Effective November 16th, 2021
This Policy applies to all Dathena entities that process Personal Data:
"Automated Decisions" are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Data Subject" means an individual for whom Dathena processes Personal Data.
"Employee" means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Dathena or any current or prospective subsidiary or affiliate of Dathena.
"European Economic Area ("EEA")" means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to Dathena from the EEA, Switzerland or the UK, and (iv) is recorded in any form.
"Processing" is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
"Supplier" means any supplier, vendor or other third party located in the USA and/or the EEA, Switzerland or the UK that provides services or products to Dathena.
This Policy is designed to provide compliance with all relevant applicable data protection laws in the EEA, and in particular the General Data Protection Regulation ("GDPR"). Dathena will handle Personal Data in accordance with local law at the place where the Personal Data is processed.
Dathena respects the privacy of Data Subjects and is committed to protecting Personal Data. Dathena will observe the following principles when processing Personal Data:
Data will be processed fairly and in accordance with applicable law.
Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
Data will be relevant to and not excessive for the purposes for which they are collected and used. For example, data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
Data Subjects in the EU may be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their Personal Data.
Data will be accurate and, where necessary, kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Data that is inaccurate or incomplete.
Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes are described in this Policy.
Data will be deleted or amended following a relevant request by the Data Subject, provided such request complies with applicable law.
Data will be processed in accordance with the Data Subject’s legal rights (as described in this Policy or as provided by law).
Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to data. In case of any such violation with respect to Personal Data, Dathena will take appropriate steps to end the violation and determine liabilities in accordance with applicable law and will cooperate with the competent authorities.
As part of the services Dathena provides, it may have incidental access to Personal Data.
With regard to Customer contact information, Dathena collects and processes the following categories of Personal Data:
First and last name,
Business email address, and
Business telephone number
Dathena does not need you to provide any Sensitive Personal Data on its Site and instructs its customers to avoid submitting any Sensitive Personal Data to Dathena on its Site. Sensitive Personal data can be identified and never stored by the Product while providing services according to agreements.
Dathena obtains Personal Data through various sources:
As submitted by the customer through the services;
Collected from publicly available databases;
The use of third party vendors who compile databases for Dathena’s use (Dathena requires assurances from the third party vendor that the information was collected, processed, and transferred in compliance with applicable data protection laws and that Dathena is permitted to make further use of the information);
While processing the data you give us access to provide our Product and services. Personal data that are obtained in this sense may be processed for the purpose of identifying sensitive files, classifying files, performing the most accurate risk assessment and displaying relevant dashboards for your usage. Personal data obtained in this context are never stored on any of Dathena servers.
Wherever your Personal Information is held by Dathena or on its behalf, we will take reasonable and appropriate steps to protect it from unauthorized access or disclosure.
Dathena processes Personal Data for legitimate purposes related mostly to direct marketing in a business-to-business context. Dathena does not process this data for purposes of marketing to individual consumers.
In addition, Dathena may process Personal Data for business operational purposes. The foregoing limited purposes will be taken into consideration before any type of processing of Personal Data occurs.
For customer/supplier-specific Personal Data, the purposes of processing may include:
We may process your account data ("account data"). The account data may include your name, email address and organization name. The account data may be processed for the purposes providing our services, ensuring the security of our services, maintaining back-ups of our databases, and communicating with you. The account data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is the performance of a contract between you and us as described in the terms of service.
We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process information that you provide to us for the purpose of subscribing to our email notifications ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications related to the product. The legal basis for this processing is the performance of a contract between you and us.
We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. In case you contact us through our website, it will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
We may process personal data contained within your file. This data may include all personal data you store as an organization on your Microsoft tenant and you grant access to us through Microsoft Azure App registration ("organization data"). This data may be processed for the purpose of identifying sensitive files, classifying files and providing services offered by our Product. The data processed is never stored on our servers. The legal basis for this processing is the performance of a contract between you and us.
We may process any of your personal data identified in this notice where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out in this Section IV, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person's personal data to us, unless we prompt you to do so.
In the event of a change of the foregoing, Dathena will inform affected Data Subjects of new processes or applications, new purposes for which the Personal Data are to be used, and the categories of recipients of the Personal Data.
Dathena is committed to implementing and maintaining appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by Dathena and may request deletion or amendments. Data Subjects may contact Dathena at firstname.lastname@example.org to review, update, and revise their Personal Data.
If access is denied, the Data Subject has the right to be informed about the reasons for denial. The person affected may contact any competent regulatory body or authority to resolve the issue. Dathena will handle in a transparent and timely manner any type of complaint resolution or inquiry about Personal Data.
If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. If the Data Subject demonstrates that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless applicable laws require otherwise.
In connection with the activities described under Section VII, Dathena may transmit Personal Data outside the EEA and more specifically to: (i) Dathena’s corporate headquarters in Singapore ; or (ii) its other offices in the US. Moreover, Personal Data might be sent to the following third parties in or outside the EEA:
Selected Third Parties: Dathena may disclose or share Personal Data of customers or prospective customers with suppliers, or other third party vendors.
Other Third Parties: Dathena may be required to disclose certain Personal Data to other third parties: (i) As a matter of law (e.g. to tax authorities); (ii) to protect Dathena’s legal rights; (iii) to Law Enforcement Authorities in compliance with applicable laws.
Dathena will ensure that this Policy is observed and duly implemented. All Dathena Employees who have access to Personal Data must comply with this Policy.
If at any time, a person believes that Personal Data relating to him or her has been Processed in violation of this Policy, he or she should report the concern to Dathena. In addition, Dathena is happy to answer any questions related to its Processing of Personal Data.