted or required to do so by law, and will do so only for legitimate business purposes. If in any other instance a need arises to collect sensitive personal data, DIRECT DATASHEET will do so only with the data subject’s express consent, which can be withdrawn at any time. DIRECT DATASHEET will not sell or rent personal information for direct marketing purposes.
When part of their job responsibilities, colleagues who collect and process personal information must comply with this policy and any applicable data protection procedures. In particular, they must: Ensure the personal information is collected and processed in accordance with this policy; Check that the personal information provided is accurate and up to date; Ensure timely updates to related internal company files; Check the information DIRECT DATASHEET distributes and provide details regarding processing notices on relevant communications; and take reasonable precautions to protect the personal information from unauthorized disclosure, loss, or destruction.
Transferring Personal Information
DIRECT DATASHEET may transfer the personal information outside the data subject’s home country when: (i) it has the consent of the data subject; (ii) it is necessary or appropriate as permitted by law to do so because it is relevant to Direct Datasheet’s dealings with the data subject; or (iii) it is required by law. DIRECT DATASHEET will comply with notification, registration or approval requirements imposed under local law regarding the cross border transfer of personal information. DIRECT DATASHEET will implement reasonable measures to protect the security and confidentiality of personal information and provide an adequate level of protection in each DIRECT DATASHEET location where the information is transferred.
In limited circumstances, DIRECT DATASHEET may disclose personal information to a third party who is providing a service to DIRECT DATASHEET will only disclose personal information if the third party has provided satisfactory assurances to DIRECT DATASHEET of its ability to provide appropriate and sufficient data privacy and security safeguards to protect the personal information from unauthorized disclosure, use or loss. Where DIRECT DATASHEET learns that a third party is using or disclosing personal information in a manner contrary to this policy, DIRECT DATASHEET will take reasonable steps to discontinue such use or disclosure. Disclosures to third parties will be only for the purposes described in this policy, for a compatible purpose, or for a purpose authorized by the data subject.
DIRECT DATASHEET gives data subjects the opportunity to choose not to have his or her personal information transferred to third parties for use in a manner incompatible with the purpose for which it was originally collected. An employee may not opt out of the transfer of his or her personal information to a third party if it is being conducted for the purpose of: (1) meeting applicable legal requirements, or (2) furthering the legitimate employment relationship with Direct Datasheet. Prior to transferring sensitive personal data for use in a manner incompatible with the purpose for which it was originally collected, explicit (opt in) choice will be sought.
Security of Personal Information
DIRECT DATASHEET has organizational, physical, administrative and technical measures in place to protect the personal information the company collects and maintains. DIRECT DATASHEET monitors to ensure that its information security program is operating in a manner to reasonably protect the personal information it collects and processes and upgrades information safeguards as necessary to limit risks of unauthorized disclosure or use. Only authorized colleagues with a valid, work-related need may access a data subject’s personal information. In the event of a data breach, DIRECT DATASHEET will issue breach notifications as may be required under applicable law.
Data Subject Rights
While personal information is maintained by DIRECT DATASHEET, a data subject may access the information pertaining to him/her to the extent required by local law to review, update and correct inaccuracies. To do so, the data subject should contact the DIRECT DATASHEET Global Privacy Officer or the Privacy Officer in the data subject’s home country (if one has been appointed). Additionally, a data subject may ask DIRECT DATASHEET to correct, update, supplement or delete personal information held on him/her.
DIRECT DATASHEET may, in its discretion, charge a reasonable, cost-based fee for access or photocopying of this information. For security purposes, DIRECT DATASHEET may require verification of identity before providing access to personal information.
If a data subject has a question about this policy or a complaint about the way DIRECT DATASHEET has collected, processed, used or disclosed his/her personal information and is located in Germany, the data subject should contact his or her local Privacy Officer. Data subjects located in any other country should contact the DIRECT DATASHEET Global Privacy Officer. Both individuals will promptly and courteously address any complaints or disputes regarding personal information. Direct Datasheet’s Privacy Officers have the responsibility to ensure that each DIRECT DATASHEET office complies with this policy around the world. It is also the responsibility of these persons to deal with and respond to all inquiries from governmental authorities. Any finding of misuse of personal information by DIRECT DATASHEET or a breach of this policy shall be remedied as soon as reasonably possible.
To verify its compliance DIRECT DATASHEET will periodically conduct a self-assessment to ensure that: (a) this policy is accurate, comprehensive, prominently displayed, completely implemented and accessible, and conforms to the Safe Harbor Principles; (b) employees are informed of the internal arrangements for handling complaints and the independent mechanisms through which they may pursue complaints; and (c) DIRECT DATASHEET has in place procedures for training the appropriate employees on the implementation of this policy and disciplining those who fail to comply.
Changes to this Policy
Attn: Privacy Officer