1. Scope and Overview
Secure Compliance is committed to protecting the privacy and security of your personal data. This General Data Protection Regulation Privacy Notice (“Privacy Notice”) describes how Secure Compliance, LLC, and its subsidiaries, affiliates, and related entities (collectively, “Secure Compliance,” “we,” or “us“) collect and process personal data about you prior to and during the use of our software SecureFILE™ and SecurePRO™ (“Services”). This Privacy Notice applies only to Users located in jurisdictions subject to the General Data Protection Regulation (“Users”).
This Privacy Notice describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the personal data that we hold about you including how you can access, correct, and request erasure of your personal data.
We will only process your personal data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.
2. Collection of Personal Data
For the purposes of this Privacy Notice, personal data means any information about an identifiable individual collected in connection with the Services. Secure Compliance may collect personal data directly from you, as a User, or may receive personal data from third parties, subject to your consent where required by law. Personal data excludes anonymous or de-identified data that is not associated with a particular individual. We may collect, store, and process the following categories of personal data, which we require in connection with our Services:
(A) Personal contact details such as name, title, addresses, telephone numbers, personal email addresses, social security numbers.
The personal data listed in this notice is mandatory in connection with our Services. Failure to provide or allow us to process mandatory personal data may affect our ability to accomplish the purposes stated in this Privacy Notice.
3. Use of Personal Data
We only process your personal data where applicable law permits or requires it in connection with carrying out the Services, for our legitimate interests or the legitimate interests of third parties, or with your consent if applicable law requires consent. We may process your personal data for the following legitimate business purposes:
(A) Performing and providing the Services.
(B) Communicating with you about the Services.
(C) Keeping records related to the Services, for only as long as appropriate under the circumstances.
(D) Creating reports relating to the Services as required by applicable laws or regulations.
(E) To comply with our legal, regulatory, or other corporate governance requirements.
(F) Analyzing and improving our Services.
We will only process your personal data for the purposes we collected it for or for compatible purposes. If we need to process your personal data for an incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.
We may also process your personal data for our own legitimate interests, including for the following purposes:
(A) To prevent fraud.
(B) To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
4. Collection and Use of Special Categories of Personal Data
The following special categories of personal data are considered sensitive under the laws of your jurisdiction and may receive special protection:
(A) Racial or ethnic origin.
(B) Political opinions.
(C) Religious or philosophical beliefs.
(D) Trade union membership.
(E) Genetic data.
(F) Biometric data.
(G) Data concerning health.
(H) Data concerning sex life or sexual orientation.
(I) Data relating to criminal convictions or offences.
We will not collect or process any of the above special categories of personal data. We may collect and process the following special categories of personal data when you voluntarily provide them, or we receive them from a third party with your consent, when relevant for a particular position to carry out our obligations under the Services, or as applicable law otherwise permits:
(A) Racial or ethnic origin to comply with statutory obligations or where relevant for the Services.
(B) Previous criminal charges or convictions to comply with statutory obligations or where relevant for the Services.
Where we have a legitimate need to process special categories of personal data about you for purposes not identified above, we will only do so after providing you with notice and, if required by law, obtaining your prior, express consent.
5. Data Sharing
We will only disclose your personal data to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the Services, including third-party service providers who provide services to us or on our behalf. We may use third-party service providers for various purposes, including, but not limited to, performing the Services. These third-party service providers may be located outside of the country in which you live.
We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us. We do not permit our third-party service providers to process your personal data for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data for the following additional purposes where permitted or required by applicable law:
(A) To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your personal data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum personal data necessary for the specific purpose and circumstances.
(B) To protect the rights and property of Secure Compliance.
(C) During emergency situations or where necessary to protect the safety of persons.
(D) Where the personal data at issue is publicly available.
(E) If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymize the data where possible.
(F) For additional purposes with your consent where such consent is required by law.
6. Cross-Border Data Transfers
Secure Compliance is a United States limited liability company, so the personal data we collect about you may be transferred to third parties in jurisdictions that may not be deemed to provide the same level of data protection as your home country for the purposes set out in this Privacy Notice. If you are located in the EU, we comply with Article 49 of the GDPR to secure your personal data when transferred to any inadequate jurisdictions.
7. Data Security
We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
8. Data Retention
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting requirements, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider our statutory obligations, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means.
Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
If you register for or utilize the Services, the personal data we collected during that time period will become part of our records, and we may use it in connection with the Services. If you do not register, or, once you are no longer using the Services of Secure Compliance, we will retain and securely destroy your personal data in accordance with applicable laws and regulations.
9. Rights of Access, Correction, Erasure, and Objection
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the time period you utilize the Services. By law you may have the right to request access to, correct, and erase the personal data that we hold about you, or object to the processing of your personal data under certain circumstances. You may also have the right to request that we transfer your personal data to another party. If you want to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us by email at info@securecompliance.us. Any such communication must be in writing.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or anonymized your personal data in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
10. Right to Withdraw Consent
Where you have provided your consent to the collection, processing, and transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us by email at info@securecompliance.us.
11. Data Protection Officer
We have appointed a Data Protection Officer, if required, to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data or would like to request access to your personal data, please contact the Data Protection Officer by email at: art-27-rep-secure-compliance@rickert.law. If you are unsatisfied with our response to any issues that you raise with the Data Protection Officer, you may have the right to make a complaint with the data protection authority in your jurisdiction by contacting the data protection authority.
12. Changes to This Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.
13. Contact Us
If you have any questions about our processing of your personal data or would like to make an access or other request, please contact us by email at: info@securecompliance.us. If you are unsatisfied with our response to any issues that you raise, you may have the right to make a complaint with the data protection authority in your jurisdiction by contacting the data protection authority.
We have appointed Rickert Law as our EU representative to help ensure our compliance with applicable law. Please direct any questions relating to our processing of your personal data to our EU representative at: art-27-rep-secure-compliance@rickert.law in addition to us.
Rickert Rechtsanwaltsgesellschaft mbH
– Secure Compliance, LLC –
Colmantstraße 15
53115 Bonn
Germany