Privacy Statement

Privacy Statement


What is GDPR?


As of the 25th of May 2018, the EU General Data Protection Regulation (GDPR) strengthens the rights of individuals regarding their personal data and seeks to unify local data protection laws across Europe. GDPR requires new or additional obligations on organizations in the EU processing personal data and organizations outside the EU processing personal data of EU residents.

What does GDPR mean to our partners and customers?

Whenever GDPR applies to our partners and customers, they must implement appropriate measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR requirements. These requirements relate to principles such as lawfulness, fairness and transparency, accuracy, purpose limitation, data minimisation, storage limitation, integrity and confidentiality. They also relate to fulfilling individuals’ rights with respect to their personal data. 

Our customers must furthermore ensure that the service providers they select to process personal data on their behalf guarantee their ability to implement appropriate measures so that the processing meets the GDPR requirements. 

 

What does GDPR mean to us in relation to our partners and customers?

The measures we foresee assist our partners and customers to meet the GDPR requirements when personal data, as part of business data, are processed through our services. Our GDPR assurances are summarized on this webpage. 

We are including this commitment into our agreement with our customers.

This assists our customers in demonstrating their compliance with GDPR.  

 

Our 5 GDPR assurances

We are conducting an extensive GDPR compliance program. Out team identifies our data processing activities, maintains our process register, performs data protection impact assessments, builds compliance documentation and is following up on compliance improvement actions. We are appointing a data protection officer where legally required. External experts audit and verify our GDPR compliance program. Out teams also ensures that staff members processing personal data are trained to comply with our data processing policies and bound to confidentiality. 

We process personal data contained in business data transmitted to us, only on behalf of our customers, to the extent necessary for our services and in accordance with our customers’ instructions. In legal terms, we are data processor and our customers are data controllers. After expiry of our services, we delete the personal data of the related customers from our systems, unless if otherwise required by law.

We select qualified subprocessors to support the delivery of our cloud services. We are responsible for them and have appropriate data processing arrangements in place with them. We make information available about our current subprocessors and notify relevant customers in case we change any such subprocessor. Before we transfer personal data for processing to any subprocessor outside the EU, we provide for GDPR-proof appropriate safeguards.

Through our information security program, we maintain appropriate technical and organizational security measures designed to protect the security and integrity of data. Our security measures are based on globally accepted standards. We audit our security measures. We notify our related customers in the unlikely event of a security breach on our systems of which we become aware.

Our services allow our customers to respond to legitimate requests from individuals, mainly to rectify, block or erase their personal data. If this is not possible, we will assist. When our customers perform security and data protection assessments, security incident notifications or reply to consultations of supervisory authorities that relate to our services, and think we can be of any help, we will assist where we can. We also assist partners and customers wanting to audit our compliance.  

PRIVACY POLICY

SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our site, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. When you browse our site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our site, new products and other updates.

SECTION 2 – CONSENT

How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

SECTION 3 – DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 – THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. Once you leave our site’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. Links When you click on links on our site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECURITY To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and sited with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

COOKIES

We use cookies, the most important of which are the forms authentication cookie (created when a user logs in) and the portalroles cookie, which stores what roles a user has access to in the current portal.

LOGIN AND SECURITY

The forms authentication cookie are by default temporary (session) cookies and not persistent cookies, however users can make them persistent by checking the "remember me" checkbox on the login control. This can be removed via the UI or a setting The portals role cookie is persistent but it only exists for 1 minute - and it's contents are encrypted as well as containing a portalid to make sure that they only apply for that portal. We use the expiry here as we want to be sure to refresh the users portal roles to pick up any alterations that may have occurred e.g. if an admin has added the user to new roles. Please note, that whilst session cookies are typically preferred as this cookie has a short expiration of 1 minute (to ensure role identification is valid), having it as a session cookie would have a longer lasting cookie (by default of 30 minutes since the last period of activity) so a persistant cookie is a better option in this case.

OTHER COOKIES

As well as these two, TheGateIndex.com can create a cookie to track affiliates (used to allow sites to track and reward vendor affiliates). Whilst this (little used) function cannot be disabled by a setting, sites that no not allow persistent cookies can safely remove this. Usersonline module creates cookies to track when an anonymous user logs in so that it does not miscount active users. A cookie is created called "language" to store the current language - in a monolingual install this is simply the browser default language, but if the site supports multiple languages then this may be different based on the language selected by clicking in the languages skin object. A cookie with the name ".ASPXANONYMOUS" is also created by asp.net anonymous authentication. If you are using the mobile redirection capabilities (added in 6.1.0 for PE/EE, and 6.1.5 for all editions), two optional cookies may be created. The cookies are called "disablemobileredirect" (which disables redirects when a mobile device is detected) and "disableredirectpresist" sic which stores a cookie with a lifetime of 20 minutes to indicate that redirects are not allowed. The DNNPersonalization cookie is used to store personalization data (such as tab expansion) for anonyous users. Authenticated users personalization data is stored in their profile. Two cookies in the form "_ContainerSrc" and "_SkinSrc" can be used to read and set the portal specific container and skin - these are both read only cookies. Two cookies are created StyleSheetWidget_SizeWidget which stores the width, and StyleSheetWidget_TextSizeWidget which stores the text size. Tabs controls create a cookie to store the last selected tab. This is read back when the page is revisited and the previously selected tab is then selected. Panels controls apply a similar logic to tab controls e.g. The software will create a cookie called "dnnSitePanel-SecuritySettings" and store the value "true". This is read back when the page is revisited and the previously expanded panel is correctly expanded.

SECTION 5 – AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 6 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.