Adaptive BBS™ and related services
Last modified August 17, 2018
Our Privacy Commitment
Who we are
DEKRA collectively refers to Regulatory Consultants, Inc., and its North American affiliates including DEKRA North America, Inc., Behavioral Science Technology, Inc., Chilworth Technology, Inc., and Safety Consulting Engineers, Inc.
DEKRA may process data as both a controller and a processor.
To ask questions or comment about our privacy practices, please contact us at email@example.com or by mail at:
- Regulatory Consultants, Inc.
- 140 West 8th Street
- Horton, KS 66439
- Phone: 785-486-2882
- Toll-free: 800-888-9596
- Fax: 785-486-3778
What We Collect
Privacy Notice for California Residents
Effective date: January 21, 2020 Last modified: January 21, 2020
This Privacy Notice for California Residents supplements the information contained in DEKRA’s Privacy Notice and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice.
This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (”B2B personal information”) from some OF its requirements.
Information You or Your Employer Provide to Us
The System may collect several types of information by which you may be personally identified (“Personal Information”), including:
- Your first and last name, date of birth, gender, job title, site location, shift, signature or e-mail address, home address;
- Your emergency contact’s first and last name, home address, phone number, and email;
- Information in graphic form, such as videos or pictures;
- Information related to safety observations, exposures, activities and/or incidents in your workplace; and
- Information about your location.
We may also collect information from you outside of the System, for example, when you request technical support regarding the System.
There are certain types of Personal Information which we will never ask you to provide (or ask someone else to provide about you), such as your social security number, credit card number, health information, or biometric data.
You are under no obligation to provide any Personal Information to us. However, if you choose to withhold specific information, we may be unable to provide your employer with certain services.
Usage Details and IP Addresses.
The System itself may collect your usage details (i.e. information about your equipment, browsing actions and usage patterns) or IP addresses.
We may create “Anonymous Information” – information derived from Personal Information by excluding your contact information or any other Personal Information that could link the Anonymous Information back to you.
How We Collect It
DEKRA collects your information:
- Directly from you when you provide it to us through the System or to our representatives through other mediums such as email, letters, or phone calls;
- From our clients (i.e. your employer);
- From other System users; and
- From affiliates and subsidiaries of our parent company, DEKRA SE.
In addition, information about your computer hardware and software is automatically collected the System. This information can include: your IP address, browser type, domain names, access times, and referring website addresses.
The DEKRA website uses "cookies" to provide functionality and to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. All cookies created by the DEKRA Safety Management System are secure. The purpose of a cookie is to tell the Web server that you have returned to a specific page so that information you previously provided can be retrieved, and your customized feature are retained. For example, if you personalize grid or filter settings on a report, or provided your billing or shipping address, a cookie helps DEKRA to recall your specific information on subsequent visits. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not have access to the full functionality of our services or website.
How We Use It
We may use your Personal Information:
- To allow you to utilize the System, including administering your account and identifying you upon sign-in;
- To improve your experience with the System;
- To verify accounts and activity and to monitor suspicious or fraudulent activity;
- To provide services for the benefit of our client (i.e. your employer);
- To contact you about our services and the services of our family of affiliated companies, unless you opt-out;
- To carry out our obligations and enforce our rights according to any contract we may have with your employer;
- In any other way we may describe when you provide the information; or
- For any other purpose with your consent.
We do not conduct automatic profiling.
Legal Basis for Processing
We will not collect and process information about you unless we have a legal basis for doing so. The legal bases depend on the DEKRA services you use and how you use them. This means we collect and use your information only where:
- It is required to provide you or your employer with our services. This use includes the information we require to operate our services, provide customer support, personalize features and functionalities of our services, and to protect the safety and security of the services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, or to protect our own legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time. However, this change will not affect any processing that has already occurred. Where your information is being used because we or your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. If your account is managed or administered by your employer, your employer may require use of our services as a condition of employment. We are not responsible for the policies of your employer.
How We Share It
We will disclose your Personal Information only as follows:
- To our parent, subsidiary and affiliate companies, including those located in other countries;
- To your employer or companies with which your employer contracts;
- To other users within your employer’s organization;
- To comply with any court order, law or legal process, including to respond to any government or regulatory request;
- If we believe disclosure is necessary or appropriate to protect or defend the rights, property, or safety of DEKRA, our customers or others;
- For any other purpose disclosed by us when you provide the information; or
- For any other purpose with your consent.
Third party controllers and processors
We do not share your Personal Information with third party controllers or processors.
Managed accounts and administrators
For many of our users, control of their accounts and use of our services are managed through their employer. If you register or access our services using an email provided to you by your employer, certain information about you (including your name, contact info, and past use of your account) may become accessible to your employer’s administrator and other users sharing the same domain. If you are an administrator for an organization, we may share your contact information with current or past service users in order to facilitate service-related requests.
