Who are we?
We are DNV GL Business Assurance Group AS, a Norwegian registered company of Veritasveien 1, 1363 Høvik, Norway, registration number 945 748 931 ("we" "our" " us" or "DNV GL"). The website www.dnvglviewpoint.com "ViewPoint" is maintained and provided to you by Toluna UK Ltd and managed by DNV GL.
ViewPoint is a customer exclusive initiative which provides its members with an opportunity to voice opinions and receive research insights before it is shared with the public. The topics are closely related to our assurance services and considered to be an extended value-added benefit complementing the service delivery under the contract.
What is our Privacy Commitment to you?
DNV GL's general privacy statement: https://www.dnvgl.com/privacy/index.html
We respect your privacy and are committed to protecting your personal data. This privacy notice describes how we collect, use, share and secure personal data you provide on www.dnvglviewpoint.com (the " site") when you become a community member and participate in surveys and/or research studies ("surveys"). It also explains your privacy rights and how laws that are applicable to you may protect you.
This Privacy Notice tells you about:
- Who are we?
- What is our Privacy Commitment to you?
- What personal data do we collect about you and how do we use your personal data?
- Who do we share your personal data with?
- Do we transfer your personal data to other countries?
- What cookies do we use on the site?
- What other tracking technologies do we use for surveys you participate in and for other purposes?
- How do you access your information; use the member services area and/or update, correct or delete your information?
- How do you ask a question or make a complaint?
- What security measures do we undertake to protect your personal data?
- How do you leave ViewPoint?
- What are our data retention and destruction policies?
- Your legal rights
- Legal basis for personal data processing
- Who is the data controller?
- Changes to the privacy notice and your duty to inform us of changes
- Privacy contact details
What personal data do we collect about you and how do we use your personal data?
When you agree to become one of our community members, you are able to participate in our surveys, read relevant news and participate in a discussion forum to interact with community members. We will ask you to complete the registration form on the site or via links displayed on our websites. As part of your registration, you will provide us with your Contact data and we will through your participation in the surveys obtain certain other data about you, such as profile data (e.g. role in company, turnover of company, employees of company, industry sector).
Categories of personal data we may process about you may contain
- Contact data - email address, name (includes first, last), gender (not compulsory), country.
- Identity data - panellist id and username if so generated by the system.
- Technical data - login data, date/time stamp.
We use your Identity data and Contact data for:
- Contacting you for any reason connected with your panel community membership, e.g. sending you relevant news and survey results;
- Sending you invitations for your participation in surveys - to ask you if you are interested in participating in our upcoming surveys.
We use your Profile data for matching you with appropriate surveys to see if you qualify for particular surveys and for statistical purposes.
Who do we share your personal data with?
All of the responses we collect from you via our surveys are aggregated and anonymized before sharing findings. This means that information coming from our analysis is provided about groups of individuals based on profiling and not on an individual level.
As Toluna is our data processor and provides the platform, upon which the site is hosted, Toluna processes all personal data we process about you as part of your community membership. We require Toluna to respect the security of your personal data and to treat it in accordance with the law. We do not allow Toluna to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Do we transfer your personal data to other countries?
From time to time your personal data is transferred from a Toluna company that is located in the European Union to a country that has not been recognised as providing equivalent protection. Toluna has put in place transfer agreements using the standard model contracts for the transfer of personal data to third countries as decreed by the European Commission.
Toluna USA Inc., - EU-U.S. and the Swiss-U.S. Privacy Shield Framework
Toluna's global back up and hosting service centre is located in the USA. Toluna USA Inc., ("Toluna USA") is a member of the ITWP group of companies and all data that Toluna uses are transferred to Toluna USA for those purposes. Toluna USA recognises that the EEA (including Switzerland) have established strict protections regarding the handling of personal data from the EEA, including requirements to provide adequate protection for such personal data transferred outside of the EEA. Toluna ensures that it provides adequate protection for certain EEA personal data about individuals (including about you and Toluna corporate clients, suppliers, business partners, job applicants and employees. Toluna USA has therefore elected to self-certify to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). Toluna USA is responsible for the processing of personal data it receives, under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf for the purposes of providing back up services to ensure the security of your personal data. Toluna USA adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms of this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
For the purposes of enforcing compliance with the Privacy Shield, Toluna is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at https://www.privacyshield.gov. To review Toluna's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at https://www.privacyshield.gov/list .
