Open Systems recognizes that privacy is a fundamental human right and further recognizes the importance of privacy, security and data protection to our customers and partners worldwide. As a global organization, with legal entities, business processes, management structures, and technical systems that cross international borders, we strive to provide protections across all of our operations that exceed legal minimums and to deploy consistent, rigorous policies and procedures.
This Privacy Statement informs you of our privacy practices and of the choices you can make and rights you can exercise in relation to your personal data, including information that may be collected from your online activity, use of devices, and interactions you have with us offline, such as when you engage with our customer support representatives. This Privacy Statement applies to all Open Systems companies as well as Open-Systems-owned websites, domains, services, applications, subscriptions and products, and those of our subsidiaries. For a list of our affiliates please see <??? link to the web-page of sub-processors and affiliated operational entities>.
1. Our Privacy Principles
We are committed to the following principles, which are based on internationally-recognized frameworks and principles of privacy and data protection:
Lawfulness, Fairness and Transparency
We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) in order to fulfill our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; 4) as a data processor of our customers or 5) otherwise in accordance with law.
Notice and choice of data use
We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles, our Privacy Statement or specific notices associated with our services.
We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.
Data integrity and purpose limitation
We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law. We take reasonable steps to ensure that personal data is accurate, complete and current and we only collect personal data which is relevant and limited to what is necessary for the purposes for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected and then we will securely delete or destroy it.
To protect personal data against unauthorized use or disclosure we implement strong information security controls in our own operations and offer market-leading products and solutions with high levels of data security protection.
Accountability for onward transfer
We acknowledge our potential liability for transfers of personal data among our affiliates or to third parties. Personal data will only be shared when third parties are obligated by contract to provide equivalent levels of protection.
Recourse, oversight and enforcement
We are committed to resolving any concerns regarding your personal data.
2. International Data Transfers
As a global company, it is possible that any information you provide may be transferred to or accessed by affiliates worldwide in accordance with this Privacy Statement.
Intra-Group Data Transfer Agreements
We have signed an Intra-Group Data Transfer Agreement (IGDTA). Open Systems AG is the group representative. With this IGDTA, the Parties define the rules applicable to such transfer and processing, including, without limitation, the data privacy and data security standards and certain other rules required under the GDPR (namely its articles 25, 27, 28 et seq. and 44 et seq.), to ensure compliance with applicable privacy law.
Under this IGDTA, each of the parties may, as the case may be, act as controller or data exporter with respect to a specific processing operation, or, as the case may be, as processor or data importer with respect to another processing operation.
3. How We Use Data
We collect and use personal data to manage your relationship with us and better serve you when you are using our services by personalizing and improving your experience. Examples of how we use data include:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services, subscriptions and features that may interest you and enabling you to participate in contests and surveys. We also use your data to deliver a tailored experience, personalize the our services and communications you receive and create recommendations based your use of our services.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.
Product support and improvement
Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service.
Communicating with you about our services. Examples of administrative communications may include responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications, communications required by law or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.
Research and Innovation
Innovating new products, features and services using research and development tools and incorporating data analysis activities.
Providing personalized promotional offers (in accordance with your privacy preferences) on our services and other selected partner websites. We might also share some of your information with marketing service providers and digital marketing networks to present advertisements that might interest you.
Compliance with law
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes.
4. What Data We Collect
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of our services or during interactions with our representatives.
The personal data we collect from you depends on the nature of your interaction with us or on the services you use, but may include the following:
Information you provide directly
- Contact Data – We may collect personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address, the company you work for and your role within the company and other similar data.
- Payment Data – We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information.
- Account Data – We collect information such as how you purchased or signed up for our services, your transaction, billing and support history, the services you use and anything else relating to the account you create.
- Location Data – We collect geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website.
- Security Credentials Data– We collect user IDs, passwords, password hints, and similar security information required for authentication and access to your accounts in our company.
- Demographic Data – We may collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.
- Preferences – We collect information about your preferences and interests as they relate to our services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
- Social Media Data – We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites.
- Other Unique Identifying Information – Examples of other unique information that we collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of our services and to respond to your inquiries.
Information automatically collected about your use of our services
- Product Usage Data – We collect product usage data
- Anonymous or Aggregated Data – We collect anonymous answers to surveys or anonymous and aggregated information about how our our services are used. In the course of our operations, in certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you through the use of that data with available technology.
Information from third-party sources
We collect data from the following third parties:
- Data brokers, social media networks and advertising networks – Commercially-available data such as name, address, email address, preferences, interests, and certain demographic data.
- Fraud prevention or credit reporting agencies – Data collected to prevent fraud and in connection with credit determinations.
- Enterprise customers – In order to provide certain services at an enterprise level, your business contact data may be provided to us by a designated entity within your business or enterprise (such as a member of your IT department).
- Analytics Providers – We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
In order to provide certain services at an enterprise level, your business contact data may be provided to us by a designated entity within your business or enterprise (such as a member of your IT department). Where necessary, we may also use information provided by you or your employer, together with information from publicly-available and other online and offline sources, to conduct due diligence checks on business contacts as part of our anti-corruption compliance program.
We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. Information may also be linked via a unique identifier such as a cookie or account number.
Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance program and in accordance with our legal obligations.
5. Children’s Privacy
We do not knowingly collect information from children as defined by local law, and do not target our websites to children.
6. How We Keep Your Data Secure
To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. We retain data as required or permitted by law and while the data continues to have a legitimate business purpose.
