Privacy Policy
This privacy policy (the Privacy Policy) applies to
the processing of personal data by DSS Sustainable Solutions Switzerland SA (CHE-371.503.138), Chemin du Pavillon 2, CH-1218 Le Grand Saconnex Geneva, Switzerland (DSS Sustainable Solutions, we, us or our)) in connection
with the platforms accessible without limitation at www.consultdss.com and www.dsslearning.com (the Platforms).
By accessing and using the Platforms, you expressly agree that
we process your personal data in accordance with this Privacy Policy.
We reserve the right to amend the Privacy Policy at any
time at our sole discretion in order to adapt it to any new commercial or
technological practice or change in the law. Should this occur, we will inform
you by any appropriate means (including via email and/or the Platforms). If you
do not accept the amendments thus made by us, your sole remedy is to no longer
access and/or use the Platforms.
1. Introduction
We recognize the importance of your privacy and of
transparency in its processing of your personal data.
1.1 The Privacy Policy explains (i) which personal data are collected
when you access and use the Platforms, (ii) the manner and the purposes for
which we process the personal data, and (iii) the measures which we take in
order to protect such personal data.
We only process your personal data if we have a valid
legal ground to do so
1.2 We will only process
your personal data if we have valid legal ground, when:
- we have obtained your prior
unambiguous consent;
- the processing is necessary to
perform our contractual obligations towards you or to take pre-contractual
steps at your request;
-
the processing is necessary to
comply with our legal or regulatory obligations; or
-
the processing is necessary for our
legitimate interests except where they are overridden by your interests or
fundamental rights and freedoms. Relevant ‘legitimate interests’ include: (i)
to benefit from cost-effective services (e.g. we may opt to use certain
platforms offered by suppliers); (ii) to protect the security of our IT
systems, architecture and networks; and (iii) to meet our corporate and social
responsibility objectives.
2.
How and Where
We Collect Your Personal Data
We collect the personal data which you provide.
2.1
We collect, directly or indirectly via our partners, the personal
data you provide in your correspondence with us and/or our partners, or in your
use of the Platforms, for example, when creating and/or managing your account when
you order a product or service, apply for credit or make a request, when you
register for subscriptions, technology forums or other communications through
the Platforms, when you participate in a contest, promotion, sweepstakes,
survey or other promotion, when you participate in a blog or forum, when we
conduct market research, meet you at a trade show or other event.
2.2
Such information may include your name, date of birth, gender, address, email,
telephone and/or fax numbers, invoice and/or credit card information, business
name, business address, tax ID number, national ID number, financial and
banking information when you apply for a credit, password and reminder
questions and/or answers, purchase history, social security number and any
other information which we and/or our partners may request from you.
Certain personal data are also collected in an
automated manner.
We may also automatically collect personal data when you
access and use the Platforms, including by means of tools, web forms, cookies
and other active elements contained in our emails and/or those of our partners,
such as the IP address or other user identifications on your devices, visiting
date on the Platforms, the geolocation of your devices, the data contained in
your device, the data contained in third party services (e.g. social plug-ins),
your preferences, the internet sites that you visit before and after the
Platforms, the links displayed on the Platforms which you select or other
information related to your interaction with the Platforms, including with the
emails sent in connection with the Platforms.
You can define certain authorizations and settings
related to the automated collection of your personal data.
You may define certain authorizations related to data
collection, in particular in connection with the geolocation and your device’s
right to access data contained in your device, according to the available
functionalities. You may also define certain settings for the automated
collection of your personal data on your web browser or through the Platforms.
For more detailed information, please consult the chapter on cookies below.
3.
Processing
Methods
We may process your personal data by automated means
but takes appropriate security measures in this respect.
3.1
We process your personal data in compliance with Swiss data
protection law and the UE General Data Protection Regulation and namely takes
the appropriate technical and organizational security measures to prevent the
unauthorized access, disclosure, modification, alteration or destruction of
your personal data. Data processing is carried out with computers or computer
tools, and in compliance with the purposes indicated in this Privacy Policy.
3.2
We do not use any individual decision-making based solely on
automated processing including profiling mechanisms on the Platforms.
4.
Purposes
of Data Processing
We process your personal data to operate the Platforms
and to provide the related services.
4.1
Your personal data are collected so that we may operate the
Platforms and provide the services connected therewith, e.g. for interacting
with you, providing you with the requested information, or fulfilling your
purchases, or in the manner expressly indicated when the personal data
concerned are collected.