In the event that we undergo re-organization or are sold to a third party, any Personal Information we hold about you may be transferred to that re-organized entity or third party in accordance with applicable law. You acknowledge that such acquisitions may occur and that any acquirer of a DEKRA entity or its assets may continue to use your Personal Information as set forth in this policy.
Except as described in this policy, we will not sell, rent, or make available your Personal Information to third parties without your permission. Our employees and contractors who provide Services are obliged to respect the confidentiality of any Personal Information held by us and are only authorized to use your Personal Information for the purpose of providing Services.
Subject to applicable law, we may disclose Anonymous Information without restriction.
How We Store and Secure It
Storing Your Personal Information
We use data hosting service providers in the AWS Region US East (N. Virginia) to host the information we collect, and we ensure technical measures secure your data. Because your information is stored at data centers located in the United States of America, it is subject to U.S. laws and may be accessible to the U.S. government, tribunals, law enforcement and regulatory agencies. The level of data protection established in the United States of America may be different from the one established in your home country.
Securing Your Personal Information
Personal Information is kept on computer servers in a controlled, secure environment, protected from accidental loss, unauthorized access, use, alteration, or disclosure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted via the System. Among the security measures we take is a login process requiring a password and username that you select and a firewall protecting our hosting server. We will retain your username as part of your Personal Information but will not share this information with anyone. You are responsible for keeping your password and username confidential and secure from unauthorized persons, and you are responsible for any and all activities that occur under your user name. Any transmission of Personal Information is at your own risk.
Keeping Your Personal Information
We will retain your Personal Information for varying amounts of time, depending on the nature of the information.
- Account information: Your account information is stored for as long as your account is active and for a reasonable length of time thereafter (to be used in the event that you or your organization opt to reactivate your use of the System). We also retain some of your information in order to comply with our legal obligations, resolve disputes, enforce our agreements, support business operations, and continue to develop and improve our services. If we retain your information for the purpose of improving our services, we take steps to anonymize that information. If your account is managed by your employer, your Personal Information will be retained as long as required by the administrator of your account.
- Other information you add to the System: In the event that your account is deactivated or disabled, some of your Personal Information and any content you have provided will remain so that your employer can continue to make full use of the System and its features. For example, we will continue to display any records you created or comments that you made on existing records.
If there are any breaches in our security, we will notify you of those breaches within a reasonable amount of time. In the event of a security breach, our response procedure is specified in our SLA (Service Level Agreement).
How to Access and Manage It
Users with Accounts Administrated by Your Organization
The System and our services are intended for use by organizations. If the System or our services are made available to you through your employer, your employer is your System administrator and is responsible for the accounts and/or applications over which it has control. Please direct your initial questions regarding data privacy and System administration of our services to your administrator, as your use of the System is subject to your employer’s policies. We are not responsible for your employer’s policies.
Within the System, your administrator is able to require you to reset your password, change the email address associated with your account, restrict, suspend, or end your use of or access to the System; require your use of the System as a condition of your employment; access information in and about your account; and/or access or retain information stored as part of your account.
Even if your use of the System is not managed by your employer at this time, if the email address you use to access the System is provided by your employer, then your employer may assert administrative control over your account and your use of the System at a later date.
Accessing, Copying, Deleting, and Correcting Your Personal Information
You may access and make changes to some of your Personal Information via the System. Specifically, you can update your profile information, turn on and off email notifications, and update or remove emergency contact information from your profile page. You also have the option to delete certain personal information stored on your profile.
If you require other deletions or changes to your Personal Information which cannot be accomplished via your profile page, please Contact Us. We may choose not to accommodate a request to delete or change information if we believe the deletion or change would violate any law or legal requirement or cause the information to be incorrect. If the System is controlled or managed for you by your employer, you may need to contact your System administrator to assist with your requests first. Your request and choices may be limited in certain cases.
If you no longer wish to maintain your account or use the System, you or your administrator may be able to delete your profile from the System. However, your employer may consider use of the System to be a condition of your employment, and we are not responsible for your employer’s policies.
Turning off Cookies
Obtaining a Copy of Your Information
You have a legal right to a copy of all of your Personal Information in our possession. If you would like a copy of your Personal Information, please Contact Us. We will provide you with an electronic file of your basic account information that can be exported into another system.
California Civil Code Section 1798.83 permits users who are California residents and who have provided us with “personal information” (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes. If you are a California resident, you may email us at: firstname.lastname@example.org.
Canadian citizens, except under circumstances defined by law, are entitled to access their own personal data by writing to: Regulatory Consultants, Inc., 140 West 8th Street, Horton, KS 66439. If you believe that the personal data about you that we have collected is incomplete or inaccurate, please Contact Us and we will correct the information upon verification of the omission or error and of the identity of the person requesting the change.
Children Under the Age of 16
Neither the System nor our services are intended for use by children under 16 years of age and we do not knowingly collect personal information from children under 16. If you are under 16, please do not use or provide us any information. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information.
Changes to this Policy