dss+ MIRA™ Platform Privacy Policy

This privacy policy (the Privacy Policy) applies to the processing of personal data by DSS Sustainable Solutions Switzerland SA (CHE-371.503.138), Chemin du Pavillon 2, CH-1218 Le Grand Saconnex Geneva, Switzerland (dss+, we, us or our) in connection with the dss+ MIRA Platform accessible at a customised subdomain of https://dssinsights.mira.consultdss.com/ as notified from time to time (the MIRA Platform).

By accessing and using the MIRA Platform, you expressly acknowledge that we collect and process your personal data in accordance with this Privacy Policy.

We reserve the right to amend the Privacy Policy at any time at our sole discretion in order to adapt it to any new commercial or technological practice or change in the law. Should this occur, we will inform you by any appropriate means (including via email or the MIRA Platform, e.g. banners, pop-ups or other notification mechanisms). If you do not accept these amendments, your sole remedy is to no longer access and/or use the MIRA Platform.

1. Introduction

1.1 We recognize the importance of your privacy and of transparency in our processing of your personal data. This Privacy Policy explains (i) which personal data are collected when you access and use the MIRA Platform, (ii) the manner and the purposes for which we process the personal data, and (iii) the measures which we take in order to protect such personal data.

1.2 The MIRA Platform is a tool that we provide to your employer, respectively the organization to which you are affiliated in any other way (Organization). This Privacy Policy does not govern how your Organization process your personal data. Please refer to your Organization's policies and contact your Organization directly for any inquiry relating to the use of your personal data by it.

2. How and Why We Process Your Personal Data

We only process your personal data when we have a valid reason to do so, in accordance with the law.

2.1 We process your personal data in compliance with Swiss data protection law and the UE General Data Protection Regulation and only when we have a valid reason to do so, as further specified below.

To provide the MIRA Platform and Services to You or Your Organization

2.2 We mainly process your personal data to provide the MIRA Platform and Services to your Organization and you, in accordance with your Organization's instructions. In this case, our processing of your personal data in connection with the MIRA Platform is governed by a contract between us and your Organization, and your use of the MIRA Platform is subject to your Organization's policies.

For our legitimate business interests, including to improve our MIRA Platform and services

2.3 Furthermore, we may also process your personal data for our legitimate business operations related to providing the MIRA Platform.

2.4 When doing so, we generally rely on your legitimate business interest. We may also process your data we have obtained your prior unambiguous consent for. You may withdraw your consent, respectively object to such processing activities, at any time.

If we have a legitimate interest or a legal obligation to do so.

2.5 We may further process your personal data to comply with our legal or regulatory obligations. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or the establishment, exercise or defence of legal claims.

3. How and Where We Collect Your Personal Data

We collect the personal data which you provide or which is provided by your Organization.

3.1 We collect the personal data that your Organization provides us with in connection with the MIRA Platform.

3.2 Such information may include your user name (Login ID), first and last name, password, employer name, language preference and status any other information which we may request from you, or which may be provided by your Organization.

Certain personal data are also collected in an automated manner.

3.3 We may also automatically collect personal data when you access and use the MIRA Platform, including by means of tools, web forms, cookies and other active elements contained in our emails and/or those of our partners, including name and email address.

You can define certain authorizations and settings related to the automated collection of your personal data.

3.4 You may define certain authorizations related to data collection in the settings of your device or of your web browser, according to the available functionalities.

3.5 You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on the MIRA Platform. For more detailed information, please consult the chapter on cookies below.

4. Processing Methods

We may process your personal data by automated means but takes appropriate security measures in this respect.

4.1 Our processing activities are carried out both by humans and with computers or computer tools, and in compliance with the purposes indicated in this Privacy Policy. We take the appropriate technical and organizational security measures to prevent the unauthorized access, disclosure, modification, alteration or destruction of your personal data.

4.2 We may process your data to remove any information that identifies you and your Organization from it (anonymization) and further use such anonymised data for purposes not contemplated by this Privacy Policy (including for data mining, benchmarking and analytics purposes, or for developing and marketing new services).

5. How long do we store your Personal Data?

5.1 We will not retain your personal data for a longer period than necessary for the purposes as outlined in this Privacy Policy.

5.2 If you leave your Organization (e.g. in the event of change of employment), and if your Organization requests us to do so, your account and access to the MIRA Platform will be removed. In this case, we will delete from our servers or anonymised any personal data associated with your account.

6. Communication to Third Parties

We may disclose your personal data to third parties in case this is necessary for the proper operation of the MIRA Platform and the provision of the related services, or for promotional services.

