RLDatix Global Privacy Notice
Who is RLDatix?
RLDatix operates worldwide through subsidiary and affiliate companies. RLDatix is committed to privacy and to transparency in our information practices. This privacy Notice describes our collection, use, disclosure and processing of personal information that is collected online via our websites and services provided.
Whenever dealing with one of the group companies, the ‘controller’ of your personal information will be the company that corresponds with details in Schedule A.
Where this Notice refers to “we”, “our” or “us” below, unless it mentions otherwise, it is referring to the particular company that is the controller of your personal information.
What is this Notice?
We may collect Personal Information (defined below) about you, and we are committed to protecting this Personal Information and your privacy. Set out in this Notice is an explanation of how we collect, use, and safeguard your Personal Information.
The key principles of integrity, openness, transparency, and respect for the rights of individuals are elements of this Notice which apply to all of our business units globally. This privacy Notice is only relevant for data that is in our capacity as a controller with respect to Personal Information.
Not covered by this Notice. This privacy Notice does not apply to job applicants and candidates who apply for employment with us through our job application portal or to our employees and non-employee workers whose personal information is subject to different privacy policies which are provided to such individuals in the context of their employment or working relationship with an RLDatix group entity.
This Notice does not apply ns where RLDatix processes Personal Information on behalf of and subject to the instructions of a client as part of Agreements or business dealings.
Why do we need this Notice?
This Notice sets out the minimum requirements for all our businesses and employees for the confidentiality, security, integrity, and protection of Personal Information.
Where a jurisdiction in which we operate has regulatory or governance obligations over and above these Notice minimums, for that jurisdiction these additional requirements are included in Schedule B. For European Union (EU) residents (‘data subjects’) are entitled to additional rights under the General Data Protection Regulation (GDPR), that apply even where the data controller (i.e. the entity that ‘determines the purpose and means for processing personal data’) is based outside of the EU and is offering goods or services to residents within the EU. These rights are also shown in Schedule B.
What Personal Information do we collect?
The principles of data protection are that the amount of Personal Information which is collected and processed should be limited to what is necessary for the purpose for which the Personal Information was collected or obtained. We will only collect and use Personal Information about you that is necessary to provide you with the products and services that you have requested.
The information we collect depends on the nature of our relationship with you. Personal Information we may collect includes:
- behavioural (the activities, actions, transactions you may carry out, resources you access, clickstreams through websites),
- contact (such as your name, address, phone number and email address),
- monitoring (information relating to your activities on our website and your device – URL, IP, IMEI, browser type and version, time zone, operating system and platform, location),
- legal (information relating to legal claims made by you or against you or the claims process),
- sales (information relating to the sale of products or services to you) and
- correspondence (information contained in our correspondence or other communications with you about our products, services or business)
- special data (dietary requirements should you attend an event we host).
Regardless of whether we are acting as the data controller or otherwise, we may collect Personal Information directly from you. This information is provided entirely voluntarily and may be provided by:
- our website https://www.rldatix.com;
- our Customer portal ‘HUB’;
- our Twitter account: https://twitter.com/RLDatix(Opens in a new window)
- our Facebook account: https://www.facebook.com/rldatix(Opens in a new window)
- our Instagram account: https://www.instagram.com/rldatix/(Opens in a new window)
- our LinkedIn accounts : https://www.linkedin.com/company/rldatix/(Opens in a new window)
- corresponding with us by phone, email or otherwise,
- information given by you for events and conferences we may host.
Why do we collect your personal information?
This is dependent upon the nature of the relationship we have with you. For example:
- if you are an employee of a company with whom we have a business relationship, we may use your Personal Information as part of our contractual obligations and in the normal course of doing business with your company;
- if using our websites, we may use the Personal Information contained in cookies to track the use of our websites
- to personalise our website by integrating videos and optimising and increasing the attractiveness of our website offer
We collect the above information in order to provide services and products to you, to inform you of services and products we may provide to you and to improve the services and products we provide. Our use of your information may be based on the performance of a contract to which you are party to, which enables us to provide authorised products and /or services to you.
What is the legal basis associated with the main purpose?
