CoLOS Data Privacy Statement

Data Privacy Statement relating to CoLOS Entitlement, Distribution and Licensing (“EDL”) tool

1. Introduction

Dover Europe Sàrl (hereinafter the “Company”, “us”, “we” or “our”) is committed to protecting the personal data of the Client (hereinafter the “Client”, “you” or “your”), and intends to process your personal data in a transparent and lawful way. Personal data is any information relating to an identified or identifiable natural person. Your name, address, phone number and e-mail address are examples of personal data. In all circumstances the Company aims to process personal information according to the following principles:

  • a. Transparency: Personal data is used fairly, lawfully, and transparently.
  • b. Limited Use: Personal data is collected for a specific and legitimate business purpose and used in a manner that is compatible with that purpose. We securely dispose of it when it is no longer needed.
  • c. Data Minimization: Only relevant data– not excessive amounts – is collected or used.
  • d. Accuracy: We aim to keep personal data accurate and up-to-date.
  • e. Security and Limited Access: Personal data is stored securely and is shared only with those individuals who need the data to accomplish a business objective.

This Privacy Statement is intended to provide you with some information regarding how your personal data will be collected, used, shared, and protected within the Colos Entitlement, Distribution and Licensing tool (“EDL tool”) that will be deployed by the Company, which is described in greater detail in the sections below. You can find the latest version of this Privacy Statement on: http://www.markem-imaje.com/colos-data-privacy-statement. The Company may change this Statement from time to time by updating this page.

2. Who is the relevant “controller” of your personal data?

The EDL tool is implemented by Dover Europe Sàrl. Our intention is for the implementation of the EDL tool to comply with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and applicable local laws. Dover Europe Sàrl is the data controller of your personal data contained in EDL tool, and can be contacted here: Chemin de Blandonnet 8, 1214 Vernier, Switzerland, colosprivacy@markem-imaje.com.

3. What data is being collected or gathered?

With regard to the EDL tool, the Company processes your personal data in order to effectively administer the End User License Agreement related to the Solution Colos as described further in Section 5 below.  We do not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person or data concerning health or sex life and sexual orientation.

With regard to the EDL tool, the Company will be collecting the following personal data: First name, last name, professional phone number, fax number and e-mail address..

4. How is the data being processed?

The purpose of the EDL tool is to provide a tool for the Company to administer the End User License Agreement related to the Solution Colos.  The EDL tool is meant to be the central repository for customers’ data, and to provide a means for the Company to screen, register and support the Colos’ end-users, and to comply with applicable laws and regulations. We will not use your personal data for decisions based solely on automated processing if the decision produces legal effects concerning you or significantly affects you, unless you gave your explicit consent for this processing. 

With regard to the EDL tool, the Company will be processing the personal data described above to store your personal data in a centralized database that can be accessed globally.

Your personal data may also be processed in connection with any legal proceedings or prospective legal proceedings, in order for the Company to establish, exercise or defend its legal rights, or in order to fulfill legal obligations, including but not limited to after a request from a competent administrative or judicial authority or in any circumstance where such processing is requested pursuant to applicable laws.

5. Why does the data need to be processed?

Processing in the EDL tool will always be based on legitimate grounds. With regard to the EDL tool, the Company will be processing the personal data described above for the following purpose(s):

The EDL tool will store the personal data identified above in order to comply with business requirements around administering the End User License Agreement related to the Solution Colos. The EDL tool will use the personal data to screen, register and support end-users. The email ID will further be used to enable download and activation of the Solution Colos. Some of the information (e.g. personal name, company name or address, email address etc.) will be used to retrieve the tracking number (proof of purchase) which thereafter can be used for any support related activities (e.g. reset of license).

The processing operations carried out by the Company on your personal data with regard to the EDL tool are necessary for the performance of the End User License Agreement related to the Solution Colos and to comply with applicable laws and regulations.

