Last Updated: 1 April 2021

PRIVACY ESSENTIALS – INTRODUCTION

We are Blancco Technology Group PLC.
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
+44 1279 874580
www.blancco.com


“Personal Data” means data which identifies a person or could identify a person, such as their name, contact details and financial data. It applies to Personal Data that we process in connection with your relationship with us as a (prospective) client, supplier, partner, investor, visitor to our website or prospective employee.


Every individual has a right to understand how their Personal Data is being used and to exercise control over it using data protection rights which are set out in the European Union General Data Protection Regulation (“GDPR”). This Privacy Statement seeks to ensure that you know:

  • What Personal Data we collect from you
  • What we are doing with your Personal Data
  • That we will only use your Personal Data for the purposes set out in this Privacy Statement
  • Your rights, and how you can exercise control over your Personal Data

We make the following commitments. We will:

  • Not send you marketing emails if you do not want to receive them
  • Not sell your personal information or disclose it for a business purpose*
  • Always ensure that we only share your Personal Data with third parties where absolutely necessary and with appropriate safeguards in place.
  • Apply the principles of Privacy by Design and Data Minimization throughout our organization
  • Ensure appropriate technical and organisational measures are in place to protect your Personal Data and keep it secure

* For California data subjects falling under the scope of the CCPA


If you have further questions, please get in touch with us at: dataprivacy@blancco.com


If you have any complaints relating to Data Breach, Privacy Breach, Fraud, Conflict of Interest, Discrimination/ Harassment using personal Data or breach of Code of Conduct, you may lodge your complaints at dataprivacy@blancco.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the country where you reside, place of work or place of the alleged infringement if you consider that the processing of Personal Data infringes the GDPR.

The contact details for the relevant Supervisory Authorities for Data Protection are included in this Privacy Statement.

The United Kingdom Information Commissioner (whose functions are discharged through the Information Commissioner’s Office (“ICO”)) is the supervisory authority for the United Kingdom for the purposes of art. 51 of the GDPR

The ICO’s contact details are:
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
T +0303 123 1113 (or +44 1625 545745 if calling from overseas)
F 01625 524510
www.ico.org.uk

For all other countries please reach out to the Data Privacy authorities in your country or see your relevant data privacy authority contact details at: ec.europa.eu


Last Updated: 1 April 2021

PRIVACY STATEMENT FOR THE BLANCCO GROUP OF COMPANIES

CONTACT DETAILS

If you have any questions about this Privacy Statement or the way in which your Personal Data is being used by us, please contact:

Data Protection Office
Blancco Technology Group PLC
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
Email: dataprivacy@blancco.com
Telephone: +44 (0)1279 874580

1. ABOUT THE BLANCCO GROUP

This Privacy Statement applies generally to personal data received by the following companies in the Blancco Group in any format. BTG Group will ensure all global data handled by our offices conforms to this Privacy Policy:

Blancco Oy Ltd
Blancco Technology Group IP Oy
Blancco Finland Acquisitions Oy
Blancco Technology Group Sweden AB
Safe IT Security Sweden AB
Blancco Software India Pvt Ltd
Blancco Diagnostics India Pvt Ltd
Blancco US LLC
Blancco (Software) Services Inc
Blancco Services US LLC
Blancco Central Services Limited
Blancco Technology Group PLC
Blancco Trustees Ltd
Blancco (Software) Services Ltd
Blancco Finance Ltd
Blancco UK Limited
Blancco APAC Pte Ltd
Blancco (Software) Netherlands B.V.
Blancco Technology (Beijing) Co., Ltd
Blancco Technology Group Canada Inc
Blancco Japan Inc.
Blancco Central Europe GmbH
Blancco SEA Sdn Bhd
Blancco Australasia Pty Limited
Blancco France SAS
Blancco Technology Group Ireland Limited

References to “We”, “Us” the “Company” and “Blancco” shall apply to the company in the group that is processing your Personal Data.

