DuoTrainin Privacy Notice
Last update: 26 February 2018
DuoTesting s.r.o. (LLC) trading under the brand name DuoTrainin –
Your Learning Organisation, hereafter referred to as ‘DuoTrainin’, controls
personal data within the scope of the services that we provide, supported by
its marketing activities.
In our responsibility of Data Controller, DuoTrainin ensures that
data subjects’ rights according to the GDPR are observed.
What this privacy policy
covers
This policy covers how DuoTrainin treats personal data that we collect, receive
and control, including data related to past use of DuoTrainin products and
services.
Personal data is data about you that is personally identifiable like
your first and last name, address, email address, or phone number, and that is
not otherwise publicly available.
Lawful base
DuoTrainin uses the lawful base of CONSENT for the controlling of
personal data.
How we collect personal
data
We collect and control personal data in several different ways. For example, we
might ask for your personal details when you sign up to one of our online
products or services. Or we register your contact information when you write to
or call us to make a purchase or ask for a service. In addition, when you ask
to be included in an email mailing list to be made aware of a new DuoTrainin
product or service, sign up for DuoTrainin Internet service packages, we
collect and store the data you provide with our data processors DigitalOcean, WP Engine and SendGrid (see paragraph ‘Data Processors’).
To make our web services easier to use and save time; some areas of the
DuoTrainin website may allow you to create a "DuoTrainin ID" using
your personal data. Next time you order something from DuoTrainin or register a
new product (or for organisations: register a new user), you can simply enter
your email address and password—the system will automatically locate the
remaining data required.
On our knowledge website YourLearningOrganisation we control an
individual’s email address when an individual subscribes him/herself to our
blog feed. We also control First Name, Last Name and email addresses of
individuals for marketing purposes. Sources for this data are social media
marketing channels such as Linkedin, Twitter and Facebook.
When you browse DuoTrainin's website, you are able to do so anonymously.
Generally, we don't collect personal information when you browse — not even
your email address. Your browser, however, does automatically tell us the type
of computer and operating system you are using.
Cookies
Cookies are pieces of information that a website
sends to your computer while you are viewing the website. These pieces of
information allow the website to remember important information that will make
your use of that website more useful. DuoTrainin uses cookies for a variety of
purposes. For instance, DuoTrainin uses cookies to remember and process the
items in your shopping cart. You can choose to have your computer warn you each
time a cookie is being sent, or you can choose to turn off all cookies. You do
this through your browser settings. If you turn cookies off, you will not have
access to many DuoTrainin features that enhance your browsing experience.
How we control personal
data
We control personal data to keep people up to date about the latest
product launches, software updates, special offers, and other useful
information, which may be of interest. This may sometimes include information
from other technology companies about products and services that can add value
to your DuoTrainin products. Occasionally, we may also use personal data to
contact you to take part in market research surveys, so that we can measure
customer satisfaction and develop better products and services.
DuoTrainin has other cooperating partners in various countries, with
whom your personal information may be shared. For example, we give postal or
freight companies this information so they can deliver your products
efficiently. The information they receive is for shipping and delivery purposes
only. All our partners have been instructed to comply with our Privacy Policy
& Privacy Notice.
At times we may be required by law or legal process to disclose your
personal information. In cases when disclosure is necessary for the public
interest, we may respond positively as well.
Data retention
For the DuoTrainin system, the retention period of the data is equal
to the period an individual wants to make use of our services. When an
individual informs us that he/she no longer wants to make use of our services,
or when an individual is removed from our system by his/her employer, or by any
other organisation that (originally) added the individual, the personal data of
this individual is removed from our system within a fortnight.
For YourLearningOrganisation, an individual can unsubscribe
him/herself by clicking the appropriate link in the email received in case
he/she no longer wants to receive any post updates or newsletter. The removal
of his/her personal data is instant.
Access to your personal
data
There are many ways that you can help to protect the security of
your information as well. For instance, never give out your password, as this
is what is used to access all of your account information. Also remember to
sign out of your account and close your browser window when you finish surfing
the internet, so that other people using the same computer won't have access to
your information.
You always have access to the information we have about you. If you would like
to review personal data that DuoTrainin may have about you, please email us at
support@duotrainin.com.
Right to be forgotten
Any individual has the right to object, or to withdraw consent at
any time and can send us his/her request to this effect in text form (e.g. by
email). We respond to such a request within a fortnight.
