RLDatix Global Privacy Notice
Who is RLDatix?
RLDatix operates worldwide through subsidiary and affiliate companies. RLDatix is committed to privacy and to transparency in our information practices. This privacy notice describes our collection, use, disclosure and processing of personal information that is collected online via our websites and services provided.
Whenever dealing with one of the group companies, the ‘controller’ of your personal information will be the company that corresponds with details in Schedule A.
Where this notice refers to “we”, “our” or “us” below, unless it mentions otherwise, it is referring to the particular company that is the controller of your personal information.
What is this notice?
We may collect personal information (defined below) about you, and we are committed to protecting this personal information and your privacy. Set out in this notice is an explanation of how we collect, use, and safeguard your personal information.
The key principles of integrity, openness, transparency, and respect for the rights of individuals are elements of this notice which apply to all of our business units globally. This privacy notice is only relevant for data that is in our capacity as a controller with respect to personal information.
Not covered by this notice. This privacy notice does not apply to job applicants and candidates who apply for employment with us through our job application portal or to our employees and non-employee workers whose personal information is subject to different privacy policies which are provided to such individuals in the context of their employment or working relationship with an RLDatix group entity.
This notice does not apply where RLDatix processes personal information on behalf of and subject to the instructions of a client as part of Agreements or business dealings.
Why do we need this notice?
This notice sets out the minimum requirements for all our businesses and employees for the confidentiality, security, integrity, and protection of personal information.
Where a jurisdiction in which we operate has regulatory or governance obligations over and above these notice minimums, for that jurisdiction these additional requirements are included in Schedule B.
What Personal information do we collect?
The principles of data protection are that the amount of personal information which is collected and processed should be limited to what is necessary for the purpose for which the personal information was collected or obtained. We will only collect and use personal information about you that is necessary to provide you with the products and services that you have requested.
The information we collect depends on the nature of our relationship with you. Personal information we may collect includes:
- behavioural (the activities, actions, transactions you may carry out, resources you access, clickstreams through websites);
- contact (such as your name, address, phone number and email address);
- monitoring (information relating to your activities on our website and your device (URL, IP, IMEI, browser type and version, time zone, operating system and platform, location);
- legal (information relating to legal claims made by you or against you or the claims process);
- sales (information relating to the sale of products or services to you);
- correspondence (information contained in our correspondence or other communications including surveys with you about our products, services or business);
- special data (dietary requirements should you attend an event we host);
Regardless of whether we are acting as the data controller or otherwise, we may collect personal information directly from you. This information is provided entirely voluntarily and may be provided by:
- our website https://www.rldatix.com;
- our customer support and ideas portal’s;
- our X account: https://twitter.com/rldatix;
- our Facebook account: https://www.facebook.com/rldatix;
- our Instagram account: RLDatix (@rldatix) Instagram photos and videos;
- our LinkedIn accounts: https://www.linkedin.com/company/rldatix/;
- corresponding with us by phone, email or otherwise;
- information given by you for events and conferences we may host;
- surveys and feedback responses;
- information you may provide our chatbot while navigating our website.
Children and adolescents – customers, business partners and media reps
- our website is aimed exclusively at potential customers, business partners and press representatives.
- persons under the age of 16 should provide any personal information to us without the consent of their parents or legal guardians.
- we do not request data from children and adolescents who are under the age of sixteen.
Why do we collect your personal information?
This is dependent upon the nature of the relationship we have with you. For example:
- if you are an employee of a company with whom we have a business relationship, we may use your personal information as part of our contractual obligations and in the normal course of doing business with your company;
- if using our websites, we may use the personal information contained in cookies to track the use of our websites;
- to personalise our website by integrating videos and optimising and increasing the attractiveness of our website offer;
If you contact us enquiring about our products and services. We collect the above information in order to provide services and products to you, to inform you of services and products we may provide to you and to improve the services and products we provide. Our use of your information may be based on the performance of a contract to which you are party to, which enables us to provide authorised products and /or services to you.
