개인정보취급방침

11월 06, 2023
Last Updated: November 2023

PRIVACY ESSENTIALS – INTRODUCTION

We are Blancco Technology Group Ltd.
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
+44 1279 874580
www.blancco.com


“Personal Data” means data which identifies a person or could identify a person, such as their name, contact details and financial data. It applies to Personal Data that we process in connection with your relationship with us as a (prospective) client, supplier, partner, investor, visitor to our website or prospective employee.


We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes the Blancco Group policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Every individual has a right to understand how their Personal Data is being used and to exercise control over it using data protection rights which are set out in the European Union General Data Protection Regulation (“GDPR”). This Privacy Statement seeks to ensure that you know:

  • What Personal Data we collect from you
  • What we are doing with your Personal Data
  • That we will only use your Personal Data for the purposes set out in this Privacy Statement
  • Your rights, and how you can exercise control over your Personal Data

We make the following commitments. We will:

  • Not send you marketing emails if you do not want to receive them
  • Not sell your personal information or disclose it for a business purpose*
  • Always ensure that we only share your Personal Data with third parties where absolutely necessary and with appropriate safeguards in place.
  • Apply the principles of Privacy by Design and Data Minimization throughout our organization
  • Ensure appropriate technical and organisational measures are in place to protect your Personal Data and keep it secure

* For California data subjects falling under the scope of the CCPA


If you have further questions, please get in touch with us at: dataprivacy@blancco.com


If you have any complaints relating to Data Breach, Privacy Breach, Fraud, Conflict of Interest, Discrimination/ Harassment using personal Data or breach of Code of Conduct, you may lodge your complaints at dataprivacy@blancco.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR.

The contact details for the relevant Supervisory Authorities for Data Protection are included in this Privacy Statement.

The United Kingdom Information Commissioner (whose functions are discharged through the Information Commissioner’s Office (“ICO”)) is the supervisory authority for the United Kingdom for the purposes of art. 51 of the GDPR

The ICO’s contact details are:
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
T +0303 123 1113 (or +44 1625 545745 if calling from overseas)
F 01625 524510
www.ico.org.uk

For all other countries please reach out to the Data Privacy authorities in your country or see your relevant data privacy authority contact details at: ec.europa.eu


PRIVACY STATEMENT FOR THE BLANCCO GROUP OF COMPANIES

CONTACT DETAILS

If you have any questions about this Privacy Statement or the way in which your Personal Data is being used by us, please contact:

Data Protection Office
Blancco Technology Group Ltd
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
Email: dataprivacy@blancco.com
Telephone: +44 (0)1279 874580

1. ABOUT THE BLANCCO GROUP

This Privacy Statement applies generally to personal data received by the following companies in the Blancco Group in any format. BTG Group will ensure all global data handled by our offices conforms to this Privacy Policy:

  • Blancco Oy Ltd
  • Blancco Technology Group IP Oy
  • Blancco Finland Acquisitions Oy
  • Blancco Technology Group Sweden AB
  • Blancco Software India Pvt Ltd
  • Blancco Diagnostics India Pvt Ltd
  • Blancco US LLC
  • Blancco (Software) Services Inc
  • Blancco Services US LLC
  • Blancco Central Services Limited
  • Blancco Technology Group Ltd
  • Blancco Trustees Ltd
  • Blancco (Software) Services Ltd
  • Blancco Finance Ltd
  • Blancco UK Limited
  • Blancco APAC Pte Ltd
  • Blancco (Software) Netherlands B.V.
  • Blancco Technology (Beijing) Co., Ltd
  • Blancco Technology Group Canada Inc
  • Blancco Japan Inc.
  • Blancco Central Europe GmbH
  • Blancco SEA Sdn Bhd
  • Blancco Australasia Pty Limited
  • Blancco France SAS
  • Blancco Technology Group Ireland Limited
  • WipeDrive Inc.,

References to “We”, “Us” the “Company” and “Blancco” shall apply to the company in the group that is processing your Personal Data.

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions. Blancco data erasure solutions provide thousands of organizations with the tools they need to add an additional layer of security to their endpoint security policies through secure erasure of IT assets.

2. THE PURPOSE OF THIS PRIVACY STATEMENT

This Privacy Statement describes our approach to data privacy and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR.

We are committed to protecting the rights and privacy of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).

Please read this Privacy Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

Your privacy is important to us and we are committed to protecting and safeguarding your rights.

3. WHO THIS PRIVACY STATEMENT APPLIES TO

This Privacy Statement provides specific information relating to the following individuals whose Personal Data we process where we are a controller of the Personal Data under the GDPR:

  • Business contact data including our (prospective) customers, suppliers, partners, shareholders and business prospects “Business Contacts”; and
  • prospective employees/those applying for jobs at the Company “Candidates”;
  • users/guests of our Website “Website Users”.

