Scantrust portal privacy notice

Last update: June 18th, 2024

This privacy notice informs you about how Scantrust collects, uses, and protects your personal data when you make use of the Scantrust platform.

The data controller responsible for your personal data is:

Scantrust S.A. [“we”, “us”, “our”]

EPFL Innovation Park, PSE-D
CH-1015 LAUSANNE
Switzerland

contact@scantrust.com

1. How we use your personal data

1.1 We use your personal data to enable you create an account and log you in to the platform as an administrator or user. To create an account, you will have to provide an email address, password, the name of your organisation and role. We rely on the performance of a contract to process this information. Customers who make use of the Scantrust platform are able to also use the Scantrust enterprise App on the go. We require login credentials to secure customers’ enterprise accounts both on the Scantrust platform and the Scantrust enterprise application. We will retain this information until the end of the customer relationship / contract.

1.2 To ensure the security of the platform and assess, detect and prevent system attack and abuse, we process your IP address and delete it after 100 days. We also maintain server logs and rely on our legitimate interest to secure our software environment and infrastructure. We process the scan time, device model, serial number, scan reason (query or verify) and IP address for this purpose and delete the information after 100 days.

1.3 We make use of tracking technologies to remember user preferences, maintain sessions and track user behaviour on the platform. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting help us achieve this purpose. We process usage data such as IP address, time of request, mode of server request, country, type of browser, type of operating system and session duration. We retain this information for the duration of the user’s session only. We do this in our legitimate interest to gather usage data for continuous platform improvement.

1.4 In order to grant access to the staging environment on the Scantrust platform before going live, we collect your first and last name, email address, job title, the name of your organisation and phone number. We rely on the performance of a contract for granting access to our staging environment. We retain this information until the end of the customer relationship.

1.5 When you request help or support, we respond to ensure that you receive the help you have requested and that you are able to continue the seamless use of the Scantrust platform. In order to provide support, we process your name, email address, the name of your organisation, the type of enquiry (general, product feedback, billing, change request, onboarding/training, etc.), business impact (urgent, high, medium, low), company plan (Scantrust enterprise, etc.), the support request message and any attachments (file, image) you include in your message. We rely on the performance of a contract in providing the support you request. Information is deleted after the end of the customer relationship.

2. Cookies and tracking technologies

As stated in section 1.3, we make use of cookies and other tracking technologies to gain insight into usage patterns. The table below highlights the cookies and trackers we make use of on the Scantrust platform:

 

Cookie or tracker Provider Type Category Duration
Google Analytics Google Persistent Analytics Until device cache is cleared i.e as long as the tracker is retained on the device
Plausible Plausible Persistent Analytics Until device cache is cleared i.e as long as the tracker is retained on the device

 

When you make use of the Scantrust platform, your personal data may be transferred to, and processed in, countries outside of the EU. These transfers are conducted in compliance with the GDPR. We take measures to safeguard your data by implementing appropriate safeguards, such as:

  • Transferring data only to countries on the adequacy decision list approved by the European Commission or
  • Entering into standard contractual clauses approved by the European Commission with the recipient of data

For a full list of the third parties we make use of, please see section 5 of the Scantrust privacy notice [link].

For a general description of the technical and organisational measures we implement to safeguard personal data, please see section 6 of the Scantrust privacy notice [link].

3. Data subject rights available to you

The following rights are available to you as provided under the GDPR:

  1. The right of access

You have the right to obtain information about what data we process about you, the purpose(s) of the processing, the recipients of the data and the duration of storage.

  1. The right to rectification

You have the right to request the rectification of inaccurate data or incomplete data.

  1. The right to erasure

You have the right to request deletion of your data where:

  • Data is no longer necessary
  • You have objected to the processing under our legitimate interests and no convincing evidence was provided that these interests override your freedoms and liberties
  • The processing takes place unlawfully
  1. The right to restriction

You have the right to request that your data is restricted for further processing in the following cases:

  • You contest the accuracy of the data;
  • You believe the processing is unlawful;
  • You believe your data is no longer needed in relation to the purpose of its collection.
  1. The right to portability

You have the right to receive the personal data we process about you in a structured, commonly used, machine-readable format, and to request the direct transmission of that data to another organisation of your choice.

  1. The right to object

You have the right to object to processing carried out in our legitimate interest. Processing will be ceased until we have been able to demonstrate compelling legitimate grounds overriding your rights and freedoms.

  1. The right to lodge a complaint with a supervisory authority

You have the right to contact a data protection authority of your choice and formulate a complaint. We kindly request that you contact us first to mutually find a solution in case of any concerns.

4. Data Protection Officer (DPO) contact

Our Data protection Officer appointed by Scantrust B.V. in the Netherlands monitors and oversees data protection compliance in all Scantrust entities. We encourage you to contact us at DPO@scantrust.com to exercise your data subject rights or if you have any privacy related concerns. If you are not satisfied with the way that we have handled your request, you have the right to lodge a complaint with the supervisory authority.

The details of the responsible supervisory authority in Switzerland are:

The Dutch Personal Data Authority

Hoge Nieuwstraat 8

2514 EL The Hague

(+31) – (0)88 – 1805 250

https://autoriteitpersoonsgegevens.nl/

Postal address

PO Box 93374

2509 AJ The Hague

5. Changes to this privacy notice

This privacy notice may be modified at any time to keep up with updates to the Scantrust platform. The date of the last update is visible at the top of this page. Each visit or interaction with the platform is subject to the latest version of this privacy notice.