Privacy statement <p>
<strong>Last update: 17th of February 2022</strong>
</p>
<p>This platform veracity.com is owned and operated by the Norwegian registered company DNV AS (“DNV” Veritasveien 1, 1363 Høvik, Norway, registration number 945 748 931).</p>
<p> </p>
<p>
<strong>
<em>Introduction</em>
</strong>
</p>
<p>This privacy statement applies to any processing of personal data on veracity.com which is hereinafter referred to as the “Platform”.</p>
<p>
<strong>Personal data</strong> in this regard shall mean any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.</p>
<p>
<strong>Processing</strong> shall mean any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.</p>
<p> </p>
<p>
<strong>
<em>How we process your personal data</em>
</strong>
</p>
<p>
<em>Personal data automatically collected when you browse the Platform</em>
</p>
<p>When you visit the Platform for informational reasons, i.e.
without being registered, we will automatically gather and store certain information (e.g.
device type, the browser used, the date and time of visit, pages visited).</p>
<p>We use such data only to assist us in providing an effective service (e.g., to adapt our Platform to the needs of your end user device or to allow you to log into our Platform).
The personal data collected is necessary to provide you with the Platform.
The legal basis for this processing activity is Article 6 (1) 1 lit.
f of the European General Data Protection Regulation (“GDPR”).</p>
<p> </p>
<p>
<em>Registration for and use of our services and products</em>
</p>
<p>We will process personal data actively provided by you, e.g.
when you register with us by setting-up an account on Veracity, sending us requests or questions, prepare offers or place orders or access services.
Such personal data may contain inter alia your name, e-mail address, contact details, company affiliation, request and order information.</p>
<p>DNV collects and uses personal data only to provide you with the services you requested, to administer your account, identify you at sign-in and to communicate with you.
We also interact with you via our general enquiry/support sections or responding to complaints or general feedbacks given by you on our services or because we had or have a contract with you in place.
For this, the legal basis is Article 6 (1) 1 lit.
b GDPR (i.e., the processing is necessary for entering into or the performance of a contract with you).</p>
<p>As the case may be we may also contact you with regards to your satisfaction with our products and services and may conduct other surveys.</p>
<p>We use the personal data and contact data you provide by registration to inform you directly about our additional products and services.
The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this Platform, Article 6 (1) lit.
f GDPR.</p>
<p>
<strong>You can object to the use of your personal data for direct marketing at any time.
We will then refrain from any processing to the extent it is related to such purposes.
You can inform us about your objection under contact </strong>contact@veracity.com</p>
<p>We process your personal data as far as necessary for compliance with legal obligations to which we as the data controller are subject, in particular the applicable commercial accounting obligations and tax law requirements.
The legal basis for this processing activity is Article 6 (1) 1 lit.
c GDPR.</p>
<p>Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used.
After deletion of your account, your personal data will be erased once the purpose for keeping it has expired.
As the case may be some personal data may be kept for security related purposes.
Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data.
In this case, we will inform you accordingly.</p>
<p>
<em>Usage Reports</em>
</p>
<p>We will provide our customers with usage reports to inform them how data is captured, accessed and processed.
In order to do so, we will track the activity on a data container, e.g.
date and time of access.</p>
<p>Legal basis for this processing is Article 6 (1) 1 lit.
f GDPR as it is our and the customer’s legitimate interest to get to know how their data is used.</p>
<p>
<em>Content Matching</em>
</p>
<p>Veracity is using your preference and usage of the Platform to match you with relevant content.
If you do not want us to collect, save and analyse information on your visit and if you do not want to receive information on Veracity in line with your interests you can object to this at any time for the future (opt out).</p>
<p>
<em>Log files</em>
</p>
<p>Veracity is collecting log files when using the Platform to determine error situations.</p>
<p>Legal basis for this processing is Article 6 (1) 1 lit.
f GDPR as it is our and the customer’s legitimate interest to get to know how their data is used.</p>
<p>
<em>Informational e-mails</em>
</p>
<p>With your email address you can subscribe to our informational e-mails that provide you with the latest news about our products and services like research, analytics, reports and whitepapers if you consent to receiving such e-mails.
The legal basis for this processing is Article 6 (1) lit.
a GDPR.
Your email address will be retained as long as you subscribe to our informational e-mails.</p>
<p>This service is partly provided by means of a double-opt-in.
Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service.
If your subscription is not confirmed we will not send you informational e-mails.</p>
<p>You can unsubscribe from this service by opting out via the link provided in each informational e-mail.</p>
<p>
<em>Data collected from third party sources</em>
</p>
<p>We may also collect personal data about you such as your name and contact details for providing you with information on products and services, coming from third party resources on trade fairs and webinar vendors we are participating in.</p>
<p>Legal basis for this processing is Article 6 (1) 1 lit.
f GDPR as it is our company group’s legitimate interest to maintain our user base, bring new users to the Platform and inform (potential) users about services organized and provided by DNV.</p>
<p> </p>
<p>
<em>Automated decision making</em>
</p>
<p>We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.</p>
<p> </p>
<p>
<strong>
<em>Recipient of your personal data</em>
</strong>
</p>
<p>Your personal data will be disclosed to the following parties:</p>
<p>
<em>Group internal recipient</em>
</p>
<p>Within the DNV company group, your personal data may be transferred to various entities of the DNV Group.
DNV consists of DNV Group AS with subsidiaries [https://www.dnv.com/about/in-brief/corporate-governance.html] (“DNV”).
The legal basis for such transfer is DNV Group’s legitimate interest in the provision of a shared custom support, administration and internal IT department as well as our company group’s legitimate interest to guarantee smooth operations between our entities for the purposes set out above.