What is the legal basis associated with the main purpose?
Where we process data, we need to have a legal basis to do so. There are several different reasons we process data for and therefore we may use different legal bases. The below are examples of the legal basis we use to process data;
Contract – where we have a contract with you that you have signed, we will process data in accordance with the requirements of that contract
Legal Obligation – where there is a legal requirement placed on us to provide personal data, we will adhere to that requirement.
Legitimate Interest – where we believe that there is both a benefit to you and RL Datix in processing your data. In the event we use the purpose of Legitimate Interest we are required to document internally an assessment of how it is in both parties’ interest. Examples of this may include;
- For analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
- To correspond or communicate with you;
- To verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
- For the management of queries, complaints, or claims.
Consent – where you explicitly give us consent to use your data such as in sending Marketing material to you.
Who do we share your personal information with?
We will only disclose or share your personal information in accordance with applicable laws and regulations. As a global company, we may share your information with other business units within RLDatix. They may use your personal information as established in connection with the products and/or services that complement our own range of products and/or services. In some instances, this will include sharing your personal information with third parties such as:
- Service providers engaged by us to assist us in providing services to you. These service providers may include: cloud storage providers, mail-houses, IT system suppliers, auditors, lawyers and marketing agencies;
- Our third-party product and service administrators; *
- Any member of our organisation which includes our ultimate holding company and its subsidiaries (from time to time) as necessary to provide services to you.
* When we use a third-party service provider, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
For information on processors who may be used by RLDatix to process your data, please email privacy@rldatix.com.
How do we keep your personal information secure?
We store personal information in secure databases and in secure cloud environments.
We take appropriate security measures to protect such personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
We take protection of your personal information and our system security very seriously. Any personal information that is collected, processed or stored will have appropriate safeguards applied in line with our data protection obligations.
We have also designed and implemented controls to minimise loss of, or damage to, your personal information by human error, negligence or malicious intent and engage internal and external auditors to conduct regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Our employees also protect your personal information whenever they are processing it and undergo regular training on privacy and data protection requirements.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your personal information.
All exchanges of personal information between you and our websites go through secure channels in order to prevent interception of your personal information.
Where we collect any sensitive personal information about your food allergies and health conditions for events and conferences we may host, we will apply additional security controls to protect that data.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
How long will we store your Personal information?
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under “Why do we collect your personal information”. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies in a jurisdiction) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or
- in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
Your rights
Each jurisdiction grants individuals certain lawful rights in respect of their personal information. In some jurisdictions, additional rights are available to individuals – these are outlined in Schedule B.
The rights that we adopt as part of our global privacy notice and therefore within all jurisdictions are the:
Right to lodge a complaint – You have a right to lodge a complaint to us at any time if you object to the way in which we have used or managed your personal information. Where you are dissatisfied with our response, you also have the right to escalate your complaint to the relevant regulator in your jurisdiction. Further information can be located on the applicable regulator’s website (see Schedule C).
Right of access – All individuals have a right to access their personal information held by an organisation. There will not usually be a charge to you for us to respond to these requests. However, where the request is deemed by us to be excessive, you may be charged a fee for our providing you a record of your personal information that is held by us. Your personal information will usually be provided to you electronically, unless otherwise requested. Where you have made the request to receive a record of your personal information held by us by electronic means, we will endeavour to provide the data in the requested format where we are able to do so.
Right of rectification – We take reasonable steps to ensure that the personal information we collect and hold about you is accurate and complete. However, if you do not believe this is the case, you have the right to request we rectify the inaccuracy at any time.
Right to opt out from receiving any direct marketing/ withdrawal of consent – You can ask us to stop sending you marketing messages at any time. Please see below for instructions on how you can do this.
