change privacy settings & review our policy
Policy Revised: 22 May 2022
Page Edited: 20 February 2023
Your Privacy Is Important to Us
Personal Information We Collect About You
Personal Information is information that can be used to identify you (whether alone or in combination with other information). Personal Information we may collect about you includes:
- First and Last Name
- Title, Job Role and Company Information
- Email Address
- Business Contact Information
- Postal Addresses
- Telephone and Fax Number(s)
- Education Information
- Date of Birth
- Transactional and Payment Information (including credit and debit card information)
- Unique Personal Identifier or Customer Number
- Online Profile Information including Username and Password, Online Moniker or Alias
- Social Media and Third-Party Login Information (including first name, last name, and profile photos for all social media or third-party logins)
- Demographic information, such as, your country, and preferred language
- CCTV and other Images and/or Photographs, if you visit or work from our offices or attend an event that we sponsor or organize
- Unique Identifiers (such as a universally unique identifier (“UUID”) that remains on your device persistently to help you log in faster and enhance site navigation)
- Log file Information (such as your IP address, browser type, access times, domain names, operating system, referring web page(s), pages visited, geographic location, your mobile carrier, device information (including device and application IDs, and screen size), search terms, and cookie information)
- Information from Cookies, Web Beacons, HTTP Referrers, Website Analytics Information and Other Tracking Technologies (IP address, location, age, gender, pages you view on our website, duration of your visit, pages you view immediately before and after you access our website, search terms you enter on our website, and information about your browser type, language and operating system
- Additional Personal Information that may be collected from public sources, such as information: (1) originally available to the public and typically available over the Internet; or (2) that Empowered Systems has a reasonable basis to believe is lawfully made available to the general public by or from: (i) the data subject, consumer or individual to whom the Personal Information relates, (ii) widely distributed media, or (iii) from a person to whom the data subject has disclosed the Personal Information (provided that Empowered Systems does not have knowledge that the data subject has restricted the information to a specific audience)
How We Collect Your Personal Information
The Company may collect your Personal Information through various means, including when you directly provide information to us and when we automatically collect information about you through your use of the Sites and Services. In some instances, you may be able to choose what information to provide, but sometimes we require certain information from you to use certain features of the Services.
Information you provide to us
We may collect Personal information you provide directly to us, including:
- When you, or someone on your behalf, provides information to us to:
- Purchase, or inquire about, our Services
- Register or maintain an account with us
- Post comments to our online communities
- Apply for employment with us
- Obtain technical support
- Participate in a survey, marketing promotion, sweepstakes or contest
- Connect with us via social media, or respond to one of our usage requests
- Through business partners, resellers and suppliers
- Our mail, email, text, phone, and fax communications with you.
Information We Collect Automatically
In addition to information you provide to us, the Company and our agents, vendors, and consultants (collectively “Service Providers”), as well as other third parties, may collect information automatically about our Sites and Services and how you use them. Examples of the types of Personal Information that may be collected automatically when you use our Sites include:
- IP address
- Browser type and language, operating system, access time, duration of visit, and referring website address
- The pages you view within our websites and other actions you take while visiting us
- The pages you view immediately before and after you access our Sites
- Information related to whether you’ve opened an email or clicked on a link contained in an email we sent to you
- Information from a referring source (an advertising site, a blog, a social media site, etc.)
- Information from surveys and promotions
- Information from content you post or share publicly on discussion forums or other social media pages (including the content you post, your name, and a link to your profile) may be shared across our Sites and in other public or private areas of the Internet
Cookies and Tracking Technologies
If you would like to opt-out of cookies, visit www.aboutcookies.org or www.allaboutcookies.org for further information. These sites also provide details on how to set your browser not to accept cookies and how to remove cookies from your browser. In a few cases, some of the features of our Sites may not function if you remove or delete Cookies.
Google Tag Manager and AdWords
How We Share Your Personal Information
We may share your Personal Information as follows:
- To onboard and manage relationships with, clients/customers, business partners, resellers, and professional advisors;
- With our Service Providers in connection with their delivery of services to the Company (our Service Providers are prohibited from using your Personal Information for any purpose other than the delivery of services to us; however, we may permit our Service Providers to use aggregated or de-identified information that does not personally identify you or any other user of the Services);
- As necessary, for the following purposes: (a) to comply with any legal process; (b) to respond to requests from public and government authorities; (c) to enforce our terms and conditions; (d) to protect our operations and protect our rights, privacy, safety or property, and/or that of you or others; and (e) to allow us to pursue available remedies or limit the damages that we may sustain;
- With our resellers and suppliers for business purposes. For example, we may share your Personal Information to process your orders for Services, fulfill your requests, provide customer service, and improve our Sites and Services;
- To our insurers and professional advisers for the purposes of managing risks, obtaining professional advice, exercising or defending against legal claims, etc.;
- To third parties in connection with or during negotiations of any reorganization, acquisition, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
- With third parties for co-marketing purposes, to improve our Services recommendations and our Services, or to provide you with other Services;
- With other sites, including social media platforms and advertising partners (such as Google and Facebook), for the purpose of ad targeting, remarketing, and customized advertising content; and
- We also provide an online chat service for our customers. If you use this chat service, the content of the chat messages as well as your email address and other Personal Information you provide via the chat feature may be shared with our Service Providers.