Data Protection Officer
(“DPO”)
DuoTrainin confirms that it has appointed a DPO within the meaning
of the GDPR, and undertakes to identify the DPO upon request in text form (e.g.
by email).
Data Protection Impact
Assessment (“DPIA”)
We have executed a DPIA, which is reviewed by means of an
information audit at least every six months, or sooner when we add services or
make any other significant change to which, and the way in, we collect, receive
and control personal data. This includes a potential change in the lawful base
we use to control personal data.
Data security
DuoTrainin is bound by data secrecy, i.e. any persons employed by
DuoTrainin in the processing of data on DuoTrainin’s behalf shall commit
themselves to confidentiality and not process the data without authorisation.
Company wide awareness
To make sure your personal information remains confidential, we make sure that
every DuoTrainin co-worker is aware of,
and follows the DuoTrainin privacy guidelines, based on our DPIA and as
recorded in this Privacy Notice. All DuoTrainin co-workers are obliged to
follow our GDPR Awareness course.
Data breach
In case of a data breach, defined in the GDPR as ‘The destruction,
loss, alteration, unauthorised disclosure of, or access to people's data’,
DuoTrainin will report it within 72 hours after having found out about it to
the local country data regulator and to the people it impacts in case the
breach could have a detrimental impact on those who the data is about.
Children
DuoTrainin does not knowingly solicit personal information from
children or send them requests for personal information.
Data processors
Our data processors are:
●
For DuoTrainin: Digital Ocean,
1875 S Grant Street, Suite 530, San Mateo, CA 94402, USA. Data centre Frankfurt
https://www.digitalocean.com/
●
For
YourLearningOrganisation.com: WP Engine, Irongate House, 22-30 Duke's
Place
London, EC3A 7LP, United Kingdom. Tel: +44 (0) 20 3770 9704 https://wpengine.com
● For system email and email marketing purposes: SendGrid, 1801 California Street, 1801 California St, Denver, CO 80202, USA www.sendgrid.com
The personal data is stored either in Frankfurt, Germany by Digital Ocean (for DuoTrainin.com) or in London, United Kingdom by WP Engine (for YourLearningOrganisation.com). and SendGrid (for system email and email marketing purposes).
The personal data for DuoTrainin.com processed by DigitalOcean is
subject to the ‘Agreement on the
processing of personal data (Controller-Processor Agreement) complementing the
Terms of Service Agreement on cloud infrastructure services between DuoTesting
s.r.o. and DigitalOcean, LLC ("Main Contract")’ of March 6, 2017,
signed by DuoTrainin on January 15, 2018.
The personal data for YourLearningOrganisation.com is subject to WP
Engine’s privacy policy: https://wpengine.com/legal/privacy/ and
Acceptable Use Policy: https://wpengine.co.uk/legal/aup/
WP Engine provides safeguards under the Privacy Shield Framework:
‘We (and our subsidiary
companies WP Engine (UK) Limited and WP Engine Ireland Limited) participate in
and have certified our compliance with the EU – U.S. Privacy Shield Framework
and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all
personal data received from European Union (EU) member countries and
Switzerland, respectively, in reliance on each Privacy Shield Frameworks, to
the Framework’s applicable Principles. To learn more about the Privacy Shield
Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.’
On January 15, 2018, WP Engine have confirmed to us in writing that
they are ‘actively working on issues surrounding GDPR and how our business will
operate after the May deadline. We will, of course, be compliant with these
regulations by the time that deadline passes.’
The personal data for system email and email marketing purposes is subject to SendGrid’s privacy policy: https://sendgrid.com/policies/privacy/
On 23 February 2018, SendGrid have confirmed in writing:
SendGrid will be GDPR compliant by May, 25, 2018 [DT: this is the date the EU GDPR comes into effect]. Please note that SendGrid does not – and does not currently have plans to – use servers or data centers in the European Union to process email. Thus, SendGrid cannot restrict data to the EU. However, neither current EU law nor the GDPR require this. Instead, what is required is that SendGrid must provide "appropriate safeguards" for data that it hosts and processes on its US servers (see Art 46 of the GDPR here). SendGrid offers a Data Processing Addendum (DPA) to provide such adequate safeguards, which includes provisions for when GDPR goes into effect.’
On 26 February 2018 we have signed the aforementioned Data Processing Addendum (DPA) to ensure that adequate safeguards are applicable to the personal data processed by SendGrid on behalf of DuoTrainin.
2004 - 2024 © MyDuoTraining. ALL Rights Reserved.