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
- for analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
- to correspond or communicate with you;
- to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
- for the management of queries, complaints, or claims; and
Where there is a LEGAL REQUIREMENT, we will use your personal information to comply with our legal obligations:
- to identify you when you contact us;
- to verify the accuracy of data we hold about you;
- for the establishment and defence of our legal rights should this be required.
Who do we share your Personal Information with?
We will only disclose or share your Personal Information in accordance with applicable laws and regulations. As a global company, we may share your information with other business units within RLDatix. They may use your Personal Information as established in connection with the products and/or services that complement our own range of products and/or services. In some instances, this will include sharing your Personal Information with third parties such as:
- Service providers engaged by us to assist us in providing services to you. These service providers may include: cloud storage providers, mail-houses, IT system suppliers, auditors, lawyers and marketing agencies.
- Our third-party product and service administrators *
- Any member of our organisation which includes our ultimate holding company and its subsidiaries (from time to time) as necessary to provide services to
* When we use a third party service provider, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
For information on processors who may be used by RLDatix to process your data, please email [email protected].
iContracts, an RLDatix company (“iContracts”), complies with the EU-US Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union (the “EU”) member countries and the United Kingdom (“UK”). iContracts has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. A violation of iContracts’ commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov.
In compliance with the Privacy Shield Principles, iContracts commits to resolve complaints about your privacy and our collection or use of Personal Data about you. Persons from the EU or the UK who have inquiries or complaints regarding this Privacy Notice should first contact us via email at: [email protected].
iContracts has committed to refer unresolved privacy complaints under the Privacy Shield to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. In cases of onward transfer to third parties of data of EU or UK individuals received pursuant to the Privacy Shield, iContracts is potentially liable.
How do we keep your Personal Information secure?
We store Personal Information in secure databases and in secure cloud environments. We take appropriate security measures to protect such Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
We take protection of your Personal Information and our system security very seriously. Any Personal Information that is collected, processed or stored will have appropriate safeguards applied in line with our data protection obligations. We have also designed and implemented controls to minimise loss of, or damage to, your Personal Information by human error, negligence or malicious intent and engage internal and external auditors to conduct regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Our employees also protect your Personal Information whenever they are processing it and undergo regular training on privacy and data protection requirements.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your Personal Information.
All exchanges of Personal Information between you and our websites go through secure channels in order to prevent interception of your Personal Information.
How long will we store your Personal Information?
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under “Why do we collect your personal information”. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies in a jurisdiction) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or
- in limited cases, the law permits us to keep your Personal Information indefinitely provided we put certain protections in place.
Each jurisdiction grants individuals certain lawful rights in respect of their Personal Information. In some jurisdictions, additional rights are available to individuals – these are outlined in Schedule B.
The rights that we adopt as part of our global privacy Notice and therefore within all jurisdictions are the:
Right to lodge a complaint – You have a right to lodge a complaint to us at any time if you object to the way in which we have used or managed your Personal Information. Where you are dissatisfied with our response, you also have the right to escalate your complaint to the relevant regulator in your jurisdiction. Further information can be located on the applicable regulator’s website (see Schedule C).
Right of access – All individuals have a right to access their Personal Information held by an organisation. There will not usually be a charge to you for us to respond to these requests. However, where the request is deemed by us to be excessive, you may be charged a fee for our providing you a record of your Personal Information that is held by us. Your Personal Information will usually be provided to you in hard copy, unless otherwise requested. Where you have made the request to receive a record of your Personal Information held by us by electronic means, we will endeavour to provide the data in the requested format where we are able to do so.
Right of rectification – We take reasonable steps to ensure that the Personal Information we collect and hold about you is accurate and complete. However, if you do not believe this is the case, you have the right to request we rectify the inaccuracy at any time.
Right to opt out from receiving any direct marketing – You can ask us to stop sending you marketing messages at any time. Please see below for instructions on how you can do this.
If you would like to exercise any of the above rights or make a complaint about how RLDatix has handled your Personal Information, please refer to Schedule D for the contact details for your jurisdiction. In some circumstances, exercising some of these rights may result in us being unable to continue providing you with a prescribed service and/or our business relationship with you. Please note that in some cases we may not be able to comply with your request for legal reasons. Where we are unable to comply with your request, we will also inform you of the reasons why.
