DATA PRIVACY NOTICE
We, at Perpetual, believe that protecting the security and privacy of your personal data is important. This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law.
1. Processing of personal data related to your use of our websites, applications and
services
Categories of personal data processed, and purpose of the processing:
When visiting our website, using our Contact Us form, downloading whitepapers, or using our diagnostic or coaching features (each an “Offering”), we may process the following categories of personal data:
- Your contact information, such as full name, address, email address, and phone number
- Organizational information, including job position, LinkedIn URL, and company name
- Information submitted as part of a “talk to us” form, survey, comment, or forum post
- Further personal data that we may collect by viewing your LinkedIn profile
- Information on your interaction with the Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.
We process your personal data for the following purposes:
- To provide the services and functions (including our Offerings) which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our services and functions (including our Offerings)
- To bill for services
- To verify your identity
- To answer and fulfill your requests or instructions
- To process your order or to provide you with access to specific information or offers
- To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 4
- As reasonably necessary to enforce the Perpetual services terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.
2. Processing of personal data related to LinkedIn ad campaigns Categories of personal data processed, and purpose of the processing
When conducting our periodic LinkedIn ad campaigns, we may process the following categories of personal data:
- Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address
- Organizational information, including job position and company name
- Compensation information, such as data necessary to understand your compensation requirements
- Further personal data that you post on LinkedIn to understand your desired career path and related information.
We process your personal data for the following purposes:
- Communicating with you about our products, services and projects
- Planning, performing and managing the (contractual) relationship with customers
- Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
3. Processing of personal data related to your business relationship with us
Categories of personal data processed, and purpose of the processing
In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) clients, suppliers, vendors and partners (each a “Business Partner”):
- Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address
- Organizational information, including job position and company name
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information
- Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to payments made, requests, and project milestones
- Personal data collected from publicly available resources (including business and employment oriented social networks and websites), integrity data bases and credit agencies
- Information that are legally required for Business Partner compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.
We may process the personal data for the following purposes:
- Communicating with Business Partners about our products, services and projects
- Planning, performing and managing the (contractual) relationship with Business Partners
- To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you
- Administrating and performing market analysis or other customer activities or events
- Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
4. Processing of personal data for direct marketing
Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to Info@beperpetual.com or by using the unsubscribe link provided on our website.
5. Processing of personal data related to your job application
When you apply for a job, we process your personal data or of the respective other recruiting platform you may use.
6. Transfer and disclosure of personal data
We only transfer your personal data as described below:
- Affiliated Companies and sales partners: For the purpose of and to the extent necessary to conduct our business relationship with you, we may share your personal data with affiliates and other third parties (e.g., sales partners and agents).
- Transactions on our cloud systems: Via our cloud CRM, customers’ personal data related to those transactions which are required for potential or active business relationship.
7. Retention periods
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).
8. Your rights
The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.
In particular, and subject to the legal requirements, you may be entitled to
- Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data
- Obtain from us the correction of inaccurate personal data concerning you
- Obtain from us the erasure of your personal data;Obtain from us restriction of processing regarding your personal data
- Data portability concerning personal data, which you actively provided;
- Object, on grounds relating to your particular situation, to further processing of personal data concerning you
- Withdraw your consent to our processing of your personal data.
9. Security
To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.
10. Data privacy contact
Our Data Privacy Officer and CISO provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Officer may be contacted at: msardari@cybersecop.com or Info@beperpetual.com.
The Data Privacy Officer will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Officer, you always have the right to approach the competent data protection authority with your request or complaint.
11. Processing under the EU’s General Data Protection Regulation
This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.
11. Data Controller
Services and other Offerings
The specific company identified in the services and Offering as being the operator of the Offering is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.
Business Partner personal data in Customer Relationship Management Systems
In the course of our business relationship with you, we may share information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).
To exercise your rights, you may reach out to: Info@beperpetual.com.
13. Legal basis of the processing
The General Data Protection Regulation requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing data about you is that such processing is necessary for the purposes of
- exercising our rights and performing our obligations under any contract we make with you (Article 6 (1)(b) General Data Protection Regulation) (“Contract Performance”)
- Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation) (“Compliance with Legal Obligations”) and/or
- Legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity
If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Officer at: msardari@cybersecurity.com or Info@beperpetual.com.
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation) (“Consent”).
Purpose | Legal Basis |
Processing of personal data in the context of Offerings | |
To provide the Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Offerings, | Contract Performance (Article 6 (1) (b) General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) GDPR) |
To bill your use of the Offering | Contract Performance (Article 6 (1) (b) General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) GDPR |
To verify your identity | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
To answer and fulfill your requests or instructions | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
To process your order or to provide you with access to specific information or offers | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4 | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
As reasonably necessary to enforce the Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems | Compliance with Legal Obligations (Article 6 (1) (c) GDPR Legitimate Interest (Article 6 (1) (f) GDPR) |
Processing of personal data related to your use of marketplaces and/or business relationship with us | |
Communicating about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services; | Contract Performance (Article 6 (1) (b) GDPR) Compliance with Legal Obligations (Article 6 (1) (c) GDPR) |
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you | Legitimate Interest (Article 6 (1) (f) GDPR) |
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
Purpose | Legal Basis |
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4; | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; | Legitimate Interest (Article 6 (1) (f) GDPR) |
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent whitecollar or money laundering crimes), and our policies or industry standards; and | Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. | Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
Processing of personal data for customer satisfaction surveys and for direct marketing | |
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
14. International data transfers
If we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation. Therefore, and if required by applicable law, we take the following measures:
- We share your personal data with affiliated companies outside the European Economic Area only if they have implemented Binding Corporate Rules („BCR“) for the protection of personal data.
- We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us, or (ii) implemented Binding Corporate Rules in its organization.
You may request further information about the safeguards implemented in relation to specific transfers by contacting Info@beperpetual.com.
15. Your competent data protection authority
In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy and CISO at msardari@cybersecop.com. Besides contacting the Data Privacy Officer, you always have the right to approach the competent data protection authority with your request or complaint.
16. Further information for US residents
If you are a U.S. resident, then please take note of the following:
Do Not Track
Currently our Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.
Usage by Children
This Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
State Rights
Depending on the US state in which you reside, you may have special rights with respect to your personal data.