Personal data may be transferred outside of the country in which it was collected for.</p>
<p>DNV is a Binding Corporate Rules (Controller) certified company and therewith personal data transferred to a third country outside the European Union / European Economic Area is subject to these.</p>
<p> </p>
<p>
<em>Third party recipients</em>
</p>
<p>We engage third party companies and individuals who assist us in providing the services and products we offer through this Platform or support us with certain functions related to this Platform.
Your personal data will be e.
g.
shared with the following third parties and partly their sub-processors based also outside EU/EEA:</p>
<ul>
<li>Microsoft Corporation</li>
<li>Accenture Inc.
(Philippines)</li>
<li>Salesforce.com Sarl.</li>
<li>Stripe Payments Europe Ltd</li>
</ul>
<p>Moreover, when you purchase a service on Veracity from any Service Provider we share the following basic set of personal data (e.g.
username, name, company affiliation, email, service subscription, login ID) for the purpose of enabling the service provider to verify that you are registered as a user of Veracity and to allow you to experience usage of Veracity in a more convenient way.
We require these Service Providers to comply with relevant personal data protection laws.</p>
<p>Our Service Providers will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with the requests.</p>
<p>We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order).
The legal basis for this processing is Art.
6 (1) 1 lit.
c GDPR.
</p>
<p>Payment service provider</p>
<p>We use Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2 to process payments.
When you purchase services on the Platform your transaction information, including your payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase will directly be collected by Stripe.
We do not retain any financial information such as credit card numbers.
The credit card number will be stored by Stripe for further purchases (subscriptions) in the future.
Stripe only provides the order information (i.a.
order, name, company, amount) to us.</p>
<p>Stripe may process some of your data for its own purposes in its capacity as data controller to comply with legal obligations and requirements.
This data processing falls within the sole responsibility of Stripe.
For more information on the data processing by Stripe please see their privacy policy: https://stripe.com/us/privacy.</p>
<p>The legal basis for the data transfer and processing activities of data processors is Art.
28 GDPR in conjunction with the data processing agreements we concluded with respective third party companies.</p>
<p>
<em>International data transfer</em>
</p>
<p>Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the European Union) which may have different data protection standards than your country of residence.
Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies.
However, we will endeavour to take reasonable measures to keep up an adequate level of data protection also when sharing your personal data with such countries.</p>
<p>In the case of a transfer outside of the European Union, this transfer is safeguarded by the EU Standard Contractual Clauses.
You can find further information about the aforementioned safeguards under: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.</p>
<p> </p>
<p>
<strong>
<em>Retention periods</em>
</strong>
</p>
<p>We strive to keep our processing activities with respect to your personal data as limited as possible.
In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.</p>
<p> </p>
<p>
<strong>
<em>How we use cookies</em>
</strong>
</p>
<p>Please read our Cookie policy to get information on how we use cookies on the Veracity platform</p>
<p> </p>
<p>
<strong>
<em>Security</em>
</strong>
</p>
<ul>
<li>Security of personal data is our highest concern.
We apply strict security measures to protect confidentiality and integrity of your personal data when transferring, storing or processing it.</li>
<li>We use physical, administrative and technical security measures to reduce the risk of loss, misuse or unauthorized access, disclosure or modification of your personal data.</li>
<li>Your personal data is stored using industry best practices on secure servers at fully classed data centers</li>
<li>All traffic is transmitted over secured communication protocols (TLS/SSL)</li>
<li>All access to our systems is implemented using industry best practices</li>
<li>Our systems are continuously monitored</li>
<li>Our systems are penetration tested by third party companies</li>
<li>Our systems are continuously scanned for vulnerabilities</li>
<li>Our systems and processes are ISO 27001 certified</li>
</ul>
<p> </p>
<p> </p>
<p>
<strong>
<em>Data subjects’ rights</em>
</strong>
</p>
<p>You may be entitled to exercise some or all of the following rights free of charge:</p>
<p>a.  .
require (i) information whether your personal data is retained and (ii) access to and/or (iii) duplicates of your personal data retained, including the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed and where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;</p>
<p>b.  .
request proper rectification, removal or restriction of your personal data, e.g.
because (i) of the incomplete or inaccurate nature of the personal data, (ii) it is no longer needed for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have taken advantage of an existing right to object to the data processing.
in case your personal data is processed by third parties, we will forward your request for rectification, removal or restriction also to such third parties unless this proves impossible or involves disproportionate effort;</p>
<p>c.  .
receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from our side.
where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller,</p>
<p>d.  .
refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;</p>
<p>
<strong>e.  .
object at any time that your personal data will be used for direct marketing purposes, or – based on grounds relating to your particular situation, that your personal data shall be subject to data processing for other purposes</strong>;</p>
<p>f.  .
not to be subject to any automatic individual decisions (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or similarly significantly affect you;</p>
<p>g.  .
take legal actions in relation to any breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.</p>
<p> </p>
<p>
<strong>
<em>Revision of the Privacy Statement</em>
</strong>
</p>
<p>DNV may change or update the privacy statement without notice.
All such changes will take effect once they have been posted on the Platform. It is your responsibility to monitor such updates.
The privacy statement was last updated on the date stated at the beginning of this privacy statement.</p>
<p>
<strong>
<em>Contact Details</em>
</strong>
</p>
<p>If you are concerned about use of the Data or have any questions regarding this Privacy Statement, please contact our data protection officer via dataprotection@dnv.com or by getting back to her using the same postal address as listed below.
DNV regrets that only general queries about the privacy statement can be responded to via e-mail.</p>
<p>We wish you a pleasant, enhanced user experience at the Platform!</p>
<p>DNV AS<br>
Veritasveien 1<br>
1322 Høvik<br>
Norway</p>  .