Cookies and links to other Sites
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we collect any sensitive personal information about your food allergies and health conditions for events and conferences we may host, we will apply additional security controls to protect that data.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations including Twitter and Google. This Notice does not apply to those other websites’ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the Notice of that third party website.
We may collect your preferences to receive marketing information directly from us by email, and/or telephone calls in the following ways:
- if you register an account with us online; or
- if you make a sales enquiry or place an order we may contact you with marketing information in the ways mentioned in the Notices presented to you, except where you indicate you would prefer otherwise.
- if you sign up for an event or conference.
We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies by using your personal information or use your personal information to tailor marketing to improve its relevance.
If you want to make sure that no personal data is collected and processed by YouTube and Vimeo, please do not click on the embedded videos.
On our website we use the map service Google Maps in order to provide directions to our offices. When you visit our website in which the Google Maps map is integrated, your browser loads the Google Maps map service into your browser cache in order to display it on our website.
We use external fonts from Google Fonts so that when you visit our website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For these integrations, by accessing our website you accept that your Internet browser establishes a connection to the respective server and provides them with information including your IP.
Changes to this Notice
Please note that this Notice will be reviewed and may be changed from time to time. Any changes we make to this Notice in the future will be posted to our websites.
Schedule A – Companies
|APAC||RLDatix Australia Pty Ltd|
|US||Datix (USA) Inc|
|Canada||RLDatix North America Inc|
|Germany||Allocate Software GMBH|
|UK||Allocate Software Limited|
Cloud9 Software Limited
|Sweden||Time Care AB|
|Macedonia||Allocate Software Dooel Skopje|
Schedule B – Additional requirements (Jurisdiction)
For UK and European Union (EU) residents, the following additional rights apply:
Right to erasure – (sometimes referred to as ‘the right to be forgotten’). The broad principle underpinning this right is to enable you to request the deletion or removal of personal information whether there is no compelling reason for its continued processing.
Right to restrict processing – The board principle underpinning this right is to restrict the processing of personal information if one of the following applies:
- the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of the personal information;
- the processing is unlawful and you oppose the erasure of the personal information and requests the restriction of their use instead;
- we no longer need the personal information for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of us override those of you.
Right of data portability – You are able to obtain and reuse your personal information for your own purposes across different services by being allowed to move, copy or transfer personal information easily from one IT environment to another.
Right to withdraw consent – where processing is based on consent, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and/or services to you and/or maintain a business relationship with you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
Right to be informed – You are entitled to be provided with information about certain matters relating to the processing of your personal information and for that information to be provided within certain timescales.
Right of access – You have the right to obtain: confirmation that your personal information is being processed; access to your personal information
Right to rectification – You are entitled to have your personal information rectified if it is inaccurate or incomplete.
Right to object – The board principle underpinning this right is that you are entitled to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research or statistics.
Rights relating to automated decision-making and profiling – This right doesn’t apply to all circumstances but, where it does apply, it effectively provides you with safeguards against the risk that a potentially damaging decision is taken solely based on automated means, without human intervention, which produces legal effects concerning you or significantly affects you
For Australian residents, the following additional rights apply globally:
Anonymity and pseudonymity – Individuals dealing with us have the option of being anonymous or using a pseudonym unless we:
- are required or authorised by law or a court or a tribunal order to deal with identified individuals; or
- it is impracticable for us to deal with you if you have not identified
If we are unable to collect your personal information – In addition to not being able to provide certain products or services to you, the following may also occur:
- we may not be able to provide you with information that you requested; and / or
- we may not be able to offer you employment with
Dealing with unsolicited personal information – Generally, most information received by us is immediately and automatically recorded (i.e. most documents received are scanned into an electronic image or online systems used).
Where it becomes apparent that a communication contains unsolicited personal information that could not otherwise lawfully be requested or used, we will make reasonable efforts to delete, destroy or de-identify the record. Where it is impracticable to do this (for example, the unsolicited information is combined with necessary information), the record will be retained, subject to the safeguards detailed in this privacy Notice.
