This notice describes how we collect, store, use, and share personal information if you visit the website www.pciportal.info. It explains the rights you have in relation to the personal information that we hold about you.
As of the 31st January 2020, the UK is no longer part of the EU. However, the UK government translated the majority of the EU GDPR into UK law. Therefore, all material requirements remain the same and all references to the GDPR in this Privacy Notice relate to both the UK and EU.
If you based in Mexico, the law doesn’t apply to people acting in a professional capacity. We are also not directly in scope for the Californian Consumer Privacy Act (CCPA). However, the collection and use of your information will remain the same so you can still review this Privacy Notice if you’d like to know more.
Who we are
When we say ‘we’ or ‘us’ in this notice, we’re referring to VikingCloud, Inc whose registered address is at 70 W Madison Street, Suite 400, Chicago, IL 60602, together with our affiliates and our parent company Sysxnet Limited.
(registered address at 1st Floor Block 71A, The Plaza, Park West Business Park, Dublin 12) (collectively “VikingCloud”)”.
Where do we get your information from?
- We collect information from you when you;
- Visit our website
- If you consent to cookies
What kinds of information do we collect about you?
- When you visit our website
- Website server logs – we automatically collect server logs which contain your IP address and your approximate location (town / city level).
- Cookie information – if you consent to cookies, we will track how you use our site to analyse and improve our site. We will always set a cookie that remembers your preference (whether you selected Allow or Decline).
- If you consent to cookies
- we collect your IP address along with details of your visit (what pages you visited and date/time) and where you came from (the website you were on before you navigated to our site). When analytics cookies are first agreed to, a new, unique, cookie ID is generated for you.
What cookies do we use?
We use some cookies which are essential to operate the website. We also set Google Analytics cookies if you consent, using our cookie banner. See details below;
How do I change my cookie settings?
You can change your cookie preferences at any time by clicking on the cookie icon. You can then adjust the available sliders to ‘On’ or ‘Off’, then clicking ‘Save My Preferences’. You may need to refresh your page for your settings to take effect.
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
How do we use your personal information, and what are our legal grounds?
Worldwide, a number of Data Protection laws require organisations to process personal information only where we have a ‘lawful basis’ (i.e. we our use of your information is necessary to meet one of the ‘good reasons’ listed in your local law). This section will explain the legal basis/es applicable in your country.
Please make sure you read the ‘Use of your Information’ column below regardless of your location.
- Australia – a legal basis is not required (as we don’t process sensitive information)
- Brazil – see the table below, as the same reasons used in the EU also apply under your local law (Lei Geral de Proteção de Dados Pessoais, often referred to as LGPD).
- Canada – consent is required
- India – consent is required
- South Africa – see the table below, as the same reasons we use under the GDPR also apply under your local law (the Protection of Personal Information Act or POPIA).
Where we process your personal information based on consent as within Canada and India, this is not the same as consent under the GDPR (or similar laws such as Brazil’s LGPD or South Africa’s POPIA). The requirements for consent under the GDPR and similar laws mean consent can only be used in specific circumstances, i.e. where people have a free choice and their information can be deleted at any time.
Where we are using non-GDPR standard consent, we imply your consent by way of you providing us with your Personal Information and we make sure you’re informed by providing you with this Privacy Notice. However, please note that if you withdraw your consent then we may not delete your information if we have a good reason for keeping it.
Below you can see more detail on legal bases under the General Data Protection Regulation (broadly aligned to Brazil’s LGPD and South Africa’s POPIA);
Necessary for legitimate interests
We also use your information when we have a ‘legitimate interest’ as long as this doesn’t unfairly impact on you or your privacy rights. Each activity is assessed and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectations.
We’ll assess the information we need, so we only use the minimum. If you want further information about processing under legitimate interests you can contact us using the details below.
You also have the right to object to any use of your information where we use this reason of ‘legitimate interests’. We’ll re-assess our interests and yours, considering your particular circumstances. If we have a very strong reason for the use of your information, we may still continue to use your information. We use ‘legitimate interests; for the following:
At present, we do NOT respond to Do Not Track signals your browser sends. But you can use our cookie tool to let us know your preferences.
Who do we share your personal information with?
We share your personal information with other organisations. The organisations we share personal information with are as follows;
- Analytics providers
- Platform providers
- Website providers
- Security tool / service providers
- Cookie consent tools
- Government Bodies and Regulators
- Professional services providers and consultants, such as our bank, contractors, external auditors and lawyers.
- As part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganisation
We only share personal information where there is a requirement to do so, and where appropriate technical, organisational, and where necessary, contractual measures are in place in order to ensure its protection.
The information that we process about you will be stored in the United States. It may also be stored or accessed by authorised individuals who operate in a variety of countries, or who work for us or for one of our suppliers.