Personal Data of employees of the Company is dealt with via an internal privacy notice and documentation.

4. CATEGORIES OF PERSONAL DATA

We may process the following categories of Personal Data, however, such subject to the Data Minimisation Principle (we only process data where absolutely required). For each category we have included an example of the type of Personal Data that maybe part of that category:

Personal Data CategoryDescription
Identification DataMay includes Name, surname, title, date of birth driving license and passport information.
Contact DataMay include a person’s email address, phone number, postal address, other communication details (e.g. Skype)
Communication DataMay include phone calls, email correspondence and hard copy correspondence
Marketing DataMay include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Recruitment DataMay include recruitment related data such as Identification Data, Contact Data, Communication Data, CV and job application data.
When processing CV data, we may process certain Personal Data including the following: employment history, skills/ experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licenses held, interests and hobbies, languages, locations, nationality, passport, eligibility to work in certain jurisdictions, salary expectations, interview/screening answers and notes and usernames and passwords for access to our recruitment portal.
Financial DataMay include payment related information or bank account details and financial data received as part of the services that we provide. (Credit card data, Bank Account data)
Special Category Recruitment DataIf we interact with you for the purposes of a job with the Company, we may collect Recruitment Data that is of a special category as per the GDPR definition: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or data relating to health. We will only source this data with the explicit consent of Candidates.

WEB DATA

When you visit or use our websites or applications, subscribe to our newsletters or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:

Information we collect automatically.

Personal Data CategoryDescription
Device informationHardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, device settings used to access the services, and device configuration
Log informationTime, duration and manner of use of our products and services or products and services connected to ours
Location information Your location (derived from your IP address, Bluetooth beacons or identifiers, or other location-based technologies), that may be collected when you enable location-based products or features such as through our apps
Other information about your use of our digital channels or productsApps you use or websites you visit, links you click within our advertising e-mail, motion sensors data

5. OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process all Personal Data lawfully and in accordance with the requirements of the applicable law. The GDPR sets out the legal grounds for processing Personal Data. When the Company processes Personal Data, it is generally on one of the following legal grounds:

CONTRACT

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract;

CONSENT

For certain processing activities we may rely on your consent. For example, a Candidate may give us their consent to process their Personal Data when they apply to a position advertised on our website.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at dataprivacy@blancco.com.

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprivacy@blancco.com and we will review our processing activities.

For example: You are obligated to provide your personal data in order to be on-boarded as a potential vendor to Blancco Group and the failure to provide such data may result in your failure to be considered for future business relationships with Blancco Group.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.

By affirmatively acknowledging your consent to this Privacy Statement, you are agreeing that Blancco Group may treat your personal data in a manner consistent with this Privacy Policy.

COMMUNICATION PREFERENCES

Blancco offers its visitors and customers, who provide contact information a means to choose how Blancco uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of Blancco’s marketing emails. Additionally, you may unsubscribe here or by contacting us at marketing@blancco.com.

6. SOURCES OF PERSONAL DATA

BUSINESS CONTACT PERSONAL DATA

We collect Business Contact Personal Data from our business contacts including – customers, suppliers, partners, shareholders and business prospects.

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the business relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected from another company in the Blancco group;
  • the Personal Data may be collected indirectly from a website or from a third party, including pursuant to your registration and/or attendance to a physical and virtual marketing/sales event.

EMPLOYEE CANDIDATE PERSONAL DATA

We will only ever source and process Personal Data in a way that would be generally expected from a company acting in accordance with the GDPR. We will not source Personal Data in relation to Candidates that is unnecessary, excessive and contrary to the terms and the principles of the GDPR.

We may receive Personal Data relating to Candidates from a variety of sources. The primary source is from Candidates directly. Examples of the sources of Personal Data of Candidates are as follows:

  • the Candidate may send their CV to us with the intention of registering with us to be informed of potential job vacancies;
  • the Candidate may apply directly to a position advertised on our website;
  • the Candidate may apply to a position advertised on a third-party jobs’ website;

WEB DATA

We collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.

We may receive Web Data about Website Users who access our advertisements or our Website regardless of whether they interact or register with the Website.

For more details please refer to our Cookie Policy

7. DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data as follows:

  • To business partners and subcontractors for the performance of any contract relating to our services, including email, Skype, Customer Relationship Management system, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • To another company in the Blancco group of companies;
  • To any recruitment agency who is helping us to recruit Candidates;
  • To analytics and search engine providers that assist us in the improvement and optimization of the Website;
  • If we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
  • To protect our rights, property, or safety, or that of our Candidates or Business Contacts or others. This may include exchanging Personal Data with other companies and organizations for the purpose of fraud protection.

