Purpose of this policy
At FOSS we aim to be a responsible and trusted partner to our customers and business partners. Thus, we do our utmost to ensure that the data we are trusted to manage is processed as safely as possible, respecting the individual’s rights to privacy as well as applicable laws on data privacy, data protection and data security.
This policy provides you with an overview of the principles that apply within our group of FOSS companies with regard to collection and processing of personal data. It is meant to inform you about our use of any personal data we collect from you directly, or indirectly via third party data providers.
Content
- How we obtain your personal data and how we use it
I. Personal data provided by you
II. Personal data provided to us by third parties - How we protect your personal data and international transfers
- How long we will retain your personal data
- Managing and Control of Data
- Enforcement and Oversight
- Your right to lodge a complaint
- How to contact FOSS
- Changes to this Privacy Policy
Personal data
In this policy, “personal data” means “information relating to an identified or identifiable natural person” being “one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number or location data or to factors specific to his / her physical, physiological, genetic, mental, economic, cultural or social identity”.
Data Controller
FOSS is a global company and has affiliates all over the world. A list of all FOSS entities and locations can be found here. This Privacy Policy is issued on behalf of the entire FOSS group. Thus, “FOSS”, “we”, “us” or “our” in this Privacy Policy is referring to the relevant company in the FOSS group responsible for processing your data. FOSS A/S, Foss Allé 1, 3400 Hilleroed, Denmark, is the controller and responsible for this policy.
1. How we obtain your personal data and how we use it
We collect information about you, including your personal data, when you:
- Visit our websites
- Use our products and services
- Contact us / register with us
- Attend or register to attend our events (including online events) or other events where FOSS participates
- Voluntarily complete customer surveys or participate in competitions
- Provide feedback
- Supply products or services to FOSS
- Have applied to work for FOSS, or are current or former employees of FOSS, or have contracted to work for or on behalf of FOSS
The personal data fall within the following groups of information:
- Identity Data, which may include your first name, last name, username or similar identifier and your job title.
- Contact Data, which may include your email address, postal address and telephone number(s).
- Technical Data, which may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
i) Personal data provided by you
Use of our products and services
FOSS collects personal data from you (Identity Data and Contact Data) when you use our products or services. We will use this personal data:
- To carry out obligations arising from being a registered user of our product and services. The lawful basis for processing your personal data for this purpose will be “contractual need”. In this regard, please note that FOSS uses third parties for credit card processing. This intermediary is solely a link in the distribution chain and the third parties are not permitted to store, retain or use the information provided except for the sole purpose of credit card processing.
- To provide, maintain, protect and improve our products and services, and to develop new ones.
- To send you personalised communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The lawful basis for processing your personal data for this purpose will be “legitimate interest”.
Individuals contacting us
FOSS collects personal data from you (Identity Data and Contact Data) when you contact us about our products or services, register for our newsletter, participate in competitions or provide feedback. We will use this personal data:
- To help solve any issues you might be facing. The lawful basis for processing your personal data for this purpose will be “contractual need”.
- To send you personalised communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The lawful basis for processing your personal data for this purpose will be “legitimate interest”.
Please note that FOSS is strongly opposed to sending unsolicited email and that FOSS does not knowingly send out unsolicited email (UCE / Spam).
Attendees or registrants to attend our events (including online events) or other events where FOSS participates
FOSS collects personal data from you (Identity Data and Contact Data) when you attend or register to one of our events or other events in which FOSS participates. We will use this personal data:
- To carry out obligations arising from being a registered attendee of our event or other events which FOSS participates. The lawful basis for processing your personal data for this purpose will be “legitimate interest” as this will allow FOSS to manage and deliver events on topics requested by you.
- To send you personalised communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The lawful basis for processing your personal data for this purpose will be “legitimate interest”.
Individuals who complete surveys or participate in competitions FOSS has published
FOSS collects personal data from you (Identity Data and Contact Data) when you complete surveys we have published. We will use this personal data:
- To send you personalised communications, which you have requested or that may be of interest to you. This may include information about webinars, events, surveys and industry news as well as product and service developments. The lawful basis for processing your personal data for this purpose will be “legitimate interest”.
Companies who supply products or services to FOSS
FOSS collects personal data from you (Identity Data and Contact Data) when you supply products or services to FOSS. We will use this personal data:
- To carry out obligations arising from you providing us products or services. The lawful basis for processing your personal data for this purpose will be “contractual need”.
Individuals who have applied to work for FOSS
FOSS collects personal data from you when you apply to work for FOSS. The lawful basis for processing your personal data for this purpose will be “contractual need” and no later than at the time of collection you will be informed of how we process and use your data in this regard.