If you are based in the EU or UK we need to have specific protections in place to transfer your information to another country. We also need to let you know which methods we use.
- Some countries have been assessed by the relevant authorities as being ‘adequate’, which means their legal system offers a level of protection for your information which is equal to the level of protection in your country. This applies to some transfers of information within VikingCloud.
- Where the country or mechanism hasn’t been assessed as ‘adequate’, the method we use most frequently is Standard Contractual Clauses (SCCs). These contract terms place EU standards onto companies in other jurisdictions. The European Commission approved standard contractual clauses are available via the link below, or let us know if you’d like more information; https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
- We have SCCs in place to allow sharing between VikingCloud entities globally.
If you’re based in a country outside of the countries above, there may be local obligations we have to meet. See below for details of the additional controls which we will apply to protect your information;
- Australia – contractual commitments to comply with the Privacy Principles.
- Brazil – the Lei Geral de Proteção de Dados (LGPD) contains the same requirements as the GDPR in relation to international transfers. However, the
- Brazilian Authority (ANPD) has yet to issue approved terms. We have extended the EU SCCs to cover your information.
- Canada – clear privacy notices explaining the transfer. We also need to tell you who to contact for more information. Please contact the Global Data Protection Manager using details in the ‘Contact section below.
- India – at present, no restrictions are in place unless sensitive personal information is involved (which doesn’t apply here).
- South Africa – we must ensure a binding agreement is in place which ensures the Protection of Personal Information Act’s principles are upheld including when further transferring personal information.
How long do we keep personal information for?
For cookies retention periods, please see the section above (What Cookies Do We Use?).
Server logs will be retained until we no longer need them for security purposes, as set out in this Privacy Notice. We will base that decision on criteria, including;
- Any legal or regulatory requirement to delete information within, or retain the information for, a specific timeframe,
- Our legitimate business reasons for keeping the information, such as to analyse and investigate activities,
- The likelihood of a claim arising where we’d need to defend our conduct, and;
- Whether the information is likely to remain up to date.
We will review and delete or destroy personal information on a regular basis. If we are unable to delete or destroy personal information we will ensure that the personal information is encrypted or protected by security measures so that it is not readily available to or accessible by us.
Automated decisions / profiling
Automated decisions are where a computer makes a decision about you without a person being involved. Profiling is where information is used to infer information about you. We don’t make any automated decisions or profile you.
We align to the International Standard for Information Security, ISO27001, as well as that relating to Privacy, ISO27701. This involves setting up a system to manage risks around both information security and data protection / privacy, as well as putting in place measures and objectives to keep improving.
An example of a measure we take is to enforce TLS1.2 when transferring information externally / to our suppliers; TLS1.2 is a network protocol for encrypting information in transit.
Access to your information is only provided to our people who have a need to know. We implement role-based access control so only those with a relevant role are given permissions. We audit access on a regular basis.
There are a number of rights available under the global data protection and privacy laws These don’t usually require any fee and we must respond within 1 calendar month in most circumstances.
Not all rights apply in all situations and some regions have different timeframes. But to avoid this Privacy Notice getting too long, we have not included full details of timeframes and what applies here.
The easiest way to exercise any of your rights, enquire if a right is applicable in a specific circumstance or to check what timescales apply would be to contact our Global Data Protection Manager using the contact details below. If we need further information to comply with your request we’ll let you know.
Right of access / right to know
You have the right to ask for access to and receive copies of your personal information. You can also ask us to provide a range of information relating to how we collect / use your information.
Right to rectification / right to correct
If you believe personal information we hold about you is inaccurate or incomplete, you can ask us to correct that information.
Right of erasure / right to be forgotten / right to delete / right to anonymisation
In some circumstances, you have the right to ask us to delete and / or anonymise personal information we hold about you.
Right to restrict processing / right to have information preserved
In some circumstances, you are entitled to ask us to restrict processing of your personal information. This means we will stop using your personal information but we won’t delete it. Or you could ask us to NOT delete your information.
You have the right to ask us to provide your personal information in a format that allows you to share your personal information with another provider.
Right to object
You are entitled to object to us processing your personal information if the processing is based on legitimate interests. You also always have the right to object to our use of your information for marketing purposes.
Changes to this Privacy Notice
Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.
Our Global Data Protection Manager can be contacted using the following email address: email@example.com or alternatively by writing to 1st Floor Block 71A, The Plaza, Park West Business Park, Dublin 12.
Questions, comments and requests regarding the Privacy Notice are welcomed and should be addressed to firstname.lastname@example.org.
If you have any concerns about the ways in which we process your personal information, in many countries you have a right to complain to the relevant supervisory authority in your jurisdiction. We’d encourage you to contact us first, so we can address your concerns (some regulators require this before they’ll take up a complaint).
Please see below for details of the relevant regulators;