Privacy Statement

1. ABOUT IDSC

This International Data Sanitization Consortium (“IDSC”) is an Industry expert forum on which knowledge and industry expertise with regard to data sanitization are published.

2. THE PURPOSE OF THIS PRIVACY STATEMENT

IDSC (“we”, “us”) are committed to protecting and respecting the privacy of individuals who visit IDSC’s website or register to use IDSC’s services or attend IDSC’s corporate events (“you”). In order to inform you of its policies and activities with respect to the collection, use and transfer of Personal Data, IDSC is providing you with an electronic copy of this Privacy Policy (the “Policy”).

In this Policy, “Personal Data” means information which relates to an individual and which identifies that individual, either directly or indirectly (together with other information that is reasonably likely to come into IDSC’s possession), such as your name, email address or telephone number.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. By visiting www.datasanitization.org and/or by subscribing through our website, providing information through our marketing forms, you are accepting and consenting to the practices described in this Policy.

3. WHO THIS PRIVACY STATEMENT APPLIES TO

This Privacy Statement provides specific information relating to the following individuals whose Personal Data we may process where we are a controller of the Personal Data under the GDPR:

  1. business contact data including our (prospective) customers, suppliers, partners, shareholders and business prospects “Business Contacts”; and
  2. prospective employees/those applying for jobs at the Company “Candidates”;
  3. users/guests of our Website “Website Users”.

Personal Data of employees of the Company is dealt with via an internal privacy notice and documentation.

4. CATEGORIES OF PERSONAL DATA*

We may process the following categories of Personal Data, however, such subject to the Data Minimisation Principle (we only process data where absolutely required). For each category we have included an example of the type of Personal Data that maybe part of that category:

Personal Data CategoryDescription
Identification Datamay include a person’s name, date of birth, driver’s license and passport information.
Contact Data*may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)
Communication Datamay include phone calls, email correspondence and hard copy correspondence.
Marketing Datamay include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Financial Datamay include payment related information or bank account details and financial data received as part of the services that we provide.
Web Datamay include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

*Considering the scope and purpose of the IDSC forum, we strive to minimize or avoid all together any personal data categories from the above list. The above list is added solely to provide an exhaustive and transparent overview of what personal data could be in scope.

5. OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process all Personal Data lawfully and in accordance with the requirements of the applicable law. The GDPR sets out the legal grounds for processing Personal Data.

When the Company processes Personal Data, it is generally on one of the following legal grounds:

CONTRACT

If applicable, we may process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.

CONSENT

For certain processing activities we may rely on your consent. For example, a Candidate may give us their consent to process their Personal Data when they apply to a position advertised on our website.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at data-privacy@datasanitization.org

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprivacy@datasanitization.org and we will review our processing activities.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.

By affirmatively acknowledging your consent to this Privacy Statement, you are agreeing that IDSC may treat your personal data in a manner consistent with this Privacy Policy.

6. SOURCES OF PERSONAL DATA

BUSINESS CONTACT PERSONAL DATA

We collect Business Contact Personal Data from our business contacts including – customers, suppliers, partners, shareholders and business prospects.

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the business relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected indirectly from a website or from a third party, including pursuant to your registration and/or attendance to a physical and virtual marketing/sales event.

WEB DATA

We collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.

We may receive Web Data about Website Users who access our advertisements or our Website regardless of whether they interact or register with the Website.

For more details please refer to our Cookie Policy

7. DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data as follows:

  • to business partners and subcontractors for the performance of any contract relating to our services, including email, Skype, Customer Relationship Management system, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • to any recruitment agency who is helping us to recruit Candidates;
  • to analytics and search engine providers that assist us in the improvement and optimisation of the Website;
  • if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
  • to protect our rights, property, or safety, or that of our Candidates or Business Contacts or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection.

When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.

8. SECURITY MEASURES

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Statement and the relevant law, including the GDPR.

In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

9. TRANSFERS OUTSIDE THE EEA

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or any alternatives thereto as determined acceptable by the EU Commission and/or by the applicable data privacy authorities in the relevant country/region. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR and other applicable data privacy laws and regulations.

10. COOKIES

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them.

Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Policy.

11. THIRD PARTY WEBSITES

Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

12. RETENTION

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy is as follows:

Purpose of ProcessingCategories of Personal DataRetention Period*

Service Delivery Activities

  • Identification Data
  • Contact Data
  • Communications Data
24 months after completion of service delivery activities in the case where there is no further meaningful engagement.

Marketing and Promotion Activities

  • Marketing Data
  • Contact Data
  • Web Data
12 months in the case where no meaningful engagement or earlier in the case you unsubscribe.

Website Delivery

  • Web Data
12 months

Management of Corporate Affairs

  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
7 – 10 years unless there is a mandatory legal requirement to retain indefinitely (this depending on a countries legal requirements)

*The provided retention periods are indicative and only apply if in scope of the IDSC and furthermore subject to local data privacy and other mandatory legislation as applicable.

13. YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

  • You can ask for access and disclosure to the Personal Data we hold on you
  • You can ask to change Personal Data you think is inaccurate
  • You can ask to delete Personal Data (right to be forgotten)
  • You can ask us to limit what we use your Personal Data for
  • You can ask to have your Personal Data moved to another provider (data portability)
  • You can ask to opt-out of the sale of personal information (if applicable)
  • You can make a complaint

14. AMENDMENTS TO THIS PRIVACY STATEMENT

We may post any changes on the Website and when doing so will change the effective date at the top of this Privacy Statement. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

Thank you for reading our Privacy Statement.

To exercise any of your rights regarding your Personal Data, or in case you have any concerns or questions regarding this Privacy Statement, please e-mail us at data-privacy@datasanitization.org or call us at +31651661428 or write us at:

Attn. Data Protection Office (Legal Department)
Data Sanitization Consortium (Blancco UK Ltd.)
Suite 1, Chapel House
Thremhall Park
Start Hill
Bishops Stortford
Hertfordshire CM22 7WE
United Kingdom
Telephone: +31 651661428

We are committed to help you in finding a reasonable and fair resolution of any issue or complaint you may have regarding data privacy. As stated earlier, you always retain the right to lodge a complaint with the competent supervisory authority in your country and/or region.

Please Contact Us at data-privacy@datasanitization.org if you have any questions. If we are unable to resolve your concerns, you always have the right to contact the supervisory (data privacy) authority in the country where you live or work, or where you consider that the data protection rules have been breached.