Individuals who are current or former employees of FOSS or have contracted to work for or on behalf of FOSS
FOSS collects personal data from you when you work for FOSS, including first name, last name, username, email address, postal address, telephone number, date of birth, employee identification number, bank details, national insurance number, emergency contact details and children’s first name, last name and date of birth (for health cover purposes). Proper information has been given to you at the time of collection and can be found in your local version of the employee handbook or the like. The lawful basis for the processing of your personal data in this regard is:
- “Contractual need” with regard to enable us to employ, pay and manage your work.
- “Vital interests” in case of true emergencies (a matter of life and death) when we will utilise your emergency contact details.
- “Compliance with legal obligations” with regard to enable us to comply with applicable tax, employment and health and safety laws.
ii) Personal data provided to us by third parties
Visitors to our websites
As you interact with our websites, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details.
We use the websites’ traffic and visitor information to analyse trends, help diagnose problems with our servers, to monitor traffic / usage in order to provide better service and to improve our understanding of the use of the FOSS websites and in order to determine what FOSS services are the most popular. The data is also used to deliver customised content and advertising within the FOSS websites to individuals whose behaviour indicates that they are interested in a particular subject area. The lawful basis for processing your personal data for this purpose will be “legitimate interest”.
2. How we protect your personal data and international transfers
FOSS is committed to protecting the security of your personal data. Thus, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed:
- The personal data we process is stored in data centre certified in ISO27001 Information Security Management and ISO22301 Business Continuity Management. For personal data processed through US-based data centre, we retain full control of the data
- We use only recognized, industry-leading hosting partners and market-leading suppliers for software services such as email, CRM, industry surveys etc.
- When we use consulting partners to support our business we ensure their contractual commitments include compliance with applicable data law(s) and that they maintain the safety and privacy of any client data they may access
- We do not share your data with anyone other than the suppliers described above. Hence, we never sell your data.
In addition to the above, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. In addition, we have put in place procedures to deal with any suspected personal data breach and will, when applicable, notify you and any applicable regulator of a breach.
We share your personal data within the FOSS group and with third-party service providers both within and outside the EU / EEA. Whenever we transfer your personal data out of the EU / EEA, we ensure a similar degree of protection is afforded to it by ensuring relevant safeguards is implemented. Any transfer of your data outside the EU / EEA will be based on the EU Commission’s Standard Contractual Clauses, Binding Corporate Rules or other valid legal basis for such transfer.
3. How long we will retain your personal data
We will retain and process your personal data as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements under applicable law(s). After this period, your personal data will be deleted from all systems.
If you have consented to receive marketing, you may opt-out at a later date and your data will thus be deleted.
4. Managing and Control of Data
We are committed to ensure that you are in control on how your personal data is used and processed. You can review, edit or delete your personal data free of charge by contacting us directly via your local contact person or FOSS office.
At any time your rights concerning your personal data are:
- Request access: You can ask about the personal data we hold about you and we will inform you, free of charge.
- Request correction. You can request that your personal data is corrected and we will update the details and inform you when completed, free of charge.
- Object to processing. You can object to your personal data being processed and we will stop processing your personal data, once no longer required for performance of contract or legal obligations, free of charge.
- Withdraw consent. You can object to receiving direct marketing communications from us and we will stop all communications, free of charge.
- Request erasure. You can ask for your personal data to be erased, once no longer required for performance of contract or legal obligations, free of charge.
5. Enforcement and Oversight
We have established policies and procedures for compliance with this policy and we conducts an annual self-assessment to verify that the attestations and assertions we make about our privacy practices are true and that our privacy practices have been implemented as intended.
6. Your right to lodge a complaint
You have the right to lodge a complaint with your local data protection agency. In Denmark, this is the Danish Data Protection Agency: https://www.datatilsynet.dk/kontakt/
7. How to Contact FOSS
We welcome your comments and questions regarding this Privacy Policy or about FOSS’s privacy practices. Please do not hesitate to contact us via your local contact person or FOSS office to be found here or:
Email: gdpr@foss.dk
Write to: FOSS
Nils Foss Allé 1
DK-3400 Hilleroed
Denmark
Call: Phone: +45 7010 3370
8. Changes to this Privacy Policy
We keep our Privacy Policy under regularly review and we will place any updates on this webpage. Our Privacy Policy was last updated on 25 May 2018 and historic versions can be obtained by contacting us.
Policy owner
Compliance
Issued
25 May 2018
Latest update
25 May 2018
Version & Author
1.0 – SUJU