This EU-UK Privacy Rights Notice (the “EU-UK Notice”) provide information about the collection, use, processing and sharing of data about individuals located in the European Union, United Kingdom (UK), Iceland, Liechtenstein or Norway (the “European Economic Area” or “EEA”).
With respect to individuals in the UK, references to the GDPR in this EEA Notice are to be read as referring to the UK’s similar legislation, the Data Protection Act 2018.
In this EU-UK Notice:
This EU-UK Notice applies only to the use of Personal Data in GDPR Processing Activities. In this EU-UK Notice, the words “Ativion,” “we,” “us” or “our” refer to the Ativion Group, a group of subsidiary companies of Impala Bidco and part of the Ativion and Netop companies as defined in our Group Structure available at www.www.ativion.com/legal/group-structure, and it applies to GDPR Processing Activities in which we are the data controller of the Personal Data.
This EU-UK Notice applies to GDPR Processing Activities by any means, including hardcopy (such as paper applications or forms) and electronic means (such as websites and mobile applications). Any capitalized but undefined terms have the same meaning found in the Privacy Policy.
We collect several categories of Personal Data in circumstances that may involve GDPR Processing Activities, including data you provide, data collected automatically (potentially including location data), and data we obtain from third party sources.
If we process your Personal Data for any other purposes, we will describe the data collected, the purpose when we collect the Personal Data, and seek to obtain your consent.
The ways in which we collect and use your data vary depending on the relationship between you and us. The following sections of this EU-UK Notice describe in more detail how we collect and use Personal Data in various circumstances that may involve GDPR Processing Activities.
Purpose/Activity | Type of data | Lawful basis for processing, including basis of legitimate interest |
To administer and protect our Websites and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical and Usage | Necessary for our legitimate interests (for running our Websites and Services, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise). Necessary to comply with a legal obligation |
To use data analytics to improve our Websites, products, Services, relationships with users and user experiences | (a) Technical and Usage | Necessary for our legitimate interests (to define types of users of our Websites, products and Services, to keep our Websites, products and Services updated and relevant, to develop our Websites, products and Services) |
To make suggestions and recommendations to you about our products, services, information and events that may be of interest to you | (a) Identity (b) Contact (c) Technical and Usage (d) Profile (e) Marketing and Communications | Necessary for our legitimate interests (to develop our Websites, products and Services) |
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To Personalize our Services for you | (a) Technical and Usage (b) Profile | For the Performance of the contract between us |
To Consider your career application if you apply for a role with us | (a) Identity (b) Contact (c) Profile | Necessary for our legitimate interests (to study how users use our products and services and to develop them) You will provide your consent when entering the survey or competition |
Complete a transaction with us for Services, including to process payments and refunds and to deliver Services and any other information as requested | (a) Identity (b) Contact (c) Payment Data | For the Performance of the contract between us |
To Detect, prevent, and address technical issues | (a) Technical and Usage | Necessary for our legitimate interests (to keep our Website and Services operating) |
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To Personalize our Services for you | (a) Technical and Usage (b) Profile | For the Performance of the contract between us |
To Consider your career application if you apply for a role with us | (a) Identity (b) Contact (c) Profile | Necessary for our legitimate interests (to study how users use our products and services and to develop them) You will provide your consent when entering the survey or competition |
Complete a transaction with us for Services, including to process payments and refunds and to deliver Services and any other information as requested | (a) Identity (b) Contact (c) Payment Data | For the Performance of the contract between us |
To Detect, prevent, and address technical issues | (a) Technical and Usage | Necessary for our legitimate interests (to keep our Website and Services operating) |
The Data Subject who we collected personal data include the following:
Customers, Users, and Subjects, as defined in the Privacy Policy.
