CrescentOne and data privacy
What personal information do we collect from you?
We may collect and process the following personal information about you:
- Personal information that you give us: This is information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar) or corresponding with us by telephone, post, email or otherwise. It may include, for example, your name, address, email address and telephone number; information about your business relationship with CrescentOne; and information about your professional role, background and interests.
- Personal information that our website and other systems collect about you:
- Our website may contain links to websites of third parties who are not affiliated to CrescentOne. If you access such third-party websites by clicking on such links, we are not responsible for the way in which such third parties process your personal information that they collect.
- If you exchange emails, telephone conversations or other electronic communications with our employees and other staff members, our information technology systems may record details of those conversations, sometimes including their content.
- Some of our premises have closed circuit TV systems and other security and access management systems which may record you and certain information about your visit if you visit our premises, for security and safety purposes.
- Other information: We may also collect some information from other sources. For example:
- If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.
- We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, export control, credit rating background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
How will we use your personal information?
We may collect, store and use your personal information for the following purposes:
- to operate, manage, develop and promote our business (including our products and services) and, in particular, our relationship with the organization you represent (if any) and related transactions including, for example:
- marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);
- warranty processes;
- product compliance processes;
- accounting and billing / payment purposes (including to offer financing solutions to customers, together with our finance partners);
- to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations;
- to offer you the services of our online shops based on the terms and conditions of the dedicated web-shop;
- to provide you with services or information that you may have requested;
- to keep you informed and updated on relevant products or services you may be interested in;
- to enable you to take part in our online assessments and surveys;
- to manage and maintain the relationship with investors; and
- to operate recruiting activities;
- to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes;
- to comply with our legal and regulatory obligations and bring and defend legal claims and assert legal rights; and
- if the purpose is directly connected with an assigned purpose previously made known to you.
We may from time to time review your information held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above. This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations. To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as described below. Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left CrescentOne).
We will only process your personal information as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your personal information where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances we may also be required by law to disclose or otherwise process your personal information.
Disclosure and international transfer of your personal information
We may disclose your personal information, where reasonably necessary for the various purposes set out above:
- to the other members of the CrescentOne, FOG Software or Constellation Software group of companies;
- to your colleagues within the organization that you represent;
- to service providers who host our web services or other information technology systems or otherwise hold or process your information on our behalf, under conditions of confidentiality and security required by law;
- business partners, channel partners, service partner, agents, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- to a person who takes over our business and assets, or relevant parts of them; or
- in exceptional circumstances:
- to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or
- where we are required by law to disclose.
These disclosures may involve transferring your personal information overseas. If you are dealing with us within the European Economic Area, you should be aware that this may include transfers to countries outside the European Economic Area, which have not been determined by the European Commission to have an adequate level of data protection. In those cases, where we transfer your personal information to other members of the CrescentOne, FOG Software or Constellation Software group or our service providers, we will ensure that our arrangements with them are governed by relevant legal mechanisms and safeguards including data transfer agreements, designed to ensure that your personal information is protected, on terms approved for this purpose by the European Commission.
How long do we keep your personal information?
We will delete your personal information when we no longer need such personal information, for instance where:
- it is no longer necessary for us to retain your personal information to fulfil the purposes for which we had collected it;
- we believe that your personal information that we hold is inaccurate; or
- in certain cases where you have informed us that you no longer consent to our processing of your personal information.
- there are legal or regulatory requirements which may require us to retain your personal information for a specified period, and in such cases we will retain your personal information for such specified period; and
- we may need to retain your personal information for certain longer periods for product liability purposes or in relation to legal disputes, and in such cases we will retain it for such longer periods to the extent required.
Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.
What are your rights?
You have the following rights (subject to applicable local laws) in relation to the personal information that we hold about you:
- to access your personal information, and some related information, under relevant data protection law;
- to require any inaccurate personal information to be corrected or deleted;
- to object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances;
- to require us to delete your personal information in certain circumstances;
- to require us to restrict or block the processing of your personal information in certain circumstances (when processing is restricted, we can still store your personal information, but may not use it further);
- to obtain from us your personal information, in a structured, commonly used and machine-readable format in certain circumstances. Further, you may have the right to require us to transmit your personal information directly to another person (for instance a new provider) where it is technically feasible to do so; and
- where we are processing your personal information based on your consent to such processing, to withdraw your consent at any time.
Further information and advice about your rights can be obtained from the data protection regulator in your country. If you wish to exercise any of these rights (subject to applicable local laws), please send an e-mail to email@example.com.
We request you not send to or share with us any sensitive personal information (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership).
Personal Information of Children
CrescentOne respects the privacy of children and does not knowingly collect, use or disclose personal information of children under 16 years of age without verifiable consent from a parent or guardian. If CrescentOne becomes aware that the information submitted to or collected by CrescentOne is personal information of children without first receiving verifiable consent from a parent or guardian, CrescentOne will take prompt steps to delete such personal information. If a parent or guardian wishes to raise a concern regarding personal information pertaining to a child, please email our Data Protection Office at firstname.lastname@example.org.
Automated Decision Making
We may use technology which tracks your use of our website and your interactions with us and which helps us to build a profile of your preferred products and information requests. If we do this, what this means for you is that you are more likely to receive offers and information that are tailored to your specific preferences, based on your previous profile activity.
If we use automated decision making in respect of any specific service or product and such automated decision making produces legal effects concerning data subjects or similarly significantly affects them, we will provide information required by applicable laws in respect of such automated decision making.
If you wish to exercise your rights (subject to applicable local laws), If you have complaints about our processing of your personal information, please email to email@example.com. You can also lodge a complaint about our processing of your personal information with the body regulating data protection in your country.
Changes to this policy
Last updated: December 6, 2021