Sharing Information With Social Media Sites
If you do not agree to all of these terms related to our information sharing through social media, please do not submit User Content to us or reply to our usage requests. If you do not want a social media platform to share information about you, you must contact the social media provider and determine whether it gives you the opportunity to opt-out of sharing such information.
We reserve the right to select what content appears on our social media accounts and Sites and may choose not to display your content even if you express an opinion about our Services, use our hashtags, or affirmatively consent to a usage request. We reserve the right to remove content from our Sites and social media accounts at our sole discretion.
Public Forums, Community and Reviews
We offer various communities and forums across our Sites, as well as the ability to provide reviews of our Services. We offer several features that allow users to connect and communicate in public or semi-public spaces as part of our Sites. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these communities or sharing your Personal Information with others.
Please be aware that any Personal Information you choose to submit in any communities, forums, or reviews can be read, collected, or used by others, or could be used to send unsolicited messages to you. We may engage our Service Providers to assist in providing community services to you. Empowered Systems generally does not control or remove user content from public forums or communities on our Sites (though we reserve the right to do so in our sole discretion at any time without notice). Your posts may remain public if you subsequently close your account(s) with us
Despite our safety and privacy controls, we cannot guarantee that you will not encounter inappropriate or illegal conduct from other users when using public forums on our Sites. You can help us to make our Sites (including public forums) welcoming for all users by reporting any offensive or unwelcome conduct to us.
Our Services Are Not Intended for Children
Our Sites and Services are not intended for children nor targeted to children under the age of sixteen (16). We do not knowingly collect Personal Information from children under the age of 16. If we learn that we possess information from a child under the age of 16, we will delete such information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws. If you are a parent or guardian and you believe that your child under the age of 16 has provided us with Personal Information without your consent, please contact us at email@example.com.
Third Party Links
We are not responsible for the privacy and security practices of other websites or social media platforms or the Personal Information they collect. Please refer to the applicable third parties’ privacy policies to understand their privacy practices and your rights.
Do Not Track
We do not currently have the technology to automatically respond to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. If you are a California resident who wishes to delete your Personal Information, please see the instructions for submitting such requests, below.
Third-parties, such as Google Analytics, may collect data that relates to you on our websites, across time, and over other websites. Third-parties’ responsiveness to do-not-track signals is governed by their privacy policies. You also may limit certain tracking by disabling cookies in your web browser. For more information on Do Not Track, please visit https://allaboutdnt.com.
We have implemented appropriate and reasonable physical, technical, and administrative safeguards to help prevent unauthorized access to, use of, and disclosure of, your Personal Information. However, there is no perfect security. We cannot ensure or warrant the security of any Personal Information collected by our Sites and Services. We accept no liability for any unintentional disclosure of your Personal Information. You are responsible for maintaining the secrecy of any credentials used to access your account with us and you should report suspected unauthorized activity to us immediately.
Empowered Systems specifically reserves the right to terminate your access to our Sites and Services and any contract you have with us in the event we learn or suspect you have disclosed your account or password information to an unauthorized third party.
We deliver marketing and event communications to you across various platforms such as email, telephone, text messaging, direct mail and online. Where required by law, we will ask you to explicitly opt-in to receive marketing communications from us. If we send you a marketing communication, it will include instructions on how to opt-out of receiving these communications in the future.
We also may engage in marketing and advertising activities through chat or messenger functionality available through our Sites. We use email tracking technology including, without limitation, dynamic links and image files, when we send you marketing communications to review your engagement and the effectiveness and relevance of the communications.
We use tools and technologies to distinguish known and unknown users of our Sites and to record, review, track and analyze engagement and use of our Sites (e.g., recording or tracking hovers, clicks, key word searches, Personal Information entered into forms, etc.).
We may also engage in marketing activities on third-party platforms, including, without limitation, social media platforms. However, such activities are subject to the privacy statements and terms and conditions applicable to such third-party platforms.