We may process your personal data for advertising
purposes.
4.2
We may use your personal data, in particular, the contact details as
well as other indications and data collected in accordance with this Privacy
Policy, for advertising purposes, e.g. to send you information and offers
relating to our products and services and/or of our partners, such as
prospectuses, newsletters, and other advertising messages. You may withdraw
your consent at any time. We do not sell or disclose consumer personal information for a business purpose.
We may process your personal data for statistical and
planning purposes
4.3
Notably without limitation, we process your personal data to improve
the Platforn or its products and services, and for internal analyses and
statistics. You may withdraw your consent at any time.
5.
How long do we store your Personal Data?
We will not retain your
personal data for a longer period than necessary for
the purposes as outlined in this Privacy Policy. If you suppress your user
account, we will delete your personal data within 30 days after such event,
unless data must be retained for a valid reason
6. Communication
to Third Parties
We may disclose your personal data to third parties in
case this is necessary for the proper operation of the Platforms and the provision
of the related services, or for promotional services.
6.1 We may communicate your personal data to third parties as part of
operating the Platforms, and to
subcontractors such as IT systems providers, cloud service providers, database
providers, automated marketing solutions providers,
financial providers and consultants, including BigCommerce (hosting services), Microsoft Dynamics (marketing, customer relationship
management and financial services) and Survey Monkey (survey services).
6.2 We may also enable you to use third-party services directly from the
Platforms, namely through social plug-ins of Google
Maps, Kaltura video streaming and Google Analytics, in which case you recognize that the third-party operators of
these services may access some of your personal data in connection with the
Platforms.
6.3 In the
above contexts, the Platforms may contain links to other websites. Please note
that this Privacy Policy does not apply to the practices of any company or
individual that we do not control, nor to any other website that may be linked
from the Platform. You should carefully review the privacy policies of any
other website that you visit from the Platforms to learn more about their
information and privacy practices. In such contexts, the collection and use of
your personal data shall be governed by such other party or websites’ privacy
policy. We shall not be held responsible for their privacy practices.
We may also disclose your personal data
to third parties when we have a legitimate interest to do so
6.4 We may also disclose your personal data when we have a legitimate interest to do so, for instance to (i) any third party to whom we assigns or
transfers any of our rights or obligations; (ii) to competent courts or
supervisory or regulatory bodies, when we must compellingly disclose your
personal data, pursuant to any applicable law, regulation or order.
7. International
Transfers
Your personal data may be disclosed outside of your
country of residence, including o countries that do not guarantee the same
level of data protection and privacy as Switzerland and the European Union.
7.1 The personal data that we collect from you may be stored and
processed in your region, or transferred to, stored at or otherwise processed
outside your country of residence, including, in respect of residents of a
country within the European Economic Area (the “EEA”) or Switzerland, in a
country outside the EEA or Switzerland, including without limitation the U.S.,
or any other country which do not necessarily offer an adequate level of data
protection as recognized by the European Commission or Switzerland. Your personal data may also be processed by
staff operating inside or outside your country of residence, including staff
located outside of the EEA or Switzerland, who work for us or our service
providers.
7.2 Where we transfer your Personal Data outside the EEA or Switzerland,
we will ensure that suitable safeguards are in place to help ensure that our
third party service providers provide an adequate level of protection to your
Personal Data, for instance by relying on the EU-U.S. Privacy Shield Framework,
the Swiss-U.S. Privacy Shield Framework, or on standard contractual clauses
adopted by the European Commission. You may request additional information in
this respect and obtain a copy of the relevant safeguards upon request through
sending a request to the contact indicated section 9 below.
8. Security
We maintain physical, technical and procedural
safeguards to keep secure your personal data.
8.1 We are committed to the security of your personal data, and have in
place physical, administrative and technical measures designed to keep secure your
personal data and to
prevent unauthorized access to it. We restrict access to your personal data to those persons who need to
know it for the purpose described in this Privacy Policy.
8.2 Although we take appropriate steps to protect your personal data,
no website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe
and protected from all unauthorized third-party access and theft. We waive any
liability in this respect.
8.3 The internet is a global environment. As a result, by sending
information to use electronically, such data may be transferred internationally
over the internet depending upon your location. Internet is not a secure
environment and this Privacy Policy applies to your use and disclosure of your personal
data once it is under our control only. Given the inherent nature of the
internet, all internet transmissions are done at your own risk.
