WHAT IS A COOKIE?
A cookie is a small file of letters and numbers that we store on your browser and/or hard drive of your computer, and is downloaded to your computer and/or mobile device when you visit our website.
- First party cookies: cookies that are set by a website that is being visited by the user at the time (e.g. cookies placed by https://www.netenrich.com/).
- Third-party cookies: cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website, this would be a third party cookie.
- Persistent cookies: these cookies remain on a user’s device for the period of time specified in said cookie. They are activated each time the user visits the website which created that particular cookie.
- Session cookies: cookies that allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
HOW TO DELETE AND BLOCK OUR COOKIES
HOW TO CHANGE COOKIE SETTING?
Internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. You should use the ‘Help’ option in your internet browser for more details.
We will perform a cookie audit on a regular basis, which will identify all cookies that our website installs, cookies’ owners, their purpose(s), whether or not they fall within the definition ’Strictly Necessary ‘for the service requested by the user, how intrusive the cookies are, and what steps should be taken to either remove the intrusive cookie(s) or obtain the user’s informed consent.
What Cookies Do We Use and Why?
To understand the specific cookies, we use on our website, please see below for details. However, please note that not all cookies may be used in all jurisdictions or websites.
The cookies used on our website are categorized as follows:
- Strictly Necessary
Strictly necessary cookies let you move around the website and use essential features like accessing your profile and posting feedback. Without these cookies, these services cannot be provided. Please note that these cookies do not gather any information about you that could be used for marketing or remembering where you have been on the internet.
We use these strictly necessary cookies to:
- Identify you as being logged in to our website; and
- Enable you to submit information via online forms such as registration and feedback forms.
Without the acceptance of these specific cookies, you prevent these cookies from performing therefore we cannot guarantee your use of our website and/or our site’s security functionality during your visit.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, such as your preferred language or the region that you are located in. We use these cookies to collect information about your choices and preferences. We may store settings and preferences of our logged-in users.
Statistic cookies help website owners understand how visitors interact with their websites by collecting and reporting the information anonymously. Similarly, we use this specific type of cookies to create anonymous statistics to understand which pages draw more traffic than others on our website. This information enables us to improve the website for all visitors without storing personal data.
Marketing cookies are used to track visitors across websites. The intention is to display targeted advertisements that are relevant and engaging for the individual visitor and thereby more valuable for publishers and third-party advertisers. We use this type of cookies to deliver many types of digital marketing. They store user data and behavioral information, which allows advertising agencies to target audience groups according to various factors, such as age, gender, location, interests, etc.
While accessing our website, some cookies may be sent from other websites such as Youtube, Facebook, Twitter, LinkedIn etc. These third-party cookies are responsible for having their own cookie and privacy policies. They are not under our control and we do not monitor or review them.
Before using third party cookies, please read and understand their cookie purpose and privacy policies.
Cross Border Data Transfer (CBDT) – Transfer of personal data by controllers established in the European Union (EU) to recipients established outside the territory of the EU/EEA who act either as controllers or as processors.
Data Exporter – The controller who transfers the personal data.
Data Importer – The processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with exporter instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
DPA – Data Protection Authority.
DTA – Data Transfer Agreement.
European Union and European Economic Area countries – The area set up by the EEA agreement, comprising the 27 Member States of the European Union and the three countries of EFTA (the European Free Trade Association), which are bound by the Agreement on the European Economic Area (EEA). The 27 Member States are Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden. The three EFTA countries which are also bound by the Data Protection Directive, through being part of the EEA, are Iceland, Liechtenstein and Norway.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Third Country – Any country other than the EU and EEA Member States.
The rules set up in this Procedure apply to cross border transfers, which fall under the applicability of the EU GDPR. In this section, the applicability and the extraterritorial reach of the GDPR is explained.
This document is applicable to the Netenrich entities under its direct or indirect control, excluding joint ventures.
It is important to highlight the extraterritorial applicability of the GDPR. The GDPR and consequently this Procedure applies to the processing of personal data in the context of the activities of Netenrich entities (acting either as a controller or a processor) in the EU/EEA.
EU GDPR also applies to the processing of personal data of data subjects who are in the EU/EEA by a controller or processor not established in the EU/EEA, where the processing activities are related to:
- The offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU/EEA; or
- The monitoring of their behavior as far as their behavior takes place within the EU/EEA.
The Policy applies to all departments that handle transfers of personal data to third country.
In the event that any of the rules laid out in this document are in conflict with local laws and regulations, the latter shall prevail.
CROSS BORDER DATA TRANSFERS
The EU GDPR allows personal data transfers to a third country only if a set of conditions are fulfilled.
The EU GDPR allows for personal data transfers to countries whose legal regime is deemed by the European Commission to provide for an ’adequate‘level of personal data protection. Thus, Netenrich, in the absence of European Commission adequacy decision, will transfer personal data outside non-EU states by using of standard contractual clauses as listed in Annex 1 and Annex 2 to this document.
STANDARD CONTRACTUAL CLAUSES
USE OF THE EU-PRESCRIBED TEMPLATES
The European Commission has defined standard contractual clauses which need to be used when transferring the personal data outside of the EU/EEA. The Commission has approved clauses listed in Annex 1 and Annex 2.
The content in the standard contractual clauses must not be modified unless there is the express authorization from the competent Data Protection Authority/Supervisory Authority. Any unauthorized modifications will cause the CBDT to become void.
The standard contractual clauses set obligations on both the exporter and the importer of the data to ensure that the transfer will protect the rights and freedoms of the data subjects.
Data Protection Officer (DPO) will be responsible for monitoring the official European Commission website (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) as well as other communication channels to quickly identify any new versions of the standard contractual clauses and update Annex 1 and Annex 2 of the procedure.
CONTROLLER TO CONTROLLER STANDARD CONTRACTUAL CLAUSES
When the Company is acting as a Data Controller and is sending data to another entity located outside EEA, who is also acting as a Data Controller, the Data Protection Officer is responsible to fill the documents in Annex 1 to ensure the lawfulness of the cross-border data transfer.
CONTROLLER TO PROCESSOR STANDARD CONTRACTUAL CLAUSES
When the Company is acting as a Data Controller and is sending data to another entity located outside EEA, who is acting as a data processor, Data Protection Officer is responsible to fill the documents in Annex 2 to ensure the lawfulness of the cross border data transfer.
Any individual who breaches this Procedure may be subject to internal disciplinary action, up to and including termination of their employment, and may also face civil or criminal liability if their action violates the law.