Honoring your marketing preferences is important to us. You have the right to opt-out of receiving direct marketing and targeted online advertising as detailed below.
You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or (if you have an account with us) by logging into your account and changing your preferences, or by sending us a request to unsubscribe at firstname.lastname@example.org. If you opt-out of receiving marketing email communications, we may still send you email messages related to your account with us, including specific transactions or our Services. Unsubscribing yourself from our marketing communications will not affect our service to you.
Text Messages and Alerts – Opting-in and Out
You have the choice to opt-in to receiving text messages and alerts on the mobile phone number(s) you have shared with us. Once you have opted-in, we may send you text messages (i) regarding your account; (ii) to investigate or prevent fraud; and (iii) to alert you in the event of an emergency. We may send you text messages and alerts using autodialed technology. We will not contact you via text messages or alerts for marketing purposes without your prior, express, written consent. You do not have to opt-in to text messages and alerts to use and enjoy our Sites and Services. If you opt-in, standard text messaging charges may apply. For more information regarding our text messaging and alerts, please contact us at 1-800-xxx-xxxx or email@example.com.
You may choose to opt-out from our text messages and alerts at any time using any reasonable means. To opt-out, send us a text message from your mobile phone with the word STOP, STOP ALL, END, QUIT, CANCEL or UNSUBSCRIBE, and we will unsubscribe you from text communications. Once you opt-out, you will not receive any additional text messages via your mobile phone. Please keep in mind that if you opt-out of receiving text messages and alerts we may not be able to contact you with important messages regarding your account. However, if there is an emergency or account question, we will make every attempt to contact you in other ways, such as by email or on a landline phone.
Interest-based advertising (“IBA”) allows us to deliver targeted advertising to users of our Sites and Services. IBA works by showing you advertisements, or sending you marketing emails, that are based on the type of content you access or read. For example, as you browse our Sites, one of the cookies placed on your device will be an advertising cookie so we can better understand what sort of pages or content you are interested in. The information collected about your device enables us to group you with other devices that have shown similar interests. We can then display advertising to categories of users that is based on common interests. For more information about IBA, you can visit the Internet Advertising Bureau at www.iab.com.
If you want to opt-out of receiving interest-based advertising, it does not mean that you will no longer receive advertising when you are using our Sites. It just means that we will not use your Personal Information for IBA and that any advertising you see will not be customized to you. You can exercise your online advertising choices by clicking the AdChoices icon in an ad and following the instructions. You may also opt-out of receiving interest-based ads from many sites through the Network Advertising Initiative’s (NAI) Opt-Out Tool and in the EU. If you delete cookies, use a different device, or change web browsers, you may need to opt-out again.
Advertising on mobile devices
Mobile devices have an identifier that gives companies the ability to serve targeted ads to a specific mobile device. In many cases, you can turn off mobile device ad tracking or you can reset the advertising identifier at any time within your mobile device privacy settings. Another tool you can use to control advertising on your mobile device is the AppChoices App. You may also choose to turn off location tracking on your mobile device. If you turn off ad tracking or location tracking, we will no longer use information collected from your device’s advertising identifier for the purposes of advertising. You may still see the same number of ads but they may be less relevant because they will not be based on your interests. Where we need your consent to gather information about your location, we will obtain this from you.
Additional Information for the United Kingdom and EU/EEA
The following describes the categories of Personal Information that we may collect about data subjects in the United Kingdom, the EU and the EEA, the purposes for which we may process the Personal Information, and the legal bases for such proces
- We may process Personal Information relating to transactions, including your purchases of Services that you enter into with us either as an individual or on behalf of your employer (“Transaction Information”). Transaction Information may include your contact details (such as company, name, email address and/or phone number), and the transaction details. Transaction Information may be processed for the purpose of supplying services and keeping proper records of transactions. The legal basis for processing Transaction Information is the performance of a contract between you and the Company and/or taking steps, at your request, to enter into a contract.
- We may process Personal Information related to an account you maintain with us Companies either as an individual or on behalf of your employer (“Account Information”). Account Information may include your name, title, email address and postal address. The legal basis for processing Account Information is the performance of a contract between you and Empowered Systems and/or taking steps, at your request, to enter into a contract and/or our legitimate interests in the proper administration of our Services and business.
- We may process Personal Information contained in any inquiry you submit to us regarding goods and services (“Inquiry Information”). The legal basis for processing Inquiry Information is the performance of a contract between you as an individual or on behalf of your employer and the Company, and/or taking steps, at your request, to enter into such a contract and/or our legitimate interests in responding to inquiries regarding our products and Services.