6. Who has access to your personal data?

The Company limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose. Personal data is shared on a “need to know” basis. Only those individuals who need the data to accomplish a business objective should have access to personal data, and only for as long as they need it to accomplish the objective. Individual recipients are not authorized to share personal data with other employees or third parties unless that sharing is authorized and complies with all applicable Company policies. Specifically for the EDL tool, we anticipate that the following categories of recipients will have access to your personal data, for the purposes listed below:

  • Help desk – for supporting the end-users. Email ID is used for sending the activation (or license) code or delivering the software package (by email). Company name, Company city, Email and end-user name are used for retrieving the tracking number (proof of purchase) from database. This will further be used to deliver activation code or software package.
  • Compliance team – for “automatically” screening the end-user while registering (Restricted Party screening). The information passed to this tool is first name, last name, company name and company address.
  • Other entities within the Dover Group – to administer and manage the provisions of the EDL tool and of the End User License Agreement. 
  • The Company may engage third party vendors to assist in processing personal data from time to time. The Company will pass on to any such vendor its obligations under the applicable data privacy law, require that the vendor secure the data, and provide additional notice as required by law. We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required by law to do so.

Some of the recipients noted above might be located outside the European Economic Area (“EEA”). As described in Section 7 below, appropriate safeguards have been implemented to cover such transfers to recipients who will comply with all applicable laws and regulations.

7. Where is the data being transferred? On what legal grounds?

For EU data subjects, your personal data may be transferred outside the EEA for the purposes listed above pursuant to EU Standard Contractual Clauses, Privacy Shield, or another legally binding and permissible arrangement. Such transfers will be compliant with all applicable laws and regulations. Relevant additional details regarding the basis for transfers of your personal data can be provided upon request by contacting us at colosprivacy@markem-imaje.com.

8. Data security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure the personal data we process. We employ a suite of various IT security tools in order to safeguard personal data, restrict access to the data, and have physical and organizational security measures in place to prevent unauthorized or unlawful access to personal data and accidental loss, destruction, or damage to personal data. The Company also maintains an inventory of personal data and evaluate the protections that we have in place for that data to ensure that our security measures are tailored to the sensitivity of the data.

For example, with regard to the EDL tool, the following specific security measures are in place: Data are stored on servers which are hosted in a secured datacenter where physical access is controlled using card access systems. The servers hosting the data are on the internal Company network and direct access is only possible from inside the Company. Data in motion are securely transmitted using HTTPS and data at rest are also encrypted. In addition, as described in Section 6 above, the Company has carefully limited access to your personal data only to those individuals who need access to it in order to fulfill their assigned roles, and only to the extent that they need such access. Only those individuals who need the data to accomplish a business objective should have access to personal data, and only for as long as they need it to accomplish the objective. Employees are not authorized to share personal data with other employees or third parties unless that sharing is authorized and complies with this Policy.

If, despite all our efforts, a data breach does occur, we shall do everything in our power to limit the damage. In case of a data breach which is likely to result in a high risk, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We always inform the relevant supervisory authority or authorities without undue delay..

9. Data retention information

The Company strives to only store your personal for as long as necessary for the purpose for which we have processed it, and to dispose of it securely once that purpose has been fulfilled. How long we retain your data depends on the type of data and the purpose for which we process your data. In these efforts, the Company adheres to the Dover Records Management Policy when determining how long we retain personal data.  The retention periods are established considering legitimate business purposes, according to the local regulations.

10. Data subject rights

Data subject rights vary based on your local law. However, you can always ask the Company for more information about the people who will be able to see and access the data that relates to you. If you are aware of inaccurate data, it is your responsibility to request that data to be updated and corrected.

If you are located within the EEA, you may also have the right to:

  • a. Request that your personal data be erased if you believe that one of the following applies: (i) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the personal data has been unlawfully processed; (iii) the personal data has to be erased for compliance with a legal obligation under a law to which the controller is subject; (iv) you have objected to the processing and there is no other legal ground for the processing;
  • b. Under certain circumstances and in relation to certain personal data only, receive your personal data in a structured, commonly used, and machine-readable format, as well as the right to transmit the data to another controller without hindrance;
  • c. Restrict the processing where one of the following applies: (i) you have contested the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims; (iv) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject;
  • d. To lodge a complaint with the supervisory authority, if you believe that your personal data have been processed unlawfully.

The Company is committed to ensuring your data is protected from misuse. If you think your data and information have been used in violation of the laws, regulations, or the applicable data protection provisions, please alert the Company and it will assist you. 

Any requests, including those regarding the exercise of such rights, and questions can be directed to colosprivacy@markem-imaje.com

Back to top