8.4 If we have reasonable reasons to believe that your personal data have
been acquired by an unauthorized person, and applicable law requires
notification, we will promptly notify you of the breach by email (if we have
it) and/or by any other channel of communication (including by posting a notice on the Platforms).
9. Cookies and Similar Technologies
We use cookies and other similar technologies in
connection with the Platforms.
9.1 A cookie is a small data file that we transfer to and is stored on
your electronic device. For example, we use cookies or other analytics tools to
measure the traffic to and usage of the Platforms and their distinctive
features, and other miscellaneous uses.
9.2 We use various types of cookies or other similar technologies some
of which are likely to automatically process data directly on your devices and/or
to transfer data personal concerning you to us.
You may manage the cookies and similar technologies via the settings of your browser
and/or your devices.
9.3 If you do not want cookies to be stored on your device, you can
configure your cookie settings on the Platforms, your browser or your device to
refuse and/or restrict the cookies. Certain cookies are however essential to
the functioning of the Platform itself and its use may be altered or prevented
by refusing these cookies.
9.4 If you do not refuse or restrict the cookies, you consent to their
use and to the processing of your personal data collected in this manner.
9.5 For more information, please visit http://www.allaboutcookies.org/fr/. Please check the user help sections of your internet browser or
electronic devices for specific instructions on the management of cookies.
Why
and how we use cookies and other similar technologies?
9.6 These technologies are generally aimed at monitoring and analyzing
your interactions with the Platforms and/or to enable us to improve the Platforms
and their functionalities, namely through a personalization of the Platforms
and the related services, according to your interactions. We also use cookies
and similar technologies to measure and monitor the traffic and use of the Platforms,
as well as its performance.
9.7 Some cookies are retained in your electronic device for only as long
as you access and use the Platforms, hereafter referred as “session”, while others
persist for a longer specified or unspecified period. The cookies listed
hereafter as “persistent” will be stored on your electronic device for one year
after their installation.
9.8
We use the following cookies:
Essential cookies
9.9 Some cookies we place on your electronic device ensure that the
Platforms delivers you without limitation information securely and optimally.
You must accept these cookies to be able to make use of the Platforms.
Cookie
|
Stored /
processed data
|
Expiry
|
Description
|
SHOP_ORDER_TOKEN
|
BigCommerce
|
Persistent
|
Representation of the order
|
SHOP_SESSION_TOKEN
|
BigCommerce
|
Persistent
|
Representation of the user session
|
SHOP_TOKEN
|
BigCommerce
|
Persistent
|
Essential for security; used to store
the customers hash after logging in & is used for customer look up
|
STORE_VISITOR
|
BigCommerce
|
Persistent
|
Used to track anonymous site usage
|
XSRF-TOKEN
|
BigCommerce
|
Persistent
|
Token to avoid Cross-site request
forgery, also known as one-click attack or session riding and abbreviated as
CSRF
|
LASTVISITEDCATEGORY
|
BigCommerce
|
Persistent
|
Tracks last visited category to build
product breadcrumbs
|
MOBILEVIEWFULLSITE
|
BigCommerce
|
Persistent
|
Used to determine if the user should be
shown the mobile site
|
RECENTLY_VIEWED_PRODUCTS
|
BigCommerce
|
Persistent
|
Keeps track of products which the user
has viewed to show recently viewed block
|
EmailID
|
Kaltura
|
Persistent
|
To manage Kaltura previews
|
FPCEmailID
|
Elearning Preview
|
Persistent
|
To enable full preview for eLearning
formats
|
Functionality
cookies
9.10 Some cookies enable the Platforms to remember choices persons make,
for example, user name, and language or text size. These cookies are known as
"functionality cookies" and help to improve a person's experience of the
Platforms by providing a more personalized service
Cookie
|
Stored / processed data
|
Expiry
|
Description
|
FORNAX_ANONYMOUSID
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_VIS
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_ID
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_TYP
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_VID
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_RATR
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_REF
|
BigCommerce
|
Persistent
|
Analytics
|
BEACON_IND
|
BigCommerce
|
Persistent
|
Analytics
|
Third-party
cookies
9.11 The Platforms uses third party services or software. Many of these
services may set cookies on your electronic device. You can block or remove
cookies yourselves by altering the settings of your account, your electronic
device or browser. Blocking these cookies is unlikely to impact on your
experience of the Platforms.