- We may process Personal Information related to your use of our Sites and Services (“Usage Information”). Usage Information may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of our Sites and Services. The source of the Usage Information may be cookies, analytics services, tracking technologies or other methods. Usage Information may be processed for the purposes of analyzing your use of our Sites and Services. The legal basis for processing Usage Information is our legitimate interest in the proper administration of our Sites and Services, including monitoring and improving our Services.
- We may process Personal Information about you to provide appropriate safeguards for your Personal Information, our Sites and Services and our IT systems. The legal basis for this processing is our legitimate interests in the safety, security and administration of our Sites, Services and IT systems.
- We may process Personal information that you provide to us when you subscribe to our email marketing communications, newsletters and communications to keep you up-to-date on the Company’s events and news (“Notification Information”). The legal basis for processing Notification Information is your consent if required. If you are an existing customer, the legal basis for this processing is our legitimate interests in providing you with information on our products and services.
- We may process Personal Information contained in or relating to any communication that you send to us (“Correspondence Information”). Our Sites and Services use different forms for account or event registration, feedback, notifications, data subject/consumer requests and authentication. Each form may require different Personal Information about you such as your name, title, company, address, or email address. For example, if we need to mail information to you, we will ask for your name, company, and address. If you ask us to notify you of changes to our Services, we may ask only for your email address. We also may use your IP address to help diagnose problems with our servers and to administer our Sites and Services as well as for other reasons such as website monitoring, improvement, preference settings, etc. Correspondence Information may be processed for the purposes of communicating with you and recordkeeping. The legal basis for processing Correspondence Information is our legitimate interests in the proper administration of our Sites and Services and business communications with you.
- We may process your Personal Information where necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, an investigation, or other legal matters such as an acquisition, divestiture or merger. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. We may process your Personal Information where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
- We may process the Personal Information included in your profile on our Sites or other social media sites (“Profile Information”). This Profile Information may include your name, address, telephone number, business or personal email address, and social network information. The legal basis for this processing is our legitimate interests, namely the performance of a contract between you or your employer and the Companies and/or taking steps, at your request, to enter into such a contract and for marketing purposes.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision-making and profiling
You can inquire about your Personal Information and how we process it, submit a data subject request and/or obtain further information on the above data subject rights by:
- Submitted a request at www.empoweredsystems.com/contact-us.
- Emailing us at firstname.lastname@example.org with “Privacy – Data Subject Request” in the subject line
- Sending a request to: Empowered Systems
3209 W Smith Valley Road,
Suite 223, Greenwood, IN 46142
Attention: Privacy – Data Subject Privacy Request
International Data Transfers
Empowered Systems is a global business based in the United States. We have offices and facilities in the United States, and we transact business in Canada, the United Kingdom, the EU, Asia (including Australia and India), as well as other jurisdictions throughout the world.
We may transfer your Personal Information to recipients in countries whose laws may not provide the same level of data protection as your country. When we do so, we will ensure that there are adequate safeguards in place, such as contractual safeguards, to protect your Personal Information and to comply with our legal obligations.
South Africa - Access to Information
Empowered Systems has established processes and procedures to allow appropriate data subjects to exercise their rights under South Africa’s Protection of Personal Information Act. If you wish to exercise your rights, please email PAIAComplaints@inforegulator.org.za.
Brazil Privacy Rights
For information and disclosures applicable to data subjects covered under the Lei Geral de Proteção de Dados, please visit www.gov.br/mec/pt-br/acesso-a-informacao/lgpd.
Your California Privacy Rights
If you are a resident of California, your right to submit certain requests relating to your Personal Information is described below. Please note that when submitting a request, you will be asked to provide information to verify your identity before action is taken. You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below.
Right to Opt-Out of the Sale of Your Personal Information
California residents have the right to opt-out of the sale of their Personal Information. To exercise this right, please submit a request through our Do Not Sell My Personal Information form found on our home page or email us at email@example.com.
You can opt-out of the sale of your Personal Information by using the Global Privacy Control (“GPC”) signal. The GPC is a browser and plug-in setting that tells websites not to sell your Personal Information. For more information regarding the GPC visit https://globalprivacycontrol.org.
Right to Request More Information
If you are a California resident, you have the right to request more information regarding the following, to the extent applicable:
- The categories of Personal Information we have collected about you
- The categories of sources from which we have collected your Personal Information
- The business or commercial purpose why we collected or, if applicable, sold your Personal Information
- The categories of third parties with whom we shared your Personal Information
- The specific pieces of Personal Information we have collected about you
- The categories of Personal Information that we have shared with third parties about you for a business purpose
- The categories of Personal Information that we sold about you and the categories of third parties who received your Personal Information in the sale
- A list of all third parties to whom we have disclosed Personal Information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes
You may submit a request for the information above by emailing us at firstname.lastname@example.org, or submitting a request at www.empoweredsystems.com/contact-us. Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can and no later than legally required.
