DI2X respects your privacy. Our customers, clients and partners provide data to us for their own use and for our anonymized benchmarks. Also, we collect data for our marketing and sales efforts. We'll always process the information in accordance with rules and regulations.
Questions regarding our data processing or use? You're always welcome to reach out to us:
Budolfi Plads 12, 1. tv
9000 Aalborg
Danmark
+45 2244 2585
di2x@di2x.com
This Privacy Policy applies to our activities as a data controller, i.e. when we process personal data, so it outlines your rights to privacy and our commitment to safeguarding your personal data when you:
– Use our website
– Visit our office
– Receive marketing or sales communications from us, including emails, phone calls or texts
– Register for or attend our events, both virtual an in real life
– Send us a job application
– Are a DI2X user of our tools or content
– Negotiate or sign agreements with us
We also act as a data processor, i.e. when we process personal data on behalf of our clients. For more on this, see “Your personal data in the DI2X software”.
In the situation where your employer is our client or customer, or is a customer of a DI2X partner, and you have been given access to DI2X tools, content or services (“Tools”) and/or been invited to take a test using our web-based tools, we collect and process your personal data, such as your name and e-mail (if provided). In these cases, DI2X has entered into a Data Processing Agreement with your employer. References in this Privacy Policy to “your employer” refer to the entity who has entered into agreement with us. You will typically be an employee, officer, contractor or consultant of a DI2X customer or partner.
Your employer is the data controller for the purposes of personal data processed when you use DI2X software. We'll process your personal data on behalf of your employer and in accordance with its instructions. Please contact your employer or us if your personal data has been submitted and you want to know more.
In other situations, DI2X is a data controller, e.g. if you receive marketing material or a sales call from us.
Information you give us
• When you complete a form or survey via our website, register for a demo or otherwise contact us to request information about our products and services, we will typically obtain contact information such as your name, employer, company email address and company telephone number.
• If you register for a course, an event, webinar, or download content, we may ask for information such as your name, company name, job title, address, phone number or email address.
• If you contact us (for example, using any support function made available by us or if you are interested in our product or services) then we may keep a record of that correspondence (either directly or through our service providers).
• If you visit our offices, you may be required to register as a visitor and provide your name, email address, phone number, company name and time and date of arrival.
• If you apply for a job with us.
• When you – either on behalf of, for your employer or as the owner of a sole proprietorship – enter into an agreement regarding the use of the DI2X software, we'll normally get your information such as your name, employer, company email address and company telephone number as well as the name of the sole proprietorship, if it is possible to identify a physical person on the basis hereof.
• if you contact or correspond with us on the use of the DI2X software (e.g. support made available by us) and we may keep a record of that correspondence (either directly or through our service providers).
• Any comments, opinions and/or feedback you provide to us regarding the software, for example during any demo, trial or beta period that you may participate in, when providing NPS scores or participating in research panels.
We collect and use technical information
• If you use our web-based tools, website, emails or other digital touchpoints, we automatically collect information about your computer or mobile device for system administration and analysis, including for example your IP address, clickstreams, unique device identifiers, operating system, browser types, network, etc.
• If you are a user of DI2X software, content and tools we'll keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage each time you take a test, etc. Technical information as above may be automatically collected, as may be other information about your use of the software, including the test pages you have viewed, the duration spent on each part of the software, etc. This information may be linked to your user profile (if relevant).
Information we receive from other sources
• If your employer has given us information about you for the purpose of being the contact person on behalf of your employer, we may obtain contact information about you from your employer such as your name, employer, company email address and company telephone number.
• We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party services such as LinkedIn or from providers who provide contact enrichment and lead generation services to us.
• We work closely with third parties (including e.g. partners, subcontractors and analytics providers) and may receive information about you from them. Details of third party providers are set out in the section below entitled “Who we share your personal data with”.
The personal data gathered about you may be used for the purposes, and on the legal bases, as set out here:
• Promoting security. We process your personal data by tracking use of our website, software, web-based tools and services. We aggregate non-personal data, verifying users and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others.