When we engage another organization to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.

8. SECURITY MEASURES

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Statement and the relevant law, including the GDPR.
In particular, we have put in place appropriate technical and organizational Security measures including conducting internal audits and investigations to safeguard and secure the Personal Data we process.

We have a detailed breach notification procedure to report and prevent security breaches of the Personal Data that we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorized access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorized access to Personal Data of any individual, please let us know immediately.

9. CHILDREN’S PRIVACY

We do not knowingly collect or solicit any Personal Information from children under the age of 16. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information. If you are a parent or legal guardian and think we have received Personal Information relating to your child, you can email or contact us using the information listed at the bottom of this Privacy Notice.

10. TRANSFERS OUTSIDE THE EEA

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or any alternatives thereto as determined acceptable by the EU Commission and/or by the applicable data privacy authorities in the relevant country/region. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR and other applicable data privacy laws and regulations.

11. COOKIES

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them.

12. THIRD PARTY WEBSITES

Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

Purpose of ProcessingCategories of Personal DataRetention Period*
Service Delivery Activities• Identification Data
• Contact Data
• Communications Data
24 months after completion of service delivery activities in the case where there is no further meaningful engagement.
Marketing and Promotion Activities• Marketing Data
• Contact Data
• Web Data
We will retain your marketing (personal) data for as long as reasonably necessary to fulfill the purposes we collected it for, whilst taking into consideration the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable regional legal requirements We may immediately remove your data if no meaningful engagement ensues following a reasonable period after the first engagement, or immediately in case you unsubscribe and/or request for a right-to-be-forgotten, as the case may be.
Recruitment Activity• Identification Data
• Contact Data
• Communication Data
• Recruitment Data
• Web Data
• Marketing Data
• Special Category Recruitment Data
12 months for Candidates who are not hired. Candidates who have consented will remain on the database for other positions with the company until consent is withdrawn or there is no meaningful engagement over a period of time. A separate retention policy applies to employees
Website Delivery• Web Data12 months
Managing Payments and administration of the contract• Identification Data
• Contact Data
• Communication Data
• Financial Data
7 – 10 years (Depending on a country legal requirements)
Management of Corporate Affairs• Identification Data
• Contact Data
• Communication Data
• Financial Data
7 – 10 years unless there is a mandatory legal requirement to retain indefinitely (this depending on a countries legal requirements)

13. YOUR RIGHTS

Subject to the laws of your country, you may have certain rights as a data subject relating to your Personal Information that we process. Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal.

You have various rights relating to how your Personal Data is used.

  • You can ask for access and disclosure to the Personal Data we hold on you
  • You can ask to change Personal Data you think is inaccurate
  • You can ask to delete Personal Data (right to be forgotten)
  • You can ask us to limit what we use your Personal Data for
  • You can ask to have your Personal Data moved to another provider (data portability)
  • You can ask to opt-out of the sale of personal information (if applicable)
  • You can make a complaint

14. AMENDMENTS TO THIS PRIVACY STATEMENT / STATEMENT

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

15. QUESTIONS, CONCERNS OR COMPLAINTS

To exercise any of your rights regarding your Personal Data, or in case you have any concerns or questions regarding this Privacy Statement, please e-mail us at dataprivacy@blancco.com or call us at +44 (0)1279 874580 or write us at:

Attn. Data Protection Office (Legal Department)
Blancco Technology Group Ltd
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
Email: dataprivacy@blancco.com

We are committed to help you in finding a reasonable and fair resolution of any issue or complaint you may have regarding data privacy. As stated earlier, you always retain the right to lodge a complaint with  the competent supervisory authority in your country and/or region.

Please Contact Us at dataprivacy@blancco.com if you have any questions. If we are unable to resolve your concerns, you always have the right to contact the supervisory (data privacy) authority in the country where you live or work, or where you consider that the data protection rules have been breached.

16. HANDLING DATA SUBJECT REQUEST

Below is a general procedure to follow when handling data subject requests

  1. Identify the nature of the data subject request.
  2. Verify the identity of the data subject making the request, request the data subject to provide sufficient information to confirm their identity.
  3. We Acknowledge receipt of the request promptly, usually within one month.
  4. Evaluate the request to Understand the scope and purpose of the request to provide an appropriate response.
  5. Depending on the type of request to respond
    • Access Reque
    • Rectification Request
    • Erasure Request
  6. Comply with the applicable time frames for responding to data subject requests within one month.
  7. Keeping a record of the data subject’s request and the actions taken to respond to it.
  8. Communicate the response to the data subject in a clear and transparent manner, detailing the actions taken.
  9. Consulting legal professionals can also provide additional guidance and ensure compliance with the applicable laws and regulations.

Thank you for reading our Privacy Statement.