Right to Request Deletion of Your Personal Information
California residents also have the right to request that we delete your Personal Information collected or maintained by us. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records, and we will direct any service providers (such as Google Analytics) that may have collected Personal Information about you to delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct service providers to do so also. For example, if we need to: (1) retain your Personal Information to complete a transaction or provide Services to you; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; (5) comply with legal obligations, etc. You may submit a request to delete your Personal Information by emailing us at email@example.com, or submitting a request at www.empoweredsystems.com/contact-us. In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
Verification of Requests for Further Information or to Delete Personal Information
Upon submission of a request for information or a request to delete Personal Information, we will take reasonable steps to confirm that the person submitting the request to know or request to delete is the person to whom the Personal Information relates, and to prevent unauthorized access or deletion of Personal Information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the trustworthiness of Personal Information provided to verify your identity, the nature of our business relationship with you, and available technology for verification.
We will generally try to avoid requesting additional Personal Information from you for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional Personal Information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law.
The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
- Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of Personal Information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of Personal Information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to delete Personal Information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
- Verification by Authorized Agent. You may designate an authorized agent to make the requests above on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described above.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete Personal Information, including an explanation of why we have no reasonable method to verify your identity.
Right to Non-Discrimination for the Exercise of Your Privacy Rights
If you choose to exercise any of the privacy rights conferred by the California Consumer Privacy Act of 2018, you also have the right not to receive discriminatory treatment by us. This means that, consistent with California law, we will not deny providing our services to you, charge you different prices or provide a different level or quality of services to you unless those differences are related to the value of your Personal Information.
How To Contact Us
If you have any comments or questions about how we collect and use your Personal Information, communications can be submitted via email to firstname.lastname@example.org, or to our postal address:
3209 W Smith Valley Road,
Suite 223, Greenwood, IN 46142
Empowered Systems (ES) is a processor*1 in respect of the following data processing:
Please see table below. These Services are provided in accordance with the terms set out in the Current Agreement. In each case Client will inform data subjects in scope of its access to ES services in line with SCC requirements. The nature, purpose and duration of processing is for the provision and Client receipt of those services/products as set out in its Current Agreement.
For information about ES sub-processors, please see the Hosting Brochure.
- Services: This is the data processing in scope is that agreed in the Client Current Agreement including processing of Client Personal Data where Client receives any of the Services in the table
Service/Product (Purpose of the data transfer and further processing) is in performing the Service identified below:
Nature of the processing (Product Description)
Subject Matter of Processing
Categories of Personal Data transferred and Processed by ES as a Processor
Sensitive data transferred (if applicable)3
Categories of Data Subjects whose personal data is transferred
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
For transfers to (sub) processors, also specify subject matter, nature and duration of the processing
Connected Risk – Audit Management
Processor of input Client Personal Data (other than user log ins).
Processing for service purposes as set out in each Client’s Current Agreement.
Names, telephone numbers, email addresses and any other data input by users.
For Client in each case to determine the input Client Data. The Service does not need (and is not designed to require) Sensitive data. We strongly recommend this is not input. If it is, for Client to provide SCC
People identified or identifiable in client’s user input data (e.g. your employees and contractors).
Continuous basis, as triggered by Client in use of the Services.
For so long as the Services are provided, and in line with Client set Service functionality, and then for that period of time thereafter as specified in the current agreement
No transfers outside of the use of Microsoft Azure infrastructure for the hosting environment
* 1 – For simplicity, the table refers to ES’s primary data processing role in respect of Client Personal Data processing the in provision of each service/product that Client takes pursuant to the Current Agreement. All processing shall be as set out in each Client’s Current Agreement. Note that ES will always be controller of the content data it provides in provision of its services, controller of user login information (including email addresses and passwords), system and management information (including usage logs) and service logs, and controller of personal data received into the ES support portal. This is the case for all services taken under the Current Agreement, unless identified otherwise in product information.
2 -This table assumes that your services/products are provided in the ES hosted environment. If you take an on-premises installed version of a product that ES does not provide technical support involving personal data access, ES is neither a controller nor processor of that data as we do not access or handle any personal data in connection with that installed version.
3- Where sensitive data is identified applicable in the above table, the applied restrictions or safeguards shall be set out in this document that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.