Privacy Policy

This privacy policy (the Privacy Policy) applies to the processing of personal data by DSS Sustainable Solutions Switzerland SA (CHE-371.503.138), Rue Pierre Fatio 15, c/o Gyrus Capital SA, 1204 Genève (DSS Sustainable Solutions, we, us or our)) in connection with the platforms accessible without limitation at www.consultdss.com and www.dsslearning.com (the Platforms).

By accessing and using the Platforms, you expressly agree that we process your personal data in accordance with this Privacy Policy.

We reserve the right to amend the Privacy Policy at any time at our sole discretion in order to adapt it to any new commercial or technological practice or change in the law. Should this occur, we will inform you by any appropriate means (including via email and/or the Platforms). If you do not accept the amendments thus made by us, your sole remedy is to no longer access and/or use the Platforms.

1.          Introduction

1.1       The Privacy Policy explains (i) which personal data are collected when you access and use the Platforms, (ii) the manner and the purposes for which we process the personal data, and (iii) the measures which we take in order to protect such personal data.

1.2       We will only process your personal data if we have valid legal ground, when:

-     we have obtained your prior unambiguous consent;

-     the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;

-     the processing is necessary to comply with our legal or regulatory obligations; or

-     the processing is necessary for our legitimate interests except where they are overridden by your interests or fundamental rights and freedoms. Relevant ‘legitimate interests’ include: (i) to benefit from cost-effective services (e.g. we may opt to use certain platforms offered by suppliers); (ii) to protect the security of our IT systems, architecture and networks; and (iii) to meet our corporate and social responsibility objectives.

2.          How and Where We Collect Your Personal Data

2.1       We collect, directly or indirectly via our partners, the personal data you provide in your correspondence with us and/or our partners, or in your use of the Platforms, for example, when creating and/or managing your account when you order a product or service, apply for credit or make a request, when you register for subscriptions, technology forums or other communications through the Platforms, when you participate in a contest, promotion, sweepstakes, survey or other promotion, when you participate in a blog or forum, when we conduct market research, meet you at a trade show or other event.

2.2       Such information may include your name, date of birth, gender, address, email, telephone and/or fax numbers, invoice and/or credit card information, business name, business address, tax ID number, national ID number, financial and banking information when you apply for a credit, password and reminder questions and/or answers, purchase history, social security number and any other information which we and/or our partners may request from you.

We may also automatically collect personal data when you access and use the Platforms, including by means of tools, web forms, cookies and other active elements contained in our emails and/or those of our partners, such as the IP address or other user identifications on your devices, visiting date on the Platforms, the geolocation of your devices, the data contained in your device, the data contained in third party services (e.g. social plug-ins), your preferences, the internet sites that you visit before and after the Platforms, the links displayed on the Platforms which you select or other information related to your interaction with the Platforms, including with the emails sent in connection with the Platforms.

You may define certain authorizations related to data collection, in particular in connection with the geolocation and your device’s right to access data contained in your device, according to the available functionalities. You may also define certain settings for the automated collection of your personal data on your web browser or through the Platforms. For more detailed information, please consult the chapter on cookies below.

3.          Processing Methods

3.1       We process your personal data in compliance with Swiss data protection law and the UE General Data Protection Regulation and namely takes the appropriate technical and organizational security measures to prevent the unauthorized access, disclosure, modification, alteration or destruction of your personal data. Data processing is carried out with computers or computer tools, and in compliance with the purposes indicated in this Privacy Policy.

3.2       We do not use any individual decision-making based solely on automated processing including profiling mechanisms on the Platforms.

4.          Purposes of Data Processing

4.1       Your personal data are collected so that we may operate the Platforms and provide the services connected therewith, e.g. for interacting with you, providing you with the requested information, or fulfilling your purchases, or in the manner expressly indicated when the personal data concerned are collected.

4.2       We may use your personal data, in particular, the contact details as well as other indications and data collected in accordance with this Privacy Policy, for advertising purposes, e.g. to send you information and offers relating to our products and services and/or of our partners, such as prospectuses, newsletters, and other advertising messages. You may withdraw your consent at any time.

4.3       Notably without limitation, we process your personal data to improve the Platforn or its products and services, and for internal analyses and statistics. You may withdraw your consent at any time.

