The Supplier's privacy policy is designed to protect all Personal Information that is sent to, stored and/or processed by the Data Extraction Services. This policy outlines the Supplier's policies around access to, and retention and security of, Personal Information.
The Supplier will treat the Licensee and its personnel as being authorised to access any Personal Information that is sent to the Data Extraction Services under the Licensee’s account, either directly or to a further sub-organisational group. This includes Personal Information that forms part of data that is not owned by the Licensee but is sent under the Licensee's use of the Data Extraction Service (such as Personal Information that forms part of the Licensee's customers' data). It is the responsibility of the Licensee to obtain all consents and approvals that are necessary for the Licensee and its personnel to access Personal Information as described above.
The Supplier will not disseminate any Personal Information held by it to any 3rd party except:
In some cases, it is possible that there will be authorised access of Personal Information to parties beyond:
This for example could exist in a scenario where an intermediary sits between the Licensee and the end customer - for example such as in a model where the direct customer of the Supplier is a software vendor and there is a "reseller" intermediary with authorised access between the direct customer of the Supplier and the end customer.
In all such cases, it is the responsibility of the Licensee (for the provision of the relevant Service) to obtain all consents and approvals that are necessary for such parties to access the Personal Information as described above.
The Licensee agrees that the Supplier may provide information about which parties have access to Personal Information to the relevant Data Subject, in accordance with applicable law.
Any Personal Information forming part of the Data that is held by the Supplier will be accessible by the Licensee, the Data Subject, any party that the Licensee or the Data Subject has authorised to access it, or any party that otherwise has a legal right to have access to it. This is either through typical access methods to the Supplier's system(s) or otherwise (for example accessing deleted Personal Information forming part of data held in backup by the Supplier). Charges may apply for access to data that is no longer in the Supplier's customer facing system(s) (due to for example retrieval costs of that data).
Security of login/access information is solely the responsibility of the Licensee and the Supplier accepts no liability where the Licensee or its personnel have failed to properly secure system access leading to a disadvantageous situation for the Licensee or its personnel or customers (such as unauthorised data access).
The Data Extraction Service(s) are primarily processing based system and as such the Supplier's retention of Personal Information is generally limited. The Supplier provides no guarantees in relation to the time period that Personal Information will be retained once it enters its system(s).
The Supplier's Service(s) run via a global network of computers that are located in various countries and jurisdictions. Due to the nature of the Supplier's system(s), the location for various aspects of the Licensee's data that passes through its systems will be fixed to certain locations.
The Supplier commits to providing full information on the locations where the Data under the Licensee’s account is stored or processed.
The Supplier undertakes rigorous internal processes and has implemented strong security policies to protect all Personal Information sent, residing or being processed through its system(s). This includes standard industry practices for access management, storage, processing and transit of Personal Information.
The Supplier provides encrypted options for any data to be passed between it and 3rd parties and it highly recommends that 3rd parties utilise only these options for any data transfers.
Where there is any breach of this privacy policy relating to Personal Information forming part of the Data, the Supplier will provide details of the breach to the Licensee as soon as reasonably practicable. This is only within its (the Supplier's) ability to understand the scope and details of a breach for example what is available within logs, audit histories etc..