BSA VERAFIRM SAM CERTIFICATION WEBSITE PRIVACY & COOKIES STATEMENT
Effective Date: [February 22, 2019]
BSA | The Software Alliance and its branch offices worldwide (collectively, “BSA”) believe that addressing data protection, privacy and security requirements is critical. To this end, this Website Privacy & Cookies Statement (“Privacy Statement”) describes how BSA collects, uses, shares, and otherwise processes individually identifiable data (“Personal Data”) about visitors to this Site (defined below) as well as current and prospective members, government, media and policy contacts, job applicants, software copyright infringement reporting contacts, compliance marketing contacts and educational course participant contacts. This Privacy Statement applies to Personal Data that we collect through BSA’s Verafirm SAM Certification public websites, mobile applications, and other online properties (each, a “Site”), as well as through trade shows, events, research, and other offline means, or from third parties.
Here are key points about our Personal Data practices:
- Collection and Use: As a leading advocate for the global software industry before governments and in the international marketplace, we collect name, contact details, and other Personal Data in the context of our advocacy and our software compliance marketing and educational activities. We use Personal Data to engage with members of the global software industry, governments, policy makers and others to advocate for the global software industry, manage our members accounts and maintain business operations, process job applications, provide relevant marketing and outreach, facilitate our software compliance, marketing and educational activities, and to fulfil other business and compliance purposes.
- Sharing: We may share Personal Data within BSA, its affiliates, and with other parties to provide BSA services, to improve the Site, to comply with applicable law, to provide educational offerings and recognize related achievements and certifications.
- Security: We maintain reasonable security controls to protect Personal Data from unauthorized access and use, as well as to meet the requirements of applicable law, and require our service providers by contract to do the same.
- International Transfers: We maintain appropriate protections for cross-border transfers as required by applicable law.
- Retention and Storage: We keep Personal Data for as long as necessary to provide our Site and services, operate the BSA organization, and comply with legal obligations.
- Children: We do not target nor knowingly collect any Personal Data from children under the age of 16.
- Rights: You may request access to your Personal Data and exercise certain rights by contacting us.
- Choices: You have choices regarding how we use and share your Personal Data for marketing and other purposes.
- Links to Other Websites: The Site may include links to third-party websites that are not governed by this Privacy Statement.
- Changes to this Privacy Statement: We will notify you of any material changes by posting the updated version of this Privacy Statement and taking other steps as needed under applicable law.
- Contact Us: Please contact us as detailed below with any questions.
The categories of Personal Data we collect, which may be collected both on the Site and offline, and our uses of Personal Data depend on the context, as described below:
- Site visitors: We collect the following information from Site visitors, including those who request further information about BSA and its services, to the extent they provide it to us: name, title, company, job responsibilities, phone number, mailing address, email address, and contact details (collectively, “Contact Data”), as well as information related to requests from Site visitors, including information or newsletter requests, subscriptions, downloads, and username/passwords used to access our Site (if necessary) (collectively, “Registration Data”). In addition to Personal Data provided by Site visitors, we may also collect the following information about the device used to access our Site: computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites, (collectively, “Device Data”). Note, however, we do not consider Device Data to be Personal Data except where we link it to you as individual or where applicable law provides otherwise. We use this data to facilitate our Site and its services, make our Sites more intuitive and easy to use, respond to inquiries and requests, provide our services, manage accounts, maintain business operations, maintain our contacts, provide relevant marketing and materials, protect the security of the Site and our systems, address compliance and legal obligations, and interact with Site visitors (collectively, “General Uses”).
- Educational Course Contacts: We may collect Contact Data and/or Registration Data about individuals and individual contacts at third party organizations directly from individuals and from third parties related to our efforts to educate businesses and individuals regarding software asset management and IT asset management and provide certification to individuals who have completed the educational course(s) (collectively, “Educational Course Uses”). We may also collect online identifiers and associated content of such contacts (e.g., username/screen name). We use this data for General Uses and Educational Course Uses.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning individuals (e.g., not offering an employment opportunity) or that otherwise significantly affects individuals.
Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Data. We have several different legal grounds on which we collect and process Personal Data, including: (a) as necessary to perform a transaction (such as when we respond to your requests); (b) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (c) consent (where you have provided consent as appropriate under applicable law); and (d) as necessary for legitimate interests (such as when we act to maintain our business generally or to pursue our rights or the rights of our members).
We may share Personal Data with:
- Within BSA. We may share Personal Data with BSA branch offices and affiliates worldwide to centralize administration and business management.
- Service Providers. We may share Personal Data with unaffiliated third-party service providers to enable such third parties to perform functions on our behalf and under our instruction. The purposes for sharing may be to maintain and provide the Site or our products and services, or to help us comply with applicable laws and regulations. For example, we may engage third-party service providers to assist us with BSA mailing services, IT inventory analysis, advice, compliance marketing activities, or logistics. These service providers are not permitted to use Personal Data for their own purposes.
- With your consent, we may share Personal Data on our public-facing site to recognize individuals who have completed our certification course, however, this sharing will be limited to the name of the individuals who have successfully completed a course.
- With Your Consent. Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.