5.          How long do we store your Personal Data?

We will not retain your personal data for a longer period than necessary for the purposes as outlined in this Privacy Policy. If you suppress your user account, we will delete your personal data within 30 days after such event, unless data must be retained for a valid reason

6.          Communication to Third Parties

6.1       We may communicate your personal data to third parties as part of operating the Platforms, and to subcontractors such as IT systems providers, cloud service providers, database providers, automated marketing solutions providers, financial providers and consultants, including BigCommerce (hosting services), Microsoft Dynamics (marketing, customer relationship management and financial services) and Survey Monkey (survey services).

6.2       We may also enable you to use third-party services directly from the Platforms, namely through social plug-ins of Google Maps, Kaltura video streaming and Google Analytics, in which case you recognize that the third-party operators of these services may access some of your personal data in connection with the Platforms.

6.3       In the above contexts, the Platforms may contain links to other websites. Please note that this Privacy Policy does not apply to the practices of any company or individual that we do not control, nor to any other website that may be linked from the Platform. You should carefully review the privacy policies of any other website that you visit from the Platforms to learn more about their information and privacy practices. In such contexts, the collection and use of your personal data shall be governed by such other party or websites’ privacy policy. We shall not be held responsible for their privacy practices.

6.4       We may also disclose your personal data when we have a legitimate interest to do so, for instance to (i) any third party to whom we assigns or transfers any of our rights or obligations; (ii) to competent courts or supervisory or regulatory bodies, when we must compellingly disclose your personal data, pursuant to any applicable law, regulation or order.

7.          International Transfers

7.1       The personal data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your country of residence, including, in respect of residents of a country within the European Economic Area (the “EEA”) or Switzerland, in a country outside the EEA or Switzerland, including without limitation the U.S., or any other country which do not necessarily offer an adequate level of data protection as recognized by the European Commission or Switzerland.  Your personal data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA or Switzerland, who work for us or our service providers.

7.2       Where we transfer your Personal Data outside the EEA or Switzerland, we will ensure that suitable safeguards are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Data, for instance by relying on the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, or on standard contractual clauses adopted by the European Commission. You may request additional information in this respect and obtain a copy of the relevant safeguards upon request through sending a request to the contact indicated section 9 below.

8.          Security

8.1       We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Policy.

8.2       Although we take appropriate steps to protect your personal data, no website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

8.3       The internet is a global environment. As a result, by sending information to use electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Policy applies to your use and disclosure of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

8.4       If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Platforms).

9.          Cookies and Similar Technologies

9.1       A cookie is a small data file that we transfer to and is stored on your electronic device. For example, we use cookies or other analytics tools to measure the traffic to and usage of the Platforms and their distinctive features, and other miscellaneous uses.

9.2       We use various types of cookies or other similar technologies some of which are likely to automatically process data directly on your devices and/or to transfer data personal concerning you to us.

9.3       If you do not want cookies to be stored on your device, you can configure your cookie settings on the Platforms, your browser or your device to refuse and/or restrict the cookies. Certain cookies are however essential to the functioning of the Platform itself and its use may be altered or prevented by refusing these cookies.

9.4       If you do not refuse or restrict the cookies, you consent to their use and to the processing of your personal data collected in this manner.

9.5       For more information, please visit http://www.allaboutcookies.org/fr/. Please check the user help sections of your internet browser or electronic devices for specific instructions on the management of cookies.

9.6       These technologies are generally aimed at monitoring and analyzing your interactions with the Platforms and/or to enable us to improve the Platforms and their functionalities, namely through a personalization of the Platforms and the related services, according to your interactions. We also use cookies and similar technologies to measure and monitor the traffic and use of the Platforms, as well as its performance.

9.7       Some cookies are retained in your electronic device for only as long as you access and use the Platforms, hereafter referred as “session”, while others persist for a longer specified or unspecified period. The cookies listed hereafter as “persistent” will be stored on your electronic device for one year after their installation.

9.8        

Essential cookies

9.9       Some cookies we place on your electronic device ensure that the Platforms delivers you without limitation information securely and optimally. You must accept these cookies to be able to make use of the Platforms.

Cookie	Stored / processed data	Expiry	Description
SHOP_ORDER_TOKEN	BigCommerce	Persistent	Representation of the order
SHOP_SESSION_TOKEN	BigCommerce	Persistent	Representation of the user session
SHOP_TOKEN	BigCommerce	Persistent	Essential for security; used to store the customers hash after logging in & is used for customer look up
STORE_VISITOR	BigCommerce	Persistent	Used to track anonymous site usage
XSRF-TOKEN	BigCommerce	Persistent	Token to avoid Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF
LASTVISITEDCATEGORY	BigCommerce	Persistent	Tracks last visited category to build product breadcrumbs
MOBILEVIEWFULLSITE	BigCommerce	Persistent	Used to determine if the user should be shown the mobile site
RECENTLY_VIEWED_PRODUCTS	BigCommerce	Persistent	Keeps track of products which the user has viewed to show recently viewed block
EmailID	Kaltura	Persistent	To manage Kaltura previews
FPCEmailID	Elearning Preview	Persistent	To enable full preview for eLearning formats