If you would like to exercise any of the above rights or make a complaint about how RLDatix has handled your Personal information, please refer to Schedule D for the contact details for your jurisdiction. In some circumstances, exercising some of these rights may result in us being unable to continue providing you with a prescribed service and/or our business relationship with you. Please note that in some cases we may not be able to comply with your request for legal reasons. Where we are unable to comply with your request, we will also inform you of the reasons why.
Marketing
We may collect your preferences to receive marketing information directly from us by email, and/or telephone calls in the following ways:
- if you register with us online for services, such as a demo; or
- if you make a sales enquiry we may contact you with marketing information in the ways mentioned in the Notices presented to you, except where you indicate you would prefer otherwise.
- if you sign up for an event or conference.
The type of marketing you could expect to receive should you agree, may include, newsletters, promotional offers, or event invitations.
We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies by using your personal information or use your personal information to tailor marketing to improve its relevance.
Should you wish to manage your marketing preferences please contact info@rldatix.com or alternatively use the unsubscribe option provided in the marketing contact.
Cookies and links to other Sites
Like many other websites, our website uses cookies including Google Analytics to obtain an overall view of visitor habits and visitor volumes to our website. ‘Cookies’ are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognise you when you visit.
Our website may contain links to other websites run by other organisations including Instagram, Twitter and Google. This notice does not apply to those other websites’ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you accessed our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the notice of that third party website.
It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit our Cookies notice.
Integrations
Some parts of our website may use the video services of YouTube and Vimeo. YouTube and Vimeo use cookies to collect usage and user-related information about your visit to our website. No Personal information is automatically transmitted to YouTube and Vimeo when you visit our website.
If you want to make sure that no personal data is collected and processed by YouTube and Vimeo, please do not click on the embedded videos.
On our website we use the map service Google Maps in order to provide directions to our offices. When you visit our website in which the Google Maps map is integrated, your browser loads the Google Maps map service into your browser cache in order to display it on our website.
We use external fonts from Google Fonts so that when you visit our website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For these integrations, by accessing our website you accept that your Internet browser establishes a connection to the respective server and provides them with information including your IP.
Changes to this notice
Please note that this notice will be reviewed and may be changed from time to time. Any changes we make to this notice in the future will be posted to our websites.
Schedule A – Companies
| Region/Country | Company |
| APAC | Dynama Solutions Inc RLDatix Australia Pty Ltd |
| Canada | RLDatix North America Inc |
| Germany | RLDatix Gmbh |
| MEA | Datix Arabia |
| North Macedonia | Allocate Software Dooel Skopje |
| Sweden | RLDatix AB |
| UK | Allocate Software Limited Datix Limited Dynama Solutions Inc Quality Compliance Systems Cloud9 Software Limited |
| USA | Allocate Software Inc Datix (USA) Inc Dynama Solutions Inc Porzio Life Sciences LLC iContracts Inc |
Schedule B – Additional PROVISIONS (Jurisdictional)
For Australian residents, the following additional rights apply globally:
Anonymity and pseudonymity – Individuals dealing with us have the option of being anonymous or using a pseudonym unless we:
- are required or authorised by law or a court or a tribunal order to deal with identified individuals; or
- it is impracticable for us to deal with you if you have not identified yourself.
If we are unable to collect your personal information – In addition to not being able to provide certain products or services to you, the following may also occur:
- we may not be able to provide you with information that you requested; and / or
- we may not be able to offer you employment with us.
Dealing with unsolicited personal information – Generally, most information received by us is immediately and automatically recorded (i.e. most documents received are scanned into an electronic image or online systems used).
Where it becomes apparent that a communication contains unsolicited personal information that could not otherwise lawfully be requested or used, we will make reasonable efforts to delete, destroy or de-identify the record. Where it is impracticable to do this (for example, the unsolicited information is combined with necessary information), the record will be retained, subject to the safeguards detailed in this privacy Notice.
Disclosing your personal information outside of Australia – As part of providing services to you and in our capacity as a service provider, occasionally personal information may be stored or processed at locations outside of Australia.