• Providing our website, web-based tools, content and services. We process your personal data to provide you with access to our website, tools and services if you are a user. We rely on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to operate and administer our website and platform and to provide you with content you access and request (e.g., to download content from our website).
• Providing necessary functionality. We process your personal data to perform our contract with you for the use of our website, software, web-based tools and services. If we don't have a contract or agreement with you, we base the processing of your personal data on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to provide you with the necessary functionality during your use of our website and services.
• Managing user registrations. If you have registered for an account with us on behalf of your employer (i.e. a potential customer of DI2X), we process your personal data by managing your user account for the purpose of performing our contract with your employer for our services, e.g. a demo or free trial. We base our processing of your personal data on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation.
• Handling contact and user support requests. If you contact us e.g. via e-mail or a phone call, we process your personal data to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in fulfilling your requests and communicating with you.
• Managing event or webinar registrations and attendance. We process your personal data to plan and host meetings, events or webinars for which you have registered or that you attend, including sending related communications to you. We process your personal data in order for us to fulfill our obligations towards you, i.e. delivering the event, cf. article 6(1)(b) of the General Data Protection Regulation. We send related communication to your on the basis of our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation.
• Developing and improving our website and services. We process your personal data to track and analyze your use of our website, software and services to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in developing and improving our website, ads and services and providing our users with more relevant content and services, or where we seek your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation. This may also be for internal operations, including troubleshooting, data analysis, testing, research, benchmarking and statistical purposes.
• Improving user experience. We process device and usage data as described in ‘Technical information’ above. Sometimes these data may be associated with your personal data, in order to analyze trends in order to assess and improve the overall user experience to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in developing and improving services, or where we seek your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation.
• Identifying customer opportunities. We process your personal data to assess new potential sales opportunities to the extent that it is in our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to ensure that we are meeting the demands of our customers and their users’ experiences.
• Registering visitors to our offices. We may process your personal data for security reasons, and register visitors to our office if we deem it necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in protecting our office and our confidential information against unauthorized access.
• Displaying personalized ads and content. We process your personal data to conduct marketing research, advertise to you, provide personalized information about us – on and off our website. We provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in advertising our website, content and product or, where necessary, to the extent you have provided your prior, valid consent, cf. article 6(1)(a) of the General Data Protection Regulation.
• For marketing and sales communications. We will process your personal data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing information, newsletters, telemarketing calls or SMS) about us and our affiliates and partners, including information about our products, promotions, content or events as necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in conducting direct marketing or, alternatively, to the extent you have provided your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation. Please see the “Your rights” section, below, to learn how you can control the processing of your personal data by DI2X.
• Processing job applications and recruitment. In general, applicants are not requested to sign a consent statement, as the processing of personal data during a recruitment process is based on our legitimate interest, cf. article 6(1)(f) of the General Data Protections Regulation. All data regarding applicants is deleted after ended recruitment processes. If deemed necessary to keep data on applicants after a recruitment process or from unsolicited applications, or if we wish to receive further information, e.g. references and personality tests, the applicants shall be requested to sign a consent statement, cf. article 6(1)(a) of the General Data Protection Regulation, distributed by the hiring manager.
• Carry out our obligations arising from the Service Agreement with our customers. If you as a contact person for your employer have negotiated and entered into an agreement regarding the use of Di2X software, we process your personal data on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation. If you are the owner of a sole proprietorship, we process your personal data in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Contact you for your feedback on our services and to help us evaluate and improve our services, for example by acting on any information you have provided to us to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation
• Notify you about changes to the software and any other services of ours that you use, including informing you about new features, functionality and service offerings. This processing can be based either on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation or in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Deal with any questions, correspondence, concerns or complaints you might have, or that have been raised by or concerning third parties (such as your employer) involving you and any issues caused by your use of Di2X software. This processing can be based either on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation or in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Complying with legal obligations. We process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in protecting against misuse or abuse of our website, protecting personal property or safety, pursuing means available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
We may share your personal data with selected third parties in accordance with this Privacy Policy, including:
• Subprocessors, service providers (for example of IT services), business partners and/or suppliers, in the course of undertaking marketing activities, including Microsoft, WordPress and MailChimp, who provide marketing, referrals and CRM management, training, sales and delivery services.