- Legal Obligations and Rights. We may share Personal Data in order to comply with any subpoena, court order or other legal process, or other governmental request. We may also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, including members, or to defend against legal claims.
We may also share statistical or other information that does not identify individuals personally with third parties.
BSA employs reasonable technical and organizational measures designed to protect Personal Data from loss, misuse, alteration or unintentional destruction. We also require that third-party service providers acting on our behalf also provide such reasonable security measures. However, no security measure can guarantee against compromise. While we take steps designed to protect Personal Data, you also play a role in protecting your Personal Data. You should not share any login information, including passwords, with anyone. If you have any reason to believe that your login information or password have been compromised, please contact us as detailed below.
We may transfer Personal Data to jurisdictions outside of the individual’s home country as necessary for the purposes described in this Privacy Statement, including to countries that may not provide the same level of data protection as the individual’s home country. We provide appropriate protections for cross-border transfers as required by law for international data transfers, including for Personal Data transferred to third parties. With respect to such transfers from the European Economic Area (“EEA”) to the United States and other non-EEA jurisdictions, we implement standard contractual clauses approved by the European Commission and other approved mechanisms to protect such Personal Data as required by applicable law. As permitted by such laws, individuals may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.
We will retain Personal Data for no longer than the period necessary to fulfil the purposes outlined in this Privacy Statement and as otherwise needed to comply with applicable law and our internal policies.
BSA does not knowingly collect Personal Data from children under 16 through operation of the Site. If BSA has actual knowledge that Personal Data about a child under 16 years old has been collected, then BSA will take the appropriate steps to delete such Personal Data.
As permitted by applicable law, you may have the right to obtain confirmation of the existence of certain Personal Data relating to you, to verify its content, origin and accuracy, as well as the right to access, review, port, delete or to block or withdraw consent to the processing of certain Personal Data (without affecting the lawfulness of processing based on consent before its withdrawal), by contacting us as detailed below. Before acting on any such request, BSA will need to verify your identity. To the extent BSA does not have sufficient information about you or is unable to verify your identity, we may not be able to honor your request. Please note that we may need to retain certain Personal Data as required or permitted by applicable law.
You have the following choices regarding our use and disclosure of your Personal Data:
- Marketing Communications. If you no longer wish to receive any marketing communications or remain on a mailing list to which you previously subscribed, please follow the unsubscribe link in the relevant communications or contact us using the link below.
- Cookies and Similar Technologies. Please review your browser or computer settings for certain cookies and see below to exercise certain choices regarding cookies.
In accordance with applicable law, BSA uses and allows third parties to use essential and non-essential cookies, web beacons and similar technologies (collectively, “cookies”) on our Site.
What are cookies?
Cookies are small amounts of data that are stored on your browser, device or the page you are viewing. Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognized when you return to a website. More information about cookies and how they work is available at www.allaboutcookies.org.
We also allow certain third parties to place cookies on our Site in order to collect information about your online activities on our Site over time and across different websites you may visit. This information can be used to provide advertising tailored to your interests on websites you may visit, also known as interest-based advertising, and to analyze the effectiveness of such interest-based advertising.
Cookies on our Site are generally used for the following purposes:
- Strictly Necessary Cookies: These are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies that are erased when you close your browser.
- Analytical/Performance Cookies: These allow us to recognize and count the number of users of our Site and see how such users navigate through our Site. This helps improve how our Site works, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies, which are erased when you close your browser.
- Functional Cookies: These improve the functional performance of our Site and make it easier for you to use. For example, cookies are used to remember that you have previously visited the Site and asked to remain logged into it. These cookies are session cookies, which are erased when you close your browser.
- Targeting Cookies: These record your visit to our Site, the pages you have visited, and the links you have followed, to recognize you as a previous visitor and to track your activity on the Site and other websites you may visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during the next visit to our Site. You can delete these cookies via your browser settings. We will not collect these cookies from individuals in the EEA without proper consent.
What are your options if you do not want cookies on your computer?
- You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Sites, and you may be required to re-enter your log-in details.
- Adobe also provides an opt-out mechanism to the public for websites using cookies set from Adobe’s 2o7.net and omtrdc.net domains. This opt-out mechanism can be accessed from the Adobe Privacy Center.
- To learn more about certain cookies used for interest based advertising by third parties, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings, if you have the DAA or other mobile app.
Do-Not-Track Signals. We currently do not employ technology that recognizes “do-not-track” signals from your browser.
The Site may contain links and references to other internet websites administered by BSA or its affiliates where this Privacy Statement may not apply, as well as unaffiliated third-party websites. When you click a link to visit a third-party website, you will be subject to that website’s privacy practices. We encourage you to familiarize yourself with the privacy and security practices of the linked third-party websites before providing any Personal Data on those websites.
BSA may update this Privacy Statement from time to time as our organization’s strategy and focus changes, or as required by law. The effective date of our Privacy Statement is posted above, and we encourage individuals to visit our Site periodically to stay informed about BSA’s privacy practices. We will post the updated version of the Privacy Statement on our Site and ask for consent to the changes if legally required.
If you have questions or comments regarding this Privacy Statement or BSA’s privacy practices, please contact us at GlobalPrivacy@bsa.org.
You may also have a right to lodge a complaint with a supervisory authority.