- About the IDSC
- What is Data Sanitization?
- Policies & Standards
This International Data Sanitization Consortium (“IDSC”) is an Industry expert forum on which knowledge and industry expertise with regard to data sanitization are published.
In this Policy, “Personal Data” means information which relates to an individual and which identifies that individual, either directly or indirectly (together with other information that is reasonably likely to come into IDSC’s possession), such as your name, email address or telephone number.
Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. By visiting www.datasanitization.org and/or by subscribing through our website, providing information through our marketing forms, you are accepting and consenting to the practices described in this Policy.
This Privacy Statement provides specific information relating to the following individuals whose Personal Data we may process where we are a controller of the Personal Data under the GDPR:
Personal Data of employees of the Company is dealt with via an internal privacy notice and documentation.
We may process the following categories of Personal Data, however, such subject to the Data Minimisation Principle (we only process data where absolutely required). For each category we have included an example of the type of Personal Data that maybe part of that category:
|Personal Data Category||Description|
|Identification Data||may include a person’s name, date of birth, driver’s license and passport information.|
|Contact Data*||may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)|
|Communication Data||may include phone calls, email correspondence and hard copy correspondence.|
|Marketing Data||may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.|
|Financial Data||may include payment related information or bank account details and financial data received as part of the services that we provide.|
|Web Data||may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.|
*Considering the scope and purpose of the IDSC forum, we strive to minimize or avoid all together any personal data categories from the above list. The above list is added solely to provide an exhaustive and transparent overview of what personal data could be in scope.
We process all Personal Data lawfully and in accordance with the requirements of the applicable law. The GDPR sets out the legal grounds for processing Personal Data.
When the Company processes Personal Data, it is generally on one of the following legal grounds:
If applicable, we may process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.
For certain processing activities we may rely on your consent. For example, a Candidate may give us their consent to process their Personal Data when they apply to a position advertised on our website.
Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at email@example.com
At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at firstname.lastname@example.org and we will review our processing activities.
If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.
We collect Business Contact Personal Data from our business contacts including – customers, suppliers, partners, shareholders and business prospects.
We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.
We receive Personal Data about Business Contacts from a variety of sources, as follows:
We collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.
We may receive Web Data about Website Users who access our advertisements or our Website regardless of whether they interact or register with the Website.
In certain circumstances, we may disclose Personal Data as follows:
When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Statement and the relevant law, including the GDPR.
In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.
We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.
Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.
We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.
If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.
If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or any alternatives thereto as determined acceptable by the EU Commission and/or by the applicable data privacy authorities in the relevant country/region. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR and other applicable data privacy laws and regulations.
Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them.
Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Our retention policy is as follows:
|Purpose of Processing||Categories of Personal Data||Retention Period*|
Service Delivery Activities
|24 months after completion of service delivery activities in the case where there is no further meaningful engagement.|
Marketing and Promotion Activities
|12 months in the case where no meaningful engagement or earlier in the case you unsubscribe.|
Management of Corporate Affairs
|7 – 10 years unless there is a mandatory legal requirement to retain indefinitely (this depending on a countries legal requirements)|
*The provided retention periods are indicative and only apply if in scope of the IDSC and furthermore subject to local data privacy and other mandatory legislation as applicable.
You have various rights relating to how your Personal Data is used.
We may post any changes on the Website and when doing so will change the effective date at the top of this Privacy Statement. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.
Thank you for reading our Privacy Statement.
To exercise any of your rights regarding your Personal Data, or in case you have any concerns or questions regarding this Privacy Statement, please e-mail us at email@example.com or call us at +31651661428 or write us at:
Attn. Data Protection Office (Legal Department)
Data Sanitization Consortium (Blancco UK Ltd.)
Suite 1, Chapel House
Hertfordshire CM22 7WE
Telephone: +31 651661428
We are committed to help you in finding a reasonable and fair resolution of any issue or complaint you may have regarding data privacy. As stated earlier, you always retain the right to lodge a complaint with the competent supervisory authority in your country and/or region.
Please Contact Us at firstname.lastname@example.org if you have any questions. If we are unable to resolve your concerns, you always have the right to contact the supervisory (data privacy) authority in the country where you live or work, or where you consider that the data protection rules have been breached.