Services Privacy Policy
Our Services Privacy Policy is organized into
Services Personal Information Data Processing Terms, System Operations Data Processing Terms and
Communications and Notifications to Customers and Users:
A. Services Personal Information Data Processing Terms
This describes the privacy and security practices that we and our affiliates (“Digital Process Innovations”) employ when handling Services Personal Information (as defined below) for the provision of Technical Support, Professional Sevices, Cloud or other services, including those provided via mobile application, (the “Services”) provided to our customers (“You” or “Your”) during the term of Your order for Services. Additional terms may be specified in the relevant privacy and security practices for the Services You have ordered.
Services Personal Information is personal information that is provided by You, resides on Digital Process Innovations, customer or third-party systems and environments, and is processed by Digital Process Innovations on Your behalf in order to perform the Services. Services Personal Information may include, depending on the Services: information concerning family, lifestyle and social circumstances; employment details; financial details; online identifiers such as mobile device IDs and IP addresses, geolocation data, and first party online behavior and interest data. Services Personal Information may relate to Your representatives and end users, such as Your employees, job applicants, contractors, collaborators, partners, suppliers, customers and clients.
B. System Operations Data Processing Terms
This describes the privacy and security practices that apply to personal information that may be incidentally contained in Systems Operation Data that is generated by the interaction of (end-)users of our Services (“Users”) with the Digital Process Innovations systems, tools and networks used to monitor, safeguard and deliver Services to our customer base.
Systems Operations Data may include access, event, diagnostic and other log files, as well as statistical and aggregated information that relates to the use and operation of our Services, and the systems and networks these Services run on.
Responsibility and Purposes for Processing Personal Information
Digital Process Innovations and its affiliated entities are responsible for processing personal information that may be incidentally contained in Systems Operations Data in accordance with Sections II and III of this Policy.
We may collect or generate Systems Operations Data for the following business purposes:
• a) to help keep our Services secure, including for security monitoring and identity management;
• b) to investigate and prevent potential fraud or illegal activities involving our systems and networks, including to prevent cyber-attacks and to detect bots;
• c) to administer our back-up disaster recovery plans and policies;
• d) to confirm compliance with licensing and other terms of use (license compliance monitoring);
• e) for research and development purposes, including to analyze, develop, improve and optimize our Services;
• f) to comply with applicable laws and regulations and to operate our business, including to comply with legally mandated reporting, disclosure or other legal process requests, for mergers and acquisitions, finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.
Where relevant, our legal basis for processing Your personal information is as follows:
• Digiatl Process Innovations will process Systems Operations Data as may be necessary to help keep our Services secure; to investigate and prevent potential fraud or illegal activities involving our systems and networks; to administer our back-up disaster recovery plans and policies; and to confirm compliance with licensing and other terms of use.
• Digital Process Innovations will process Systems Operations Data as may be necessary for internal research for technological development and demonstration and to improve, upgrade, or enhance Digital Process Innovations products and services based on our legitimate interests when such processing has a limited privacy impact on the individual.
• Digital Process Innovations may also process Systems Operations Data as necessary for compliance with our legal obligations and for required business operations as noted above.
Security - Sharing Personal Information
Digital Process Innovations has implemented appropriate technical, physical and organizational measures in accordance with the Digital Process Innovations Corporate Security Practices designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
Personal information contained in Systems Operations Data may be shared throughout Digital Process Innovations’s global organization for Digital Process Innovations’s business purposes. A list of Digital Process Innovations entities is available as indicated above.
We may also share such personal information with the following third parties:
• third-party service providers (for example IT service providers, lawyers and auditors) in order for those service providers to perform business functions on behalf of Digital Process Innovations;
• relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
• as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
When third parties are given access to personal information contained in Systems Operations Data, we will take the appropriate contractual, technical and organizational measures to ensure, for example, that personal information is only processed to the extent that such processing is necessary, consistent with this Privacy Policy and in accordance with applicable law. Digital Process Innovations does not share or sell Systems Operations Data subject to this Privacy Policy with third parties for any commercial purposes.
Individual Rights
To the extent personal information about You is contained in Systems Operations Data, You may request to access, correct, update or delete personal information contained in Systems Operations Data in certain cases, or otherwise exercise Your choices with regard to Your personal information by filling out an inquiry form. We will respond to your request consistent with applicable law.