6.1 We may communicate your personal data to third parties for the purpose of operating the MIRA Platform. This may include Microsoft Azure (hosting services) as well as our affiliated entities which provide services related to the MIRA Platform.

We may also disclose your personal data to third parties when we have a legitimate interest or legal obligation to do so

6.2 We may also disclose your personal data when we have a legitimate interest to do so, for instance to (i) any third party to whom we assigns or transfers any of our rights or obligations; (ii) to competent courts or supervisory or regulatory bodies, when we must compellingly disclose your personal data, pursuant to any applicable law, regulation or order.

7. International Transfers

Your personal data may be disclosed outside of your country of residence, including to countries that do not guarantee the same level of data protection and privacy as Switzerland and the European Union.

7.1 If you are a resident of a country within the European Economic Area (the “EEA”) or Switzerland, we will store your data in data centers of Microsoft Azure located within the EEA exclusively. We will store the personal data of other Users in data centers of Microsoft Azure located in France or Brazil.

7.2 Should your personal data be transferred to or become accessible from outside of these regions as a result of the technical or operational infrastructure of a provider of our choosing (see chapter 6 above), then we will ensure such transfer or access is in accordance with applicable data protection laws and will put in place the required appropriate safeguards (for instance by relying on the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, or on standard clauses adopted by the European Commission). By providing us with information and data, you expressly consent to such transfers or access, which include without limitation India; USA or Brazil . Your personal data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA or Switzerland, who works for us or our service providers.

7.3 You may request additional information in this respect and obtain a copy of the relevant safeguards upon request through sending a request to the contact indicated section 11 below.

8. Security

We maintain physical, technical and procedural safeguards to keep secure your personal data.

8.1 We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Policy. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our website, we encrypt it using secure socket layer (SSL) technology.

8.2 Although we take appropriate steps to protect your personal data, no website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

8.3 The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Policy applies to your use and disclosure of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

9. Cookies and Similar Technologies

We use cookies and other similar technologies in connection with the MIRA Platform.

9.1 A cookie is a small data file that we transfer to and is stored on your electronic device. For example, we use cookies or other analytics tools to measure the traffic to and usage of the MIRA Platform and their distinctive features, and other miscellaneous uses.

9.2 We may use various types of cookies or other similar technologies some of which are likely to automatically process data directly on your devices and/or to transfer data personal concerning you to us.

You may manage the cookies and similar technologies via the settings of your browser and/or your devices.

9.3 If you do not want cookies to be stored on your device, you may configure your browser or your device to refuse and/or restrict the cookies. You may also change your cookies preferences through the interface available on the MIRA Platform. However, we only use essential cookies to the functioning of the MIRA Platform itself and its use may be altered or prevented by refusing these cookies.

9.4 For more information, please visit http://www.allaboutcookies.org/fr/. Please check the user help sections of your internet browser or electronic devices for specific instructions on the management of cookies.

We use the following cookies:

Essential cookies

9.5 Some cookies we place on your electronic device ensure that the MIRA Platform delivers you without limitation information securely and optimally. The Service/website cannot function properly without these Cookies.

Cookie Provider Stored / processed data Expiry Description
XSRF-TOKEN, tableau_locale, workgroup_session_id Tableau Authentication tokens, Language When the browsing session ends Tableau authentication

10. Your Rights

You have the right to access your personal data processed by us and may request without limitation that they be removed, updated, or rectified.

10.1 You should direct your privacy inquiries relating to the use of your personal data on behalf of your Organization, including any requests to exercise your data protection rights, directly to your Organization’s contact person.

10.2 If you have questions about our legitimate business operations in connection with providing the MIRA Platform to your Organization, as specified in sections 2.3 to 2.5, you may contact us to know the content of such personal data, verify their accuracy and request that they be supplemented, removed, updated, or rectified. You also have the right to ask us to cease processing any personal data that may have been obtained in breach of applicable law, and to object to the processing of your personal data for any other legitimate reason.

10.3 Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent.

10.4 You may also have the right to request your personal data’s portability, i.e. that the personal data you have provided to you be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to our confidentiality obligations, subject to applicable data protection laws.

You have the right to lodge a complaint

10.5 If you are not satisfied with how we process your personal data, you may file a complaint with the competent supervisory authority, in addition to your rights outlined above.

11. Contact

11.1 As indicating above, if you have questions about our processing of your personal data in connection with providing the MIRA Platform, please contact your organization directly.

11.2 For other inquiries, please contact us at Chief Privacy Officer or privacy@consultsdss.com.

Date last updated: August 2020