• Analytics and search engine providers that assist us in the improvement and optimization of our marketing activities and the analysis of data supplied via the platform for contact enrichment and lead generation purposes, including Google, Hotjar, LinkedIn, Facebook, MailChimp and Twitter
• Sub-processors, service providers (for example of IT services), business partners and/or suppliers for the performance of any contract that we enter into with your employer. This includes Titan, which is based on Microsoft® Azure who provide cloud hosted infrastructure and services used by us and NTT, our vendor, to operate our web-based tools as a hosted solution and MailChimp and WordPress who provide communication tools and functionality.
• The government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information).
We require all our third party service providers and partners to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
• If we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
• If DI2X or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets;
• To our legal advisers if they need to have access to this information in order to advise us on our legal rights and obligations; and
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or other contracts between us and you or your employer (if applicable); or to protect the rights, property or safety of us, our customers or others.
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
All of the data in the DI2X software, that our customers submit, is hosted within the EU. But some of our service providers for analytics, communication and support infrastructure are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to undertake marketing, sales and support activities.
We have put in place appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the EU laws on data protection, including putting in place written contractual agreements to meet EU-approved data protection obligations.
We maintain appropriate technical and organizational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorized access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this Privacy Policy or with our legal rights and obligations.
We will retain your personal data for a period consistent with the original purpose of collection (see the “How we use your personal data” section above). We determine the appropriate retention period for personal data on the basis of the amount, nature and sensitivity of your personal data processed, the potential risk of harm from unauthorized use or disclosure of your personal data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
Please keep in mind that aggregated and anonymized data and information other than personal data can be stored indefinitely.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy. If you disclose someone else’s personal data to us, you confirm that you have their consent to disclose this to us and for us to use and disclose it in accordance with this policy.
You have the following rights in regards to your personal data:
• Access. You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
• Right to object to processing. You can object to processing of your personal data where that processing is being undertaken by us on the basis of our legitimate interest (or a third party’s). In such cases we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You can also object at any time to the processing by us of your personal data for direct marketing purposes.
• Rectification. You have the right to request that we rectify any inaccurate personal data that we have about you.
• To be forgotten. To the extent permitted by applicable data protection laws, you have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. We also reserve the right to retain your personal data in an anonymized form for statistical and benchmarking purposes.
• Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
• Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies.
• Automated processing. Not to be subject to a decision which produces legal effects based solely on automated processing, including profiling, (“Automated Decision-Making”) without your explicit consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) in accordance with applicable data protection laws. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Or we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
To update billing information on behalf of your employer (where your employer is an existing DI2X customer), discontinue your account and/or request return or deletion of your personal data or to exercise any of your other rights, please contact us by email at DI2X@DI2X.com. Please allow at least 7 working days for such requests.
If we process your personal data for the purpose of sending you marketing communications, you may manage your receipt of marketing, sales and non-transactional communications from DI2X by clicking on the “unsubscribe” or “update subscription preferences” link located on the bottom of our sales and marketing emails, by unsubscribing if you receive DI2X SMS communications, or by writing to us at DI2X@DI2X.com.
Please note that opting out of marketing communications does not opt you out of receiving important service communications related to your current relationship with us, such as communications about any contract you have entered into with us, event registrations, service announcements, customer support or security information.
Any changes we may make to our Privacy Policy will be posted on this page and where appropriate may be notified to you by email. Continued use of the website will signify that you agree to any such changes.
We are committed to resolving any privacy concerns you have. However, if you feel we have not addressed your specific concern, you have the right to make a complaint at any time to the relevant supervisory authority in your country responsible for data protection issues. You can contact us by emailing di2x@di2x.com or writing to us at our address, which is at the top and bottom of this page.
This Privacy Policy is updated when deemed necessary. It was last updated May 4th 2022.