We may disclose personal information to corporate and third-party suppliers and service providers located overseas. These include IT service providers, and other third party vendor/suppliers located overseas.
Those countries that we may disclose your personal information to that are located outside of Australia, include the United Kingdom, the United States of America and North Macedonia as at the date of this Notice.
Canada
The Canadian Privacy Statutes set the obligation that RLDatix may only collect, use and disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. Consent is required for the collection, use and disclosure of personal information. Depending on the sensitivity of the personal information, consent may be opt in or opt out.
Each of the Canadian Privacy Statutes also provides individuals with the following:
- A right of access to personal information held by an organization, subject to limited exceptions;
- A right to correct inaccuracies in/update their personal information records; and
- A right to withdraw consent to the use or communication of personal information.
MEA
Right to be informed – You have the right to be informed of the basis for data processing and the right to have personal data processed for no other purpose without consent
Right of access – You have the right to access your personal data including the right to review it and obtain a copy
Right to rectification – You are entitled to have your personal information rectified if it is inaccurate or incomplete.
Right to destruction – you have the right to request personal data be destroyed when it is no longer required for the purpose for which it was originally collected
For UK, European Union (EU) and North Macedonia residents, the following additional rights apply:
Right to erasure –
(sometimes referred to as ‘the right to be forgotten’). The broad principle underpinning this right is to enable you to request the deletion or removal of personal information whether there is no compelling reason for its continued processing.
Right to restrict processing –
The board principle underpinning this right is to restrict the processing of personal information if one of the following applies:
- the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of the personal information;
- the processing is unlawful and you oppose the erasure of the personal information and requests the restriction of their use instead;
- we no longer need the personal information for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of us override those of you.
Right of data portability –
You are able to obtain and reuse your personal information for your own purposes across different services by being allowed to move, copy or transfer personal information easily from one IT environment to another.
Right to withdraw consent – where processing is based on consent, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and/or services to you and/or maintain a business relationship with you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
Right to be informed – You are entitled to be provided with information about certain matters relating to the processing of your personal information and for that information to be provided within certain timescales.
Right of access – You have the right to obtain: confirmation that your personal information is being processed; access to your personal information
Right to rectification – You are entitled to have your personal information rectified if it is inaccurate or incomplete.
Right to object – The board principle underpinning this right is that you are entitled to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research or statistics.
Rights relating to automated decision-making and profiling – This right doesn’t apply to all circumstances but, where it does apply, it effectively provides you with safeguards against the risk that a potentially damaging decision is taken solely based on automated means, without human intervention, which produces legal effects concerning you or significantly affects you
United States
The United States does not have a comprehensive federal privacy law however there are a large number of state specific privacy laws. This table covers those laws that have been passed as at April 2024. Therefore, it is recommended that you seek advice from your local data protection agency or contact the relevant RLDatix Privacy Officer.
Depending on the jurisdiction in which you are located, you may have the rights as per below:
| California Consumer Privacy Act | California Privacy Rights Act | Colorado, Connecticut, Indiana, Montana, New Jersey, Oregon, Tennessee, Texas, Virginia | New Hampshire | Delaware | Iowa | Utah | |
| Right to access | X | X | X | X | X | X | X |
| Right to correct | X | X | X | X | X | ||
| Right to delete | X | X | X | X | X | X | X |
| Right to opt of certain processing | X | ||||||
| Right to opt out of processing sensitive data | X | ||||||
| Right to opt out of processing for profiling/targeted advertising purposes | X | X | X | ||||
| Right to portability | X | X | X | X | X | X | X |
| Right to opt out of sales | X | X | X | X | X | X | X |
| Right to opt in for sensitive data processing | X | X | X | X | |||
| Right against automated decision-making | X | X | |||||
| Right against certain automated decision-making | X | X | |||||
| Private right of action | limited to certain violations only | limited to certain violations only |
Schedule C – Regulatory Authority per Jurisdiction
This schedule provides the contact for the jurisdictions where we are obliged to provide you this information to support a complaint about how we have managed your information.