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions. Blancco data erasure solutions provide thousands of organizations with the tools they need to add an additional layer of security to their endpoint security policies through secure erasure of IT assets.

2. THE PURPOSE OF THIS PRIVACY STATEMENT

This Privacy Statement describes our approach to data privacy and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR.

We are committed to protecting the rights and privacy of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).

Please read this Privacy Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

Your privacy is important to us and we are committed to protecting and safeguarding your rights.

3. WHO THIS PRIVACY STATEMENT APPLIES TO

This Privacy Statement provides specific information relating to the following individuals whose Personal Data we process where we are a controller of the Personal Data under the GDPR:

  • business contact data including our (prospective) customers, suppliers, partners, shareholders and business prospects “Business Contacts”; and
  • prospective employees/those applying for jobs at the Company “Candidates”;
  • users/guests of our Website “Website Users”.

Personal Data of employees of the Company is dealt with via an internal privacy notice and documentation.

4. CATEGORIES OF PERSONAL DATA

We may process the following categories of Personal Data, however, such subject to the Data Minimisation Principle (we only process data where absolutely required). For each category we have included an example of the type of Personal Data that maybe part of that category:

Personal Data Category Description
Identification Data may include a person’s name, date of birth, driver’s license and passport information.
Contact Data may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)
Communication Data may include phone calls, email correspondence and hard copy correspondence
Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Recruitment Data may include recruitment related data such as Identification Data, Contact Data, Communication Data, CV and job application data.
When processing CV data, we may process certain Personal Data including the following: employment history, skills/ experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licenses held, interests and hobbies, languages, locations, nationality, passport, eligibility to work in certain jurisdictions, salary expectations, interview/screening answers and notes and usernames and passwords for access to our recruitment portal.
Financial Data may include payment related information or bank account details and financial data received as part of the services that we provide.
Special Category Recruitment Data if we interact with you for the purposes of a job with the Company, we may collect Recruitment Data that is of a special category as per the GDPR definition: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or data relating to health. We will only source this data with the explicit consent of Candidates.
Web Data may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

5. OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process all Personal Data lawfully and in accordance with the requirements of the applicable law. The GDPR sets out the legal grounds for processing Personal Data.

When the Company processes Personal Data, it is generally on one of the following legal grounds:

CONTRACT

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract;

CONSENT

For certain processing activities we may rely on your consent. For example, a Candidate may give us their consent to process their Personal Data when they apply to a position advertised on our website.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at dataprivacy@blancco.com.

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprivacy@blancco.com and we will review our processing activities.

For example: You are obligated to provide your personal data in order to be on-boarded as a potential vendor to Blancco Group and the failure to provide such data may result in your failure to be considered for future business relationships with Blancco Group.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.
By affirmatively acknowledging your consent to this Privacy Statement, you are agreeing that Blancco Group may treat your personal data in a manner consistent with this Privacy Policy.

COMMUNICATION PREFERENCES

Blancco offers its visitors and customers, who provide contact information a means to choose how Blancco uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of Blancco’s marketing emails. Additionally, you may unsubscribe here or by contacting us at marketing@blancco.com

6. SOURCES OF PERSONAL DATA

BUSINESS CONTACT PERSONAL DATA

We collect Business Contact Personal Data from our business contacts including – customers, suppliers, partners, shareholders and business prospects.

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the business relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected from another company in the Blancco group;
  • the Personal Data may be collected indirectly from a website or from a third party, including pursuant to your registration and/or attendance to a physical and virtual marketing/sales event.

EMPLOYEE CANDIDATE PERSONAL DATA

We will only ever source and process Personal Data in a way that would be generally expected from a company acting in accordance with the GDPR. We will not source Personal Data in relation to Candidates that is unnecessary, excessive and contrary to the terms and the principles of the GDPR.

We may receive Personal Data relating to Candidates from a variety of sources. The primary source is from Candidates directly. Examples of the sources of Personal Data of Candidates are as follows:

  • the Candidate may send their CV to us with the intention of registering with us to be informed of potential job vacancies;
  • the Candidate may apply directly to a position advertised on our website;
  • the Candidate may apply to a position advertised on a third-party jobs’ website;

WEB DATA

We collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.

