Data Protection Description
1. Personal data
This information in accordance with EU General Data Protection Regulation (2016/679, "GDPR"). It may be subject to changes from time to time due to i.a. technical reasons and/or change of DDD's subcontractors, services providers, applicable legislation and legal interpretations.
The data subjects are natural persons representing DDD's potential and current customers and other interest groups. All personal data are collected in company's register. The personal data contained in the register are:
- first name, last name,
- title, company,
- e-mail address,
- possible DDD contact,
- origin of the information,
- data subject's areas of interest and content preferences.
2. Purposes of the processing and the legal basis for the processing
The personal data is primarily processed for the following purposes:
1. Identifying and contacting the data subject for purposes of registering the data subject's consents and objections to processing
2. Marketing and communication activities, including direct marketing, such as:
- Newsletter communication
- Email communication
- Event invitations
- Other DDD sales, marketing and advertising activities
- Business development, other internal development and reporting
The personal data is processed on the basis of 1) legitimate interest of the data controller, 2) contractual relationship with the data subject and/or 3) legal obligation of the data controller. Also 4) consent of the data subject may be requested and constitute legal basis for the processing, as applicable. The legitimate interest of the data controller is the right to conduct well-grounded, justified and legitimate sales, advertising and marketing activities.
3. Regular sources and recipients of personal data
The personal data are collected either from the data subject or filled in on the basis of public sources or from other DDD registers, such as DDD CRM.
DDD may provide third parties with such personal data which is needed by a third party in order to provide DDD with marketing and/or technical services related to DDD register or other similar processing purposes and/or for collaboration with DDD which requires joint efforts in marketing and communication. Each provision of data is done in accordance with requirements of GDPR and applicable legislation.
The personal data is not regularly but may exceptionally be transferred outside the EU or EEA if this is necessary to ensure appropriate and cost-effective implementation of the processing purpose, such as in case of technical reasons related to DDD's service provider. In such cases, the transfer is done in accordance with requirements of GDPR and applicable legislation.
In case of absence of European Commission ("EC") adequacy decisions, EC standard contractual clauses are used as appropriate or suitable safeguards for these data transfers. Whenever EC adequacy decisions are applicable DDD may rely on them.
4. Principles of protection of the register
Personal data is stored in a technically secure location. Physical access to the data is restricted by means of access control and other security measures. Access is also prevented by means of e.g. firewalls and other technical protection measures. At DDD, only named persons have the right to process personal data contained in the register. These persons are bound by confidentiality obligations.
5. Rights of the data subject
The data subjects have the rights in accordance with GDPR that the data subject can always establish by contacting DDD in writing, preferably by email firstname.lastname@example.org. Some of the rights may be subject to limitations, in accordance with GDPR and applicable legislation.
The data subject is requested to contact DDD from an email address which DDD presumably has in its register. DDD may also request further information or documentation in order to verify person's identity.