Effective Date: May 17, 2018
1. Collection of Personal Information
3. Use of Third Party Cookies
4. Collection of Personal Information; Categories
2021.AI will ask you for personal information when you sign up for any specific benefit or purpose that requires registration. Personal information that 2021.AI collects may vary with each registration, and it may include one or more of the following categories: name, physical address, email address, phone number, company name.
2021.AI are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection policy in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations to meet the demands of the GDPR.
2021.AI are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our objectives for GDPR compliance include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
4.1. Personal Information Access and Retention
Personal data shall be processed by 2021.AI in accordance with the rights of data subjects. When acting as a data processor, 2021.AI shall have no direct relationship with the data subjects whose personal data we process and no authority to grant direct access to that data. In cases where 2021.AI handles customers’ personal information and a client seeks access to correct, amend, or delete inaccurate data, such client should direct his/her query to 2021.AI. If 2021.AI is requested to remove data, we will respond within a reasonable timeframe, or according to the terms in the data processing agreement with data controller.
4.2. Use of Personal Information
2021.AI may use Personal Information for responding to and processing inquiries, orders and service requests or generally for any other purpose related to the original purpose for which the Operational Personal Information was collected. 2021.AI also may use Operational Personal Information for supporting your relationship with 2021.AI by designing services that are suitable to your needs, general Product support and updates, marketing, alerting you to new Product offerings as they become available, continuing existing service and support, and other similar purposes. This Information may also be used to provide you with notices about your purchases, your use of the Products, and to carry out 2021.AI’s obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
4.3. Personal Information in Content
We treat all Content that is backed up, stored or hosted using our Products in the same manner, described below, regardless of whether or not it contains Personal Information.
4.4. Share Personal Information and Content
2021.AI will not give, sell, share, or trade any Operational Personal Information or any Personal Information in Content to any party outside of 2021.AI except as outlined in this Policy or with appropriate consent. We may disclose Personal Information to a third party in the following limited circumstances:
- when we have a good faith belief that the disclosure is necessary to prevent or respond to fraud, defend our Websites or Products against possible attacks, or protect the property and safety of 2021.AI, our Customers or the public;
- as required by law, such as to comply with a subpoena, warrant, regulatory oversight or similar legal process;
- in connection with any potential sale, transfer, merger, consolidation or other transaction involving all or part of our company.
In addition, 2021.AI may disclose Operational Personal Information (but not Content), as needed, in the following circumstances:
- to companies that provide services that help us with our business activities such as processing Customer payments. These companies are authorized to use Personal Information only as necessary to provide these services to us; and
- to companies that work with 2021.AI on various projects; for example, 2021.AI may share Operational Personal Information for customer relationship management purposes, email marketing purposes, to our reselling Partners, or with other companies whose products or services we think may be of interest to our Customers in joint marketing and support efforts.
5. Using and Sharing of Personal Information: General Policy and Exceptions
Our general policy is that we will use your personal information only for the performance of the services or transaction for which it was given, and we will not share, sell, or rent your personal information to others. The only exceptions to this general policy: (i) are described in the subsections below, and (ii) if you explicitly approve through our site. We may at times combine your personal information with passively collected information in order to personalize this site and offers we may present to you, but we will only do so where and to the extent explicitly approved by you.
In the course of providing Product support requested by a Customer, 2021.AI may have incidental access to Content. Any Customer request for Product support will be deemed express permission for us to access Content as needed for the limited purposes of providing the requested Product support. Customer, as the data controller, is responsible for furnishing any notices or obtaining any consents required by law from the relevant individuals. Product support may be provided by any 2021.AI entity on behalf of another.
5.1. Affiliates and Service Providers
5.2. Acquisition; Bankruptcy
In the event that we are acquired by or merged with a third party entity, we reserve the right to transfer such information as part of such merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we reserve the right to transfer such information to protect our rights or as required by law. You will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
5.3. Enforcement; Legal Process
2021.AI reserves the right to transfer such information if we have a strong belief that access, usage, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request,(ii) to investigate or enforce violations of our rights or the security of this site, or (iii) to protect your safety or the safety of others.
6. Collection of Anonymous, Passive Information
We reserve the right to monitor your use of this website. As you navigate through this website, certain anonymous information may be passively collected (that is, gathered without you actively providing the information) using various technologies, such as cookies, Internet tags or web beacons, and navigational data collection (log files, server logs, clickstream). The following is a listing and a brief explanation of passive information collection methodologies which we may use from time to time to better understand how this site is being used.
6.1. A “cookie” is a text file that this site sends to your browser in the form of a text file. The information generated by the cookie about your use of this site (including your IP address) will be transmitted to and stored. Most browsers automatically accept cookies, but they usually can be modified to decline cookies if you prefer; however, certain features of this site might not work without cookies.
6.2. “Session” cookies are temporary bits of information that are used to improve navigation, block visitors from providing information where inappropriate (the site “remembers” previous entries of age or country of origin that were outside the specified parameters and blocks subsequent changes), and collect aggregate statistical information on the site. They are erased once you exit your Web browser or otherwise turn off your computer.