 

Functionality cookies

9.10     Some cookies enable the Platforms to remember choices persons make, for example, user name, and language or text size. These cookies are known as "functionality cookies" and help to improve a person's experience of the Platforms by providing a more personalized service

Cookie	Stored / processed data	Expiry	Description
FORNAX_ANONYMOUSID	BigCommerce	Persistent	Analytics
BEACON_VIS	BigCommerce	Persistent	Analytics
BEACON_ID	BigCommerce	Persistent	Analytics
BEACON_TYP	BigCommerce	Persistent	Analytics
BEACON_VID	BigCommerce	Persistent	Analytics
BEACON_RATR	BigCommerce	Persistent	Analytics
BEACON_REF	BigCommerce	Persistent	Analytics
BEACON_IND	BigCommerce	Persistent	Analytics

 

Third-party cookies

9.11     The Platforms uses third party services or software. Many of these services may set cookies on your electronic device. You can block or remove cookies yourselves by altering the settings of your account, your electronic device or browser. Blocking these cookies is unlikely to impact on your experience of the Platforms.

9.12     In particular, the Platforms uses the Cookie Google Analytics which collects information and reports website usage statistics without personally identifying individual visitors to Google. You can opt out of providing us with this information if you wish, with no impact on your experience of the Platforms. To opt out of being tracked by Google Analytics when using the Website: see https://tools.google.com/dlpage/gaoptout.

Cookie	Stored / processed data	Expiry	Description
_ga	Google Analytics	Persistent	Used to distinguish users.
_gid	Google Analytics	Persistent	Used to distinguish users.
_gat	Google Analytics	Persistent	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
__utma	Google Analytics	Persistent	Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmc	Google Analytics	Session	Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
__utmz	Google Analytics	Session	Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
hblid	Olark Chat	Persistent	A visitor identifier that we use only on your site to remember this visitor between visits
wcsid	Olark Chat	Session	A session identifier that we use only on your site to keep track of a single chat session
olfsk	Olark Chat	Persistent	Storage identifier that we use to maintain chat state across pages (e.g. message history)
_okdetect	Olark Chat	Session	Used for detecting when storage contexts have changed due to things like ssl or host transitions (helps maintain your chat across pages)
_okbk	Olark Chat	Session	Extra state information (e.g. chat box being open/closed)
_ok	Olark Chat	Session	Most recent Olark site ID (security measure)
_oklv	Olark Chat	Persistent	Olark loader version (for improved caching)
_okla	Olark Chat	Persistent	Used for caching purposes (loaded from CDN vs. loaded from our infrastructure)
_okgid	Olark Chat	Persistent	Group id the visitor is locked to
_okac	Olark Chat	Persistent	Used for caching by setting a hash for assets to determine if they have changed and if they need to be refreshed
_okck	Olark Chat	Persistent	Used to test whether the visitor’s browser allows cookies to be stored

 

10.       Your Rights

10.1     Except as otherwise required by law, you are entitled at all times to know if we are processing personal data concerning you. You may contact us to know the content of such personal data, verify their accuracy and request that they be supplemented, removed, updated, or rectified. You also have the right to ask us to cease processing any personal data that may have been obtained in breach of applicable law, and to object to the processing of your personal data for any other legitimate reason.

10.2     By accessing your user account, you can review, update, correct or delete the personal data available within your user account. If you would like us to delete your personal data from our system, please send a request pursuant to the contact details below and your request will be accommodated unless we have a legal obligation to retain the record. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

10.3     Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent.

10.4     You have also the right to request your personal data’s portability, i.e. that the personal data you have provided to you be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hinderance from us and subject to our confidentiality obligations.

10.5     If you are not satisfied with how we process your personal data, you may file a complaint with the competent supervisory authority, in addition to your rights outlined above.

11.       Contact

We have appointed a Chief Privacy Officer. If you believe your personal data has been used in a way that is not consistent with this policy, or if you have any questions or a request in relation to the processing of your personal data by us, please contact us at DuPont Sustainable Solutions, Mr. Dell Joshi, Chief Privacy Officer, 4250 Lancaster Pike, Suite 150, Wilmington, Delaware or privacy@consultdss.com.

Date last updated: [8/19/19]