What Cookies do we use on the site?
Cookies are used on the site for analysis to distinguish you from other users of the site and for facilitating login procedures on the ViewPoint portal, helping us to provide you with a good experience when you browse our site and allowing us to improve the site.
In case personal data is processed in the course of using cookies and/or similar technologies that are used for other purposes, e.g. improving our website or marketing purposes, the processing is based on Article 6 (1) lit. f GDPR and represents our legitimate interest in maintaining our user base, bringing new users to the Website and informing (potential) users about services organized and provided by DNV GL.
How do you access your information; use the member services area and/or update, correct or delete your information?
Upon request, we will provide you with information about whether we hold any of your personal data. You may access, correct, or request deletion of your personal data, or terminate your membership by logging into your Community Account. By following the appropriate directions, your information should be automatically updated in our database. For these purposes, and if you are unable to correct your personal data yourself via your Community Account you may write to us at the postal address found at the end of this Privacy notice, or contact us at https://www.dnvglviewpoint.com/contact-us . We will respond to all requests within a reasonable timeframe.
How do you ask a question or make a complaint?
You can direct any questions or complaints about the use or disclosure of your personal data to our data protection officer via firstname.lastname@example.org. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal data within 30 days of receiving your complaint.
What security measures do we undertake to protect your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or supervisory authority of a breach where we are legally required to do so.
How do you leave ViewPoint?
You can terminate your membership at any time by unsubscribing from the Community; this can be done by email or by logging into your account and clicking Contact Us in the footer of the web page and selecting "I would like to unsubscribe". You can request us to erase your personal data by email or by logging into your private area on web page and selecting "Please erase my personal data (this will cancel my participation)". Please note that we do not generally send confirmations unless you request it explicitly in your email.
If you are a Community member and terminate your membership by unsubscribing, you will no longer receive communications from us and we will no longer use your Contact data and Identity data. If you terminate your membership by requesting to erase your personal data, your contact data and identity data will be deleted from the Community. Historical data is only stored for archival purposes and we will process your personal data in accordance with our backup procedures, your personal data are eventually destroyed in accordance with our data retention policies and we will continue to employ the security procedures and technologies to keep your personal data safe.
What are our data retention and destruction policies?
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can ask us to delete your data: see the section entitled Your legal rights below for further information.
As the results of the surveys and other aggregated data are used for research and/or statistical purposes, we and other third parties may use this information in accordance with the terms indefinitely without further notice to you.
Your legal rights
You have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out above, please contact us.
You have the right to:
- request access to your personal data and we may conduct ID checks before we can respond to your request.
- have your personal data erased, corrected or restricted if it is inaccurate or requires updating. You may also have the right under certain circumstances to request deletion of your personal data; however, this is not always possible due to legal requirements and other obligations and factors. You can update your account information via your Account or by contacting us at the address given below.
- object to the processing your personal data if we are not using your personal data for the purposes set out in this privacy notice.
- have your personal data transferred to you or to a third. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- make a complaint at any time to a data protection regulator. A list of National Data Protection Authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. We would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator so please contact us in the first instance.
Legal basis for personal data processing
ViewPoint is a customer exclusive initiative which provides its members with an opportunity to voice opinions and receive research insights before it is shared with the public. The topics are closely related to our assurance services and considered to be an extended value-added benefit complementing the service delivery under the contract. Given the nature of the relationship, we use legitimate interest as the legal basis for communicating information related to ViewPoint. You may of course opt out at any time by accessing the preference centre in the footer of the e-mails you receive or by sending an e-mail to email@example.com.
Who is the data controller?
DNV GL Business Assurance Group AS with whom you registered with as a community member is the controller and responsible for your personal data.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO via firstname.lastname@example.org.
Changes to the privacy notice and your duty to inform us of changes
This version was last updated on the date at the top of this privacy notice.
If we decide to change our privacy notice, we will post those changes on the homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy notice at any time, so please review it frequently. If we make material changes to this notice, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.
It is important that the personal data we hold about you is accurate and current. Please keep your Account details updated if your personal data changes during your relationship with us.
Privacy contact details
You may contact us by writing to:
The Data Protection Officer
DNV GL Business Assurance Group AS