If are South African resident, under the South African Consumer Privacy Act (CCPA), as amended, You may request that Digital Process Innovations:
I.SERVICES PERSONAL INFORMATION DATA PROCESSING TERMS
Digital Process Innovations treats all Services Personal Information in accordance with the terms of Sections I and III of this Policy and Your order for Services.
In the event of any conflict between the terms of this Services Privacy Policy and any privacy terms incorporated into Your order for Services, including an Digital Process Innovations Data Processing Agreement, the relevant privacy terms of Your order for Services shall take precedence.
1.Purpose of Processing Services Personal Information
Digital Process Innovations may process Services Personal Information for the processing activities necessary to perform the Services, including for creating an Digital Process Innovations services account to access Digital Process Innovations products and services, for testing and applying new product or system versions, patches, updates and upgrades, and resolving bugs and other issues You have reported to Digital Process Innovations.
You are the controller of the Services Personal Information processed by Digital Process Innovations to perform the Services. Digital Process Innovations will process your Services Personal Information as specified in Your Services order and Your documented additional written instructions to the extent necessary for Digital Process Innovations to (i) comply with its processor obligations under applicable data protection law or (ii) assist You to comply with Your controller obligations under applicable data protection law relevant to Your use of the Services. Digital Process Innovations will promptly inform You if, in our reasonable opinion, Your instruction infringes applicable data protection law. You acknowledge and agree that Digital Process Innovations is not responsible for performing legal research and/or for providing legal advice to You. Additional fees may apply.
You control access to Your Services Personal Information by Your end users, and Your end users should direct any requests related to their Services Personal Information to You. To the extent such access is not available to You, Digital Process Innovations will provide reasonable assistance with requests from individuals to access, delete or erase, restrict, rectify, receive and transmit, block access to or object to processing of Services Personal Information on Digital Process Innovations systems. If Digital Process Innovations directly receives any requests or inquiries from Your end users that have identified You as the controller, we will promptly pass on such requests to You without responding to the end user.
If you are an end user and you have questions about your choices regarding the disclosure and use of Services Personal Information provided to Digital Process Innovations, please consult directly with the organization that collected your information from you.
Digital Process Innovations has implemented and will maintain technical and organizational measures designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Services Personal Information. These measures, which are generally aligned with the ISO/IEC 27001:2013 standard, govern all areas of security applicable to the Services, including physical access, system access, data access, transmission, input, security oversight, and enforcement.
Digital Process Innovations employees are required to maintain the confidentiality of personal information. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential
information.
Please confirm with us any additional details regarding the specific security measures that apply to the Services are set out in the security practices for these Services, including regarding data retention and deletion, available for review.
Digital Process Innovations promptly evaluates and responds to incidents that create suspicion of or indicate unauthorized access to or handling of Services Personal Information.
If Digital Process Innovations becomes aware and determines that an incident involving Services Personal Information qualifies as a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Services Personal Information transmitted, stored or otherwise processed on Digital Process Innovations systems that compromises the security, confidentiality or integrity of such Services Personal Information, Digital Process Innovations will report such breach to You without undue delay.
As information regarding the breach is collected or otherwise reasonably becomes available to Digital Process Innovations and to the extent permitted by law, Digital Process Innovations will provide You with additional relevant information concerning the breach reasonably known or available to Digital Process Innovations.
6. Subprocessors
To the extent Digital Process Innovations engages Digital Process Innovations affiliates and third-party subprocessors to have access to Services Personal Information for the purpose of assisting in the provision of Services, such subprocessors shall be subject to the same level of data protection and security as Digital Process Innovations under the terms of Your order for Services. Digital Process Innovations is responsible for its subprocessors’ compliance with the terms of Your order for Services.
Digital Process Innovations maintains lists of Digital Process Innovations affiliates and subprocessors that may process Services Personal Information. Additional information is available to You via our Digital Process Innovations Support (https://support.Digital Process Innovations.co.za) documents, or other applicable primary support tool provided for the Services.
Digital Process Innovations will address this in due course.