Disclosing your personal information outside of Australia – As part of providing services to you and in our capacity as a service provider, occasionally personal information may be stored or processed at locations outside of Australia.
We may disclose personal information to corporate and third-party suppliers and service providers located overseas. These include IT service providers, and other third party vendor/suppliers located overseas.
Those countries that we may disclose your personal information to that are located outside of Australia, include the United Kingdom, the United States of America and North Macedonia as at the date of this Notice.
The Canadian Privacy Statutes set the obligation that RLDatix may only collect, use and disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Consent is required for the collection, use and disclosure of personal information. Depending on the sensitivity of the personal information, consent may be opt in or opt out.
Each of the Canadian Privacy Statutes also provides individuals with the following:
- A right of access to personal information held by an organization, subject to limited exceptions;
- A right to correct inaccuracies in/update their personal information records; and
- A right to withdraw consent to the use or communication of personal information.
The United States does not have a comprehensive federal privacy law however there are a large number of sector specific data and privacy laws. Therefore, it is recommended that you seek advice from your local data protection agency or contact the relevant RLDatix Privacy Officer.
Depending on the jurisdiction in which you are located, you may have the right to request that we modify, delete, or stop processing your personal information, and you may also have the right to request that we provide the following information regarding the personal information we hold about you:
- The categories and/or specific pieces of personal information we collected
- The categories of sources from which personal information is collected
- The business or commercial purpose for collecting personal information
- The categories of third parties with whom we shared personal information
If you are a California resident, you are entitled to request information concerning any personal information you provide to us as part of an established business relationship for personal, family, or household purposes that we disclose to non-affiliated third parties for their direct marketing purposes. We do not share such personal information with non-affiliated third parties for such purposes.
Schedule C – Regulatory Authority per Jurisdiction
This schedule provides the contact for the jurisdictions where we are obliged to provide you this information to support a complaint about how we have managed your information.
|Country||Authority Name||Website||Contact Details|
|Australia||Office of the Australian Information Commissioner (OAIC)||www.oaic.gov.au||GPO Box 5218, Sydney NSW 2001
T 1300 363 992
|Canada||Office of the Privacy Commissioner (OPC)||www.priv/gc/ca/EN/||Office of the Privacy Commissioner
30, Victoria Street
|Germany||Germany has a Data Protection Authority for each of the 16 German states (Länder).||Brandenburg – https://www.lda.brandenburg.de/
Berlin – https://www.datenschutz-berlin.de/
Bavaria (private sector) – https://www.lda.bayern.de/
Bavaria (public sector) –
Bremen – https://www.datenschutz.bremen.de/
Mecklenburg-Vorpommern – https://www.datenschutz-mv.de/
Lower Saxony – https://www.lfd.niedersachsen.de/
North Rhine-Westphalia – https://www.ldi.nrw.de/
Rhineland-Palatinate – https://www.datenschutz.rlp.de/
Schleswig-Holstein – https://www.datenschutzzentrum.de/
Saarland – https://www.datenschutz.saarland.de/
Saxony – https://www.saechsdsb.de/
Thuringia – https://www.tlfdi.de/
|Sweden||Swedish Authority for Privacy Protection||https://www.imy.se/en/||Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden|
|United Kingdom||Information Commissioner’s Office||www.ico.org.uk||Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF
T +0303 123 1113 (or +44 1625 545745 if calling from
overseas) F 01625 524510
Schedule D – Privacy Officers/ Contacts
|Jurisdiction||Privacy Officer||Location||Email / contact|
|APAC||Vicki Knevett||Level 10, 71 Queens Road
|EU/ UK*||June Lewis||2nd Floor, 1 Church Road
Richmond TW9 2QE
|[email protected] or [email protected]|
|NAM||Pooja Patel||311 South Wacker Drive,
Chicago, Illinois United States
|2nd Floor, 1 Church Road
Richmond TW9 2QE
|Sweden – Time Care AB||Frederick Lind||Time Care AB, Attn: GDPR, Box 30077, 104 25 Stockholm||[email protected]|
|*Locations include Ireland, UK, Sweden, Germany and North Macedonia|