We may receive Web Data about Website Users who access our advertisements or our Website regardless of whether they interact or register with the Website.

For more details please refer to our Cookie Policy

7. DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data as follows:

  • to business partners and subcontractors for the performance of any contract relating to our services, including email, Skype, Customer Relationship Management system, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • to another company in the Blancco group of companies;
  • to any recruitment agency who is helping us to recruit Candidates;
  • to analytics and search engine providers that assist us in the improvement and optimisation of the Website;
  • if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have;
  • to protect our rights, property, or safety, or that of our Candidates or Business Contacts or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection.

When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.

8. SECURITY MEASURES

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Statement and the relevant law, including the GDPR.
In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

9. TRANSFERS OUTSIDE THE EEA

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission or any alternatives thereto as determined acceptable by the EU Commission and/or by the applicable data privacy authorities in the relevant country/region. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR and other applicable data privacy laws and regulations.

10. COOKIES

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them.

Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Policy.

11. THIRD PARTY WEBSITES

Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

12. RETENTION

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy is as follows:

Purpose of Processing Categories of Personal Data Retention Period*
Service Delivery Activities • Identification Data
• Contact Data
• Communications Data
24 months after completion of service delivery activities in the case where there is no further meaningful engagement.
Marketing and Promotion Activities • Marketing Data
• Contact Data
• Web Data
12 months in the case where no meaningful engagement or earlier in the case you unsubscribe.
Recruitment Activity • Identification Data
• Contact Data
• Communication Data
• Recruitment Data
• Web Data
• Marketing Data
• Special Category Recruitment Data
12 months for Candidates who are not hired.

Candidates who have consented will remain on the database for other positions with the company until consent is withdrawn or there is no meaningful engagement over a period of time.

A separate retention policy applies to employees

Website Delivery • Web Data 12 months
Managing Payments and administration of the contract • Identification Data
• Contact Data
• Communication Data
• Financial Data
7 – 10 years (Depending on a country legal requirements)
Management of Corporate Affairs • Identification Data
• Contact Data
• Communication Data
• Financial Data
7 – 10 years unless there is a mandatory legal requirement to retain indefinitely (this depending on a countries legal requirements)

* The provided retention periods are indicative and subject to local data privacy and other mandatory legislation as applicable.

13. YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

  • You can ask for access and disclosure to the Personal Data we hold on you
  • You can ask to change Personal Data you think is inaccurate
  • You can ask to delete Personal Data (right to be forgotten)
  • You can ask us to limit what we use your Personal Data for
  • You can ask to have your Personal Data moved to another provider (data portability)
  • You can ask to opt-out of the sale of personal information (if applicable)
  • You can make a complaint

14. AMENDMENTS TO THIS PRIVACY STATEMENT

We may post any changes on the Website and when doing so will change the effective date at the top of this Privacy Statement. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

Thank you for reading our Privacy Statement.

To exercise any of your rights regarding your Personal Data, or in case you have any concerns or questions regarding this Privacy Statement, please e-mail us at dataprivacy@blancco.com or call us at +44 (0)1279 874580 or write us at:

Attn. Data Protection Office (Legal Department)
Blancco Technology Group PLC
Suite 1, Chapel House
Thremhall Park, Start Hill
Bishops Stortford
Hertfordshire
CM22 7WE, United Kingdom
Email: dataprivacy@blancco.com

We are committed to help you in finding a reasonable and fair resolution of any issue or complaint you may have regarding data privacy. As stated earlier, you always retain the right to lodge a complaint with the competent supervisory authority in your country and/or region.

Please Contact Us at dataprivacy@blancco.com if you have any questions. If we are unable to resolve your concerns, you always have the right to contact the supervisory (data privacy) authority in the country where you live or work, or where you consider that the data protection rules have been breached.