| Country | Authority Name | Website | Contact Details |
| Australia | Office of the Australian Information Commissioner (OAIC) | www.oaic.gov.au | GPO Box 5218, Sydney NSW 2001 T 1300 363 992 |
| Canada | Office of the Privacy Commissioner (OPC) | www.priv/gc/ca/EN/ | Office of the Privacy Commissioner of Canada 30, Victoria Street Gatineau, Quebec K1A 1H3 |
| Germany | Germany has a Data Protection Authority for each of the 16 German states (Länder). | A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html | |
| MEA | Saudi Data & AI Authority | www.sdaia.gov.sa | The Unified Call Center – 8001221111 Email – Suggestions@sdaia.gov.sa RD04 Al Raidah Digital City, Al Nakheel, Saudi Arabia Riyadh, Riyadh 12382 SA. |
| North Macedonia | Personal Data Protection Agency | Agency for Personal Data Protection of North Macedonia- https://azlp.mk/azlp/ | Personal Data Protection Agency of North Macedonia bul. “Goce Delchev” no. 18, (the Macedonian Radio Television MRTV building – floor 14), PO Box 417, 1000 Skopje Phone numbers: ++ 389 (2)3230 635 ++ 389 (2)3230 617 |
| New Zealand | New Zealand Privacy Commissioner | https://www.privacy.org.nz/ | https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-self-assessment/ Or in writing at New Zealand Privacy Commissioner PO Box 10 094, Wellington 6143 |
| Sweden | Swedish Authority for Privacy Protection | https://www.imy.se/en/ | Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden |
| United Kingdom | Information Commissioner’s Office | www.ico.org.uk | Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF T +0303 123 1113 (or +44 1625 545745 if calling from overseas) 01625 524510 |
| United States of America | The United States has data protection authority for states where privacy law has been passed | California: California Privacy Protection Agency (CPPA) Colorado: Colorado Attorney General Connecticut: The Connecticut Data Privacy Act Delaware: Delaware Department of Justice – State of Delaware Indiana: Office of the Indiana Chief Data Officer: Indiana Privacy & Data Ethics Program Iowa: Homepage | Iowa Attorney General Montana: dojmt.gov New Jersey: https://www.jerseyoic.org/resource-room/data-protection/ Oregon: Department of Consumer and Business Services : Department of Consumer & Business Services : State of Oregon, doj.state.or.us Tennessee: Tennessee State Government – TN.gov Texas: Office of the Attorney General (texasattorneygeneral.gov) Utah: Utah Attorney General – Protecting Utah. Protecting You. Virginia: Home (state.va.us) |
Schedule D – Privacy Officers/ Contacts
| Jurisdiction | Privacy Officer | Location | Email/ contact |
| APAC | Vicki Knevett | Level 10, 71 Queens Road Melbourne, 3000 Australia | privacy@rldatix.com |
| EU/ UK* | June Lewis | 2nd Floor, 1 Church Road Richmond TW9 2QE United Kingdom | privacy@rldatix.com |
| MEA | June Lewis | 2nd Floor, 1 Church Road Richmond TW9 2QE United Kingdom | privacy@rldatix.com |
| MKD | Biljana Volceska Aceska | Arts Center Skopje (Second Building of the Holocaust Museum) 11-ti Mart Br. 2, 1000 Skopje North Macedonia | Mkdprivacy@rldatix.com |
| NAM | Pooja Patel | 311 South Wacker Drive, Suite 4900 Chicago, Illinois United States 60606 | privacy@rldatix.com |
| Sweden – RLDatix AB | June Lewis | 2nd Floor, 1 Church Road Richmond TW9 2QE United Kingdom | privacy@rldatix.com |
| *Locations include Ireland and Germany | |||
