SAAS DATA PRIVACY POLICY
SAAS DATA PRIVACY POLICY
1. Policy
It is the policy of Odyssey Validation Compliance Ltd (“OdysseyVC”), and our parent company, ATS Corporation (“ATS”), to ensure the privacy and security of Personal Data from our hosted software applications, CompliantCloud VIEW (“Services”) and ensure it is managed in a manner that is compliant with applicable regulations.
2. Purpose
The purpose of this policy is to clarify what Personal Data from our Services may be maintained by OdysseyVC and how it is managed in the course of fulfilling our obligations as a service provider according to the OdysseyVC Terms of Service executed between OdysseyVC and our customer. It also informs users and customers of our Services of their rights regarding this data.
3. Scope
This policy applies to personal data collected and processed through Services owned and controlled by OdysseyVC.
4. Policy / Procedure
4.1 COMMITMENT TO DATA PRIVACY COMPLIANCE
OdysseyVC is committed to compliance with all applicable country-specific data privacy laws, including but not limited to, the EU General Data Protection Regulation (GDPR). Protecting the privacy and security of your Personal Data is of the highest importance to OdysseyVC; therefore, we conduct our business by abiding by applicable laws on data privacy and data security.
This Privacy Policy outlines OdysseyVC’s policies and practices for the collection, use, processing, storage, hosting, transfer, and disclosure of information that we may collect about you through our Services. This SaaS Data Privacy Policy is published on https://viewsupport.compliantcloud.com/ and continued use of our Services is accepted as understanding the terms of this Privacy Policy and the processing of information about you as described herein. The collection, use, storage, transfer and disclosure of your Personal Data will be strictly limited to the terms for which you provide your authorization. For the purpose of this Policy, the reference to Personal Data includes the term “personally identifiable information.”
This Privacy Policy covers all OdysseyVC Services.
4.2 PERSONAL DATA
Through our Services, OdysseyVC will not collect any Personal Data about you (e.g., your name, address, telephone number or e-mail address), unless you voluntarily choose to provide us with it or unless otherwise permitted by applicable laws and regulations for the protection of your Personal Data.
4.3 PURPOSE OF USE
When you voluntarily provide us with Personal Data, we will use it only for the purpose for which you have provided it, for example, access to OdysseyVC Services, response to enquiries, provision of information related to OdysseyVC products, services, and events.
We may store and process Personal Data and share it with our worldwide affiliates to better understand your business needs and how we can improve our products and services.
We do not sell or otherwise market your Personal Data to third parties.
4.4 INFORMATION THAT WE COLLECT AND USE
We collect Personal Data as long as needed to provide Services to our Customer. Examples of personal information are name, address, telephone number, e-mail address, company name, position and any other contact details you willingly provide to us. For a complete list of all data elements that we collect and the use of those data elements, contact us at privacy@atsautomation.com.
No Personal Data is collected, used, accessed, stored, transferred or distributed without your authorisation unless absolutely required to manage our Services or respond to a request you have made unless allowed under local law. At any time, even after you have given authorisation, you can opt out of receiving these communications.
We may use the information that we collect to improve our Services by incorporating information that is relevant to our customers, to notify customers about updates to our Services, to contact customers for purposes that are related specifically to their needs, and to communicate with our partners. This information is not shared with other organisations for any reason, commercial or business, without your prior explicit consent.
We may use third-party entities to provide valuable services on our behalf. We will only share your Personal Data with them in a legally compliant manner. Third parties with which we share your information are bound by all relevant data privacy laws, terms of confidentiality, contractual agreements, including data processing agreements, and this Privacy Policy. Our third-party providers are required to also have equivalent and compliant Privacy Policies. Please contact privacy@atsautomation.com with any questions related to our third-party providers.
You may request to have your information corrected for inaccuracies or deleted by contacting us at privacy@atsautomation.com or at the address at the end of this document. All privacy related matters are handled by our ATS VP legal and Global Compliance and our Global Data Protection Officer. Any requests sent to the postal address at the end of the document will be coordinated with those individuals.
The company does not sell, rent, or trade your Personal Data with third parties for any purpose.
We will retain your personal information for the length of time needed to fulfil the purposes outlined in this Privacy Policy and/or in accordance with applicable data retention regulations.
4.5 PURPOSE LIMITATION
OdysseyVC will collect, use or disclose Personal Data supplied by you only for the purposes disclosed to you, unless the disclosure:
· Is a use of the Personal Data for any additional purpose that is directly related to the original purpose for which the Personal Data was collected
· Is necessary to prepare, negotiate and perform a contract with you
· Is required by law, governmental or judicial authorities
· Is necessary to establish or preserve a legal claim or defence, or for any other legal purpose
· Is necessary to prevent fraud or other illegal activities, such as wilful attacks on OdysseyVC information technology systems.
4.6 COMMUNICATIONS OR UTILISATION DATA
Through your use of telecommunications services to access our Services, your communications data (e.g. Internet protocol address) or utilisation data (e.g. information on the beginning, end and extent of each access, and information on the telecommunications services you accessed) are technically generated and could conceivably relate to Personal Data. To the extent that there is a compelling necessity, the collection, processing and use of your communications or data will occur and will be performed in accordance with the applicable data protection legal framework.
4.7 SECURITY
To protect your Personal Data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure or access, OdysseyVC uses industry standard technical and organisational security measures.
4.8 DATA SECURITY BREACHES
To protect your Personal Data from unauthorised access and use, or accidental loss and destruction, OdysseyVC has implemented security controls and intrusion detection software to notify us in the case of any potential or actual invasion of our systems. We have established an Incident Response Team that has been trained to react to any unauthorised access of our databases and systems. Should any data security breach occur that materially and negatively impacts your Personal Data, you will be notified as soon as possible once the breach has been determined.
4.9 RIGHT TO BE FORGOTTEN
OdysseyVC is committed to taking all reasonable steps necessary to ensure that any data you request to be forgotten, and can be erased with existing technology, will be erased.
However, any data you provide to our Services that you agree to make available to third parties or for which you make public, is outside the boundaries of which OdysseyVC can erase. OdysseyVC will, where technically possible, erase your data if you feel it is being held for longer than needed or if you request the right to be forgotten. However, OdysseyVC will not be able to erase your data if:
· It is technically impossible; or
· It is required to be retained for legal reasons (if mandated by local law).
4.10 QUESTIONS AND COMMENTS
OdysseyVC will respond to reasonable requests to review your Personal Data and to correct, amend or delete any inaccuracies. If you have any questions or comments about our SaaS Data Privacy Policy (e.g. to review and update your Personal Data), please send us your questions and feedback. You can contact us by sending an email to privacy@atsautomation.com or by writing to us at the following address:
Odyssey Validation Compliance Ltd (OdysseyVC) 2nd Floor, Railway House
The Waterways, Sallins, Naas Co. Kildare, W91 AWR0, Ireland
As the Internet, technology and our systems mature, so will our SaaS Data Privacy Policy. We will post changes to our SaaS Data Privacy Policy on https://viewsupport.compliantcloud.com/. Please check this page regularly to keep up to date.
5 Document History
Version
Description
By
Date
V01
New Policy
SMF
28 Sept 2023