We share your Personal Data with third parties including service providers, social media platforms, and government authorities for the following purposes:
We will retain your Personal Data for as long as is necessary for the purposes set out in this EU- UK Notice and for as long as is required under applicable law or is needed to resolve disputes or protect our legal rights or otherwise to comply with legal obligations. Consistent with the foregoing guidance, some data may be retained indefinitely. Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see “Your Rights” below).
Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Where we are processing Personal Data based on the public interest, we generally retain the information for the period of time that continues to serve that underlying interest. Where we are processing Personal Data based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects. In some cases, where Personal Data was primarily
processed and retained on the basis of consent, contract, the public interest, or other bases described in this EEA Notice, we may continue thereafter to retain the data based on a legitimate interest.
For retention of your Personal Data using cookies, please review our Cookie Policy at www.www.ativion.com/legal/CookiePolicy
We are a global company with offices in the UK, US and Europe. We may share your personal data between our locations, and with service providers which help our operations. Some of our Personal Data processing takes place in the United States, though sometimes we or third parties with whom we share data, as discussed above, may process data in other countries. The data privacy laws in the United States and other countries outside the EEA and the UK may provide less protection than such laws in the EEA or the UK.
In the event we transfer your Personal Data outside the EEA or outside the UK as part of our GDPR Processing Activities, we rely where required on appropriate or suitable safeguards or specific derogations recognized under the GDPR or under UK law. We keep data in the country of origin wherever possible.
For our cloud and hosted Services, the storage location is typically the Customer’s region or the closest possible instance if the law allows us to do so. For example, data from UK-based Customers, their Users, and Subjects, is kept in the UK, and data for US-based Customers, their Users, and Subjects is kept within the US. For a full list of the countries where hosting instances are available, please contact the Ativion sales team.
The European Commission has adopted standard data protection clauses, also applicable in the UK, which provide safeguards for Personal Data transferred outside of the EEA or the UK. We may use Standard Contractual Clauses when transferring Personal Data from a country in the EEA or from the UK to a country outside the EEA or the UK. If so and your Personal Data are affected, you can request a copy of the Standard Contractual Clauses relevant to your Personal Data by contacting us as set forth in the “Contact Us” section below
Upon your reasonable, good-faith request, we will provide you with information about whether we hold any of your Personal Data as part of our GDPR Processing Activities to the extent required by and in accordance with applicable law. In certain cases, you may also have a right, with respect to your Personal Data collected and used in the GDPR Processing Activities, to:
To submit a request, please send an email message to dpo@ativion.com. Because we want to avoid processing your Personal Data at the direction of someone other than you, we will ask you for information verifying your identity. We will respond to your request within a reasonable timeframe.
Subject to certain legal limits, you also have the right to withdraw your consent to our processing of your Personal Data as part of our GDPR Processing Activities, where our processing is solely based on your consent. In some cases, you can do this by discontinuing use of the services involved in the GDPR Processing Activities. This would include closing all of your online accounts with us and contacting us at dpo@ativion.com to request that your Personal Data be deleted.
If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in this EU-UK Notice or the other Ativion privacy notices, you may not have access to some or all of the related services, and we might not be able to provide you some or all of the services.
Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent and requested that we delete your Personal Data, if we have a legal basis to do so.
If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority (i.e., supervisory authority).
We may update this EU-UK Notice from time to time without prior notice by posting revised EU-UK Notice to this site. You can determine when this EU-UK Notice was last revised by checking the Last Updated date at the beginning of this EU-UK Notice. If the changes made to our Privacy Policy are substantial, we will contact you before the changes take place.
If you have any questions, comments, requests, or concerns about this EU-UK Notice or other privacy-related matters, you may contact us in the following ways:
Email: dpo@ativion.com
Mail (For UK):
Ativion Attn: Data Protection Officer, GDPR Information
Seventh Floor, East West Tollhouse Hill Nottingham, UK NG1 5FS
Mail (For EU):
Ativion Attn: Data Protection Officer, GDPR Information
Bregnerodvej 139, 3460 Birkerod, Denmark