6.3. “Persistent” cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for a number of purposes, such as retrieving certain information you have previously provided, helping to determine what areas of the site you may find most valuable, and customizing the site based on your preferences on an ongoing basis. Persistent cookies placed by this site in your computer do not hold personal information.
6.4. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. To learn more about cookies and how to specify your preferences, please search for “cookie” in the “Help” portion of your browser.
6.5. An Internet Protocol (IP) address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personal information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer). The IP address can be used to diagnose problems with a server, report aggregate information, determine the fastest route for your computer to use in connecting to a site, and administer and improve the site.
6.6. “Internet tags” (also known as Web Beacons, single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) are smaller than cookies and tell the Web site server information such as the IP address and browser type related to the visitor’s computer. Tags may be placed both on online advertisements that bring people to the site and on different pages of the site. Such tags indicate how many times a page is opened and which information is consulted.
6.7. “Navigational data” (log files, server logs, and clickstream data) are used for system management, to improve the content of the site, market research purposes, and to communicate information to visitors.
7. Use and Sharing of Anonymous, Passive Information
This site may make full use of passively collected anonymous information, including without limitation the right to use such information to provide better service to site visitors, customize the site based on your preferences, compile and analyze statistics and trends, and otherwise administer and improve this site for your use. We reserve the right to share this anonymous, passive information in aggregated form.
8. Onward Transfer of Personal Information Outside Your Country of Residence
Any personal information which we may collect on this site will be stored and processed in our servers located primarily in Denmark, and in other countries under the General Data Protection Regulation (GDPR) (EU) 2016/679. By using this site, if you reside outside Denmark, you consent to the transfer of personal information outside your country of residence to Denmark.
9. Security of Personal Information
We follow generally accepted industry standards to protect your personal information. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. We use encrypted transmission of your information behind the login with socket secure layer technology (SSL), the 256-bit AES encryption mechanism for stored Content and Personal Information and the password-free login method as well as the classic password-based login method. Therefore, while we strive to protect your personal information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive at this site.
10. Changing, Deleting And Updating Personal Information
Upon request, we will permit you to request or make changes or updates or delete your personal information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your personal information in any account you establish with our site for purposes of making your own changes or updates, and in such case, instructions for making such changes, deletions or updates will be provided where necessary. You may send us your request by contacting us at email@example.com.
10.1. Data Retention
We will retain your information for as long as your account is active or as long as it is needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11. Email from 2021.AI Website, Services or Products; Opt-Out Rights
If you supply us with your e-mail address you may receive periodic messages from us with information specific to the site, services or products and required for the normal functioning of the site as well as for new products or services or upcoming events. If you prefer not to receive periodic email messages, you may opt-out by following the instructions on the email.
12. Links to Other Sites Including Online Ads
This site may contain links to other websites with whom we have a business relationship. These links may include online advertisements that we deem to be appropriate. Any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites; however, we have entered into agreements with these websites which provide that unless you specifically agree otherwise: (ii) they will use your personal information only for the purpose of providing the products or services that you may request, and (ii) they will share your personal information only as required to fulfill your request for products or services. You should be careful to review any privacy policies posted on any of these sites before providing information to them.
13. Blog and Forum
Our web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
13.2. Google single sign on services. You can log in to our site using Google single sign on services. This service will authenticate your identity and provide you the option to share certain personal information with us such as your name, email address and other account information. Services Google single sign on gives you the option to backup your information using our service.
14. Recommendation for Content Storing
We highly recommend all account owners including 2021.AI’s Staff members to not store within their accounts in any form, be it via a table, script, function, file, pdf, image or any other means: Social Security Numbers (SSNs), Credit Card Numbers, Passport Numbers, Bank Account numbers or Bank Account Routing numbers.
15. GDPR Compliance
2021.AI has been taking all endeavours required to achieve consistent level of data protection and security across our organisation, however it is our aim to meet all GDPR compliance requirements by 25th May 2018.
15.1. Information Audit
Carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
15.2. Policies and Procedures
Implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention and Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers and Third-Party Disclosures – where 2021.AI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
15.3. Legal Basis for Processing
We are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
15.4. Privacy Notice/Policy
We have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
15.5. Obtaining Consent
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
15.6. Direct Marketing
We have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
15.7. Data Protection Impact Assessments (DPIA)
Where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
15.8. Processor Agreements
Where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
15.9. Special Categories Data
Where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
16. Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website, in the office, during induction etc. of an individual’s right to access any personal information that 2021.AI processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for no longer than 6 months
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
17. Information Security; Technical and Organisational Measures
2021.AI takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including SSL, access controls, password policy, encryptions, pseudonymisation, practices, restriction, IT, authentication etc.
18. GDPR Roles and Employees
2021.AI have designated Christian Villumsen as our Data Protection Officer (DPO) and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
2021.AI understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We aim to implement GDPR compliance program prior to May 25th, 2018, and are continuously developing it as part of our induction/termination process and annual employee training.
Ryesgade 3F, Copenhagen 2200 Denmark
+45 93 91 20 21