8. Audit Rights
To the extent provided in your order for Services, You may at Your sole expense audit Digital Process Innovations’s compliance with the terms of this Services Privacy Policy by sending Digital Process Innovations a written request, including a detailed audit plan, at least two weeks in advance of the proposed audit date. You and Digital Process Innovations will work cooperatively to agree on a final audit plan.
The audit shall be conducted no more than once during a twelve-month period, during regular business hours, subject to Digital Process Innovations’s on-site policies and regulations, and may not unreasonably interfere with business activities. If You would like to use a third party to conduct the audit, the third party auditor shall be mutually agreed to by the parties and the third-party auditor must execute a written confidentiality agreement acceptable to Digital Process Innovations. Upon completion of the audit, You will provide Digital Process Innovations with a copy of the audit report, which is classified as confidential information under the terms of Your agreement with Digital Process Innovations.
Digital Process Innovations will contribute to such audits by providing You with the information and assistance reasonably necessary to conduct the audit, including any relevant records of processing activities applicable to the Services. If the requested audit scope is addressed in a SOC 1 or SOC 2, ISO, NIST, PCI DSS, HIPAA or similar audit report issued by a qualified third party auditor within the prior twelve months and Digital Process Innovations provides such report to You confirming there are no known material changes in the controls audited, You agree to accept the findings presented in the third party audit report in lieu of requesting an audit of the same controls covered by the report. Additional audit terms may be included in Your order for Services.
9. Deletion or Return of Services Personal Information
Except as otherwise specified in an order for services or required by law, upon termination of services, Digital Process Innovations will return or delete any remaining copies of Your production customer data, including any Services Personal Information, located on Digital Process Innovations systems or Services environments. Additional information on data deletion functionality is provided in the applicable Services descriptions.
II. SYSTEMS OPERATIONS DATA PROCESSING TERMS
Digital Process Innovations Corporation and its affiliated entities are responsible for processing personal information that may be incidentally contained in Systems Operations Data in accordance with Sections II and III of this Policy. See the list of Digital Process Innovations entities. Please select a region and country to view the registered address and contact details of the Digital Process Innovations entity or entities located in each country.
We may collect or generate Systems Operations Data for the following business purposes:
• a) to help keep our Services secure, including for security monitoring and identity management;
• b) to investigate and prevent potential fraud or illegal activities involving our systems and networks, including to prevent cyber-attacks and to detect bots;
• c) to administer our back-up disaster recovery plans and policies;
• d) to confirm compliance with licensing and other terms of use (license compliance monitoring);
• e) for research and development purposes, including to analyze, develop, improve and optimize our Services;
• f) to comply with applicable laws and regulations and to operate our business, including to comply with legally mandated reporting, disclosure or other legal process requests, for mergers and acquisitions, finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.
Where relevant, our legal basis for processing Your personal information is as follows:
• Digital Process Innovations will process Systems Operations Data as may be necessary to help keep our Services secure; to investigate and prevent potential fraud or illegal activities involving our systems and networks; to administer our back-up disaster recovery plans and policies; and to confirm compliance with licensing and other terms of use.
• Digital Process Innovations will process Systems Operations Data as may be necessary for internal research for technological development and demonstration and to improve, upgrade, or enhance Digital Process Innovations products and services based on our legitimate interests when such processing has a limited privacy impact on the individual.
• Digital Process Innovations may also process Systems Operations Data as necessary for compliance with our legal obligations and for required business operations as noted above.
2. Sharing Personal Information
Personal information contained in Systems Operations Data may be shared throughout Digital Process Innovations’s global organization for Digital Process Innovations’s business purposes. A list of Digital Process Innovations entities is available as indicated above.
We may also share such personal information with the following third parties:
• third-party service providers (for example IT service providers, lawyers and auditors) in order for those service providers to perform business functions on behalf of Digital Process Innovations;
• relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
• as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
When third parties are given access to personal information contained in Systems Operations Data, we will take the appropriate contractual, technical and organizational measures to ensure, for example, that personal information is only processed to the extent that such processing is necessary, consistent with this Privacy Policy and in accordance with applicable law. Digital Process Innovations does not share or sell Systems Operations Data subject to this Privacy Policy with third parties for any commercial purposes.