9.12 In particular, the Platforms uses the Cookie Google Analytics which
collects information and reports website usage statistics without personally
identifying individual visitors to Google. You can opt out of providing us with
this information if you wish, with no impact on your experience of the
Platforms. To opt out of being tracked by Google Analytics when using the
Website: see https://tools.google.com/dlpage/gaoptout.
Cookie
|
Stored / processed data
|
Expiry
|
Description
|
_ga
|
Google Analytics
|
Persistent
|
Used to distinguish users.
|
_gid
|
Google Analytics
|
Persistent
|
Used to distinguish users.
|
_gat
|
Google Analytics
|
Persistent
|
Used to throttle request rate. If
Google Analytics is deployed via Google Tag Manager, this cookie will be
named _dc_gtm_
|
__utma
|
Google Analytics
|
Persistent
|
Used to distinguish users and sessions.
The cookie is created when the javascript library executes and no existing
__utma cookies exists. The cookie is updated every time data is sent to
Google Analytics.
|
__utmc
|
Google Analytics
|
Session
|
Not used in ga.js. Set for
interoperability with urchin.js. Historically, this cookie operated in conjunction
with the __utmb cookie to determine whether the user was in a new
session/visit.
|
__utmz
|
Google Analytics
|
Session
|
Stores the traffic source or campaign
that explains how the user reached your site. The cookie is created when the
javascript library executes and is updated every time data is sent to Google
Analytics.
|
hblid
|
Olark Chat
|
Persistent
|
A visitor identifier that we use only on
your site to remember this visitor between visits
|
wcsid
|
Olark Chat
|
Session
|
A session identifier that we use only on
your site to keep track of a single chat session
|
olfsk
|
Olark Chat
|
Persistent
|
Storage identifier that we use to
maintain chat state across pages (e.g. message history)
|
_okdetect
|
Olark Chat
|
Session
|
Used for detecting when storage contexts
have changed due to things like ssl or host transitions (helps maintain your
chat across pages)
|
_okbk
|
Olark Chat
|
Session
|
Extra state information (e.g. chat box
being open/closed)
|
_ok
|
Olark Chat
|
Session
|
Most recent Olark site ID (security
measure)
|
_oklv
|
Olark Chat
|
Persistent
|
Olark loader version (for improved
caching)
|
_okla
|
Olark Chat
|
Persistent
|
Used for caching purposes (loaded from
CDN vs. loaded from our infrastructure)
|
_okgid
|
Olark Chat
|
Persistent
|
Group id the visitor is locked to
|
_okac
|
Olark Chat
|
Persistent
|
Used for caching by setting a hash for
assets to determine if they have changed and if they need to be refreshed
|
_okck
|
Olark Chat
|
Persistent
|
Used to test whether the visitor’s
browser allows cookies to be stored
|
10. Your Rights
You have the right to access your personal data
processed by us and may request without limitation that they be removed,
updated, or rectified.
10.1 Except as otherwise required by law, you are entitled at all times
to know if we are processing personal data concerning you. You may contact us
to know the content of such personal data, verify their accuracy and request
that they be supplemented, removed, updated, or rectified. You also have the
right to ask us to cease processing any personal data that may have been
obtained in breach of applicable law, and to object to the processing of your
personal data for any other legitimate reason.
10.2 By accessing your user account,
you can review, update, correct or delete the personal data available within
your user account. If you would like us to delete your personal data from our
system, please send a request pursuant to the contact details below and your
request will be accommodated unless we have a legal obligation to retain the
record. Please note that any information that we have copied may remain in
back-up storage for some period of time after your deletion request.
10.3 Where we rely on your consent to process your personal data, we will
seek your freely given and specific consent by providing you with informed and
unambiguous indications relating to your personal data. You may revoke at any
time such consent.
10.4 You have also the right to request your personal data’s portability,
i.e. that the personal data you have provided to you be returned to you or
transferred to the person of your choice, in a structured, commonly used and
machine-readable format without hinderance from us and subject to our
confidentiality obligations.
You have the right to lodge a complaint
10.5 If you are not satisfied with how we process your personal data, you
may file a complaint with the competent supervisory authority, in addition to
your rights outlined above.
We have
appointed a Chief Privacy Officer. If you believe your personal data has been
used in a way that is not consistent with this policy, or if you have
any questions or a request in relation to the processing of your personal data
by us, please contact us at DuPont Sustainable Solutions, Mr. Dell Joshi, Chief
Privacy Officer, 4250 Lancaster Pike, Suite 150, Wilmington, Delaware or privacy@consultdss.com.
Date last updated: [8/19/19]