When collecting, transferring or storing sensitive information such as financial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. When we transmit highly-confidential information over the internet, we protect it through the use of encryption, such as later versions of the Transport Layer Security (“TLS”) protocol.
We maintain records in accordance with law and our records retention policy. Records relating to employment, compensation, benefits and payroll are maintained while active and then for an additional period of up to 10 years. Business records including records relating to customer and vendor transactions are maintained while active and for a period of up to 12 years.
Following the expiration of the retention period, electronic records are permanently erased so as to ensure that they cannot be restored and physical records are destroyed in a manner where they cannot be reproduced (e.g., shredding).
7. How We Share Data
We will only share your personal data as follows and, when applicable, only with the appropriate contractual obligations in place:
Sharing with affiliates
We may transfer your personal data to other affiliates in the US and worldwide for the purposes outlined in this Privacy Statement. To ensure that your personal data is secure, we are contractually bound to comply with our privacy requirements. Furthermore, our privacy guidelines are communicated to our employees as part of our mandatory training.
Where the international privacy programs identified above do not apply, when you agree to accept our Privacy Statement when registering a product or for service, creating an account, or otherwise providing us with your personal data, you consent to the transfer of your personal data throughout the our global network of affiliates.
Sharing with service providers and partners
We engage service providers or partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the US or in other global locations and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfillment, product delivery, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, live-help, debt collection and management or support of our websites. Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by us. We also take steps to provide adequate protection for any transfers of your personal data in accordance with applicable law such as signing EU Standard Contractual Clauses with the service provider or partner, relying on their Privacy Shield certification, other approved codes of conduct or certification mechanisms or binding and enforceable commitments of the service provider.
Sharing other information with advertisers
We may also transfer information about you to advertising partners (including the ad networks, ad-serving companies, and other service providers they may use) so that they may recognize your devices and deliver interest based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or de-identified form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system and may combine information about you with information from other companies in data sharing cooperatives in which we participate.
Sharing with other third parties
Circumstances may arise where, whether for strategic or other business reasons, we decide to sell, buy, merge or otherwise reorganize businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
Compliance with law
We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of our subsidiaries; or (v) protect the rights or personal safety of us, our employees, and third parties on or using our property when allowed and in line with the requirements of applicable law.
8. How We Use Automatic Data Collection Tools
9. Choosing Your Privacy Preferences
You can make or change your choices regarding Automatic Data Collection Tools, as well as receiving either subscription or general communications at the data collection point or by using other methods, which are described in the following sections. These options do not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, driver updates, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
Marketing and subscription communications
We provide information about products, services, and/or support and you can select how these communications are delivered – e.g., via postal mail, email, telephone, fax or mobile device. Marketing communications may include new product or services information, special offers, personalized content, targeted advertising or invitations to participate in market research or compliance reviews. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive.
You may opt out of receiving these general communications by using one of the following methods:
- Select the email’s “Opt out” or “Unsubscribe” link, or follow the instructions included in each email subscription communication.
- Contact our Data Protection Officer. Be sure to provide your name, contact information, and specific relevant information about the subscriptions or marketing that you no longer wish to receive.
Ads and offerings on third-party websites
We contract with service providers to place ads on websites owned by third parties. Sometimes this will be achieved by sharing some personal data as described in the section on Third-Party Advertising Cookies and Social Media Cookies.
Automatic data collection tools – online
If you don’t want to allow cookies at all, please refer to your browser settings. Note that by disabling certain categories of cookies, you may be prevented from accessing some features of our sites or certain content or functionality may not be available. Certain browsers allow you to navigate websites in an incognito or private mode. Once the browser session is closed, typically all cookies collected during the session are automatically destroyed.
Some newer web browsers incorporate “Do Not Track” features. Currently, no industry standard exists for handling “Do Not Track” requests, therefore at this time, our websites may not respond to “Do Not Track” requests or headers from these browsers.
Automatic data collection tools
You can disable automatic data collection tools, such as web beacons, in email messages by not downloading images contained in messages you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable Automatic Data Collection Tools in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider.
10. Exercising Your Rights & Contacting Us
You have the right to ask us for a copy of any personal data that you have provided to us or that we maintain about you and to request an explanation about the processing. In addition, you have the right to withdraw any consent previously granted or to request correction, amendment, restriction, anonymization or deletion of your personal data; and to obtain the personal data you provide with your consent or in connection with a contract in a structured, machine readable format and to ask us to transfer this data to another data controller.
You also have the right to object to the processing of your personal data in some circumstances, in particular when we are using your data for direct marketing or to create a marketing profile. Please see Choosing Your Privacy Preferences for guidance on how to exercise your rights with regard to marketing.
In certain cases, these rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep.
To exercise your rights, or if you have any questions or concerns about our Privacy Statement, our collection and use of your data or a possible breach of local privacy laws, you can contact our Data Protection Officer or write to us at the appropriate address below:
Data Protection Officer
Dr. C. Schäfer
Active Assets A2 GmbH
All communications will be treated confidentially. Upon receipt of your communication, our representative will contact you within a reasonable time to respond to your questions or concerns. We aim to ensure that your concerns are resolved in a timely and appropriate manner.
If we are unable to resolve your concerns, you have the right to contact a data privacy supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached or seek a remedy through the courts.
11. Changes to Our Privacy Statement
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. If we make significant changes to our Privacy Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
This Privacy Statement becomes effective 30 days after posting, unless you are presented with the our Privacy Statement prior to that date, in which case, this Privacy Statement becomes effective as of the earlier date.
Date Posted: June 1, 2020.