3. Cross-border Data Transfers
If personal information contained in Systems Operations Data is transferred to an Digital Process Innovations recipient in a country that does not provide an adequate level of protection for personal information, Digital Process Innovations will take measures designed to adequately protect information about Users, such as ensuring that such transfers are subject to the terms of the EU Standard Contractual Clauses or other adequate transfer mechanism as required under relevant data protection laws.
4.Security
Digital Process Innovations has implemented appropriate technical, physical and organizational measures in accordance with the Digital Process Innovations Corporate Security Practices designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.
5. Individual Rights
To the extent personal information about You is contained in Systems Operations Data, You may request to access, correct, update or delete personal information contained in Systems Operations Data in certain cases, or otherwise exercise Your choices with regard to Your personal information by filling out an inquiry form. We will respond to your request consistent with applicable law.
If are a South African resident, under the South African Consumer Privacy Act (CPA), as amended, You may request that Digital Process Innovations:
1. Discloses to you the following information:
• the categories and specific pieces of personal information we collected about You and the categories of personal information we sold, if applicable;
• the categories of sources from which we collected such personal information;
• the business or commercial purpose for collecting or selling personal information; and
• the categories of third parties to whom we sold or otherwise disclosed personal information, if applicable.
2. deletes personal information we collected about You or corrects inaccurate personal information about You, unless retained solely for legal and compliance purposes and as otherwise set out in the CPA
3. fulfils your request to opt-out of any future sale of personal information about You, if applicable.
If You are an authorized agent making an access or deletion request on behalf of a South African resident, please reach out to us via the inquiry form and indicate that You are an authorized agent. We will provide You with instructions on how to submit a request as an authorized agent on behalf of a South African resident.
If you submit a request, please be specific as to what right you are asserting (e.g., access, correction, etc.) and which specific pieces of personal information are in scope of your request. In some cases, in order to comply with applicable law or a legal obligation, Digital Process Innovations may deny your request or may seek more information from you in order to respond to your request.
If You are a South African resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Digital Process Innovations received, complied with, or denied for the previous calendar year, please visit Digital Process Innovations’s Annual Consumer Privacy Reporting page, available here.
C. Communications and Notifications to Customers and Users
1. Legal requirements.
Digital Process Innovations may be required to provide access to Services Personal Information and to personal information contained in Systems Operations Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect Your or a User’s safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside Your or a User’s country of residence, for national security and/or law enforcement purposes.
Digital Process Innovations will promptly inform You of requests to provide access to Services Personal Information, unless otherwise required by law.
2. Protection of Personal Information Act (POPIA)
For Business Partners and users located in South Africa, please take note of the following:
In terms of section 1 of the
Protection of Personal Information Act, 2013 (“POPI”), “personal data” or “personal information” includes “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.”
The corresponding legal grounds and conditions for lawful processing of personal data in South Africa are contained in Sections 8 to 25 of POPI, and relate to “Accountability”; “Processing limitation”; “Purpose specification”; “Further processing limitation”; “Information quality”; “Openness”; “Security safeguards” and “Data subject participation”.
In terms of section 69 of POPI, the processing of personal information of a data subject for the purposes of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, sms’s or e-mail is prohibited unless the data subject has provided consent to the processing, or is, subject to further conditions, an existing customer of the responsible party.
For purposes of a Data Subject exercising its rights further enquiries and the exercise of its rights in relation to access, objection to, and complaints in respect of the processing of personal data, the contact particulars of the Information Regulator of South Africa, are as follows:
JD House, 27 Stiemens St. Braamfontein. Johannesburg. 2001
PO Box 31533. Braamfontein. Johannesburg. 2017
Complaints: Complaints.IR@Justice.gov.za
General Enquiries: InfoReg@Justice.gov.za
3. Filing a Complaint
If You or a User have any complaints regarding our compliance with our privacy and security practices, please contact us via our inquiry form. We will investigate and attempt to resolve any complaints and disputes regarding our privacy practices. Users also have the right to file a complaint with a competent data protection authority if they are a resident of a European Union member state.
We commit to refer unresolved complaints concerning our handling of Services Personal Information received in reliance on the DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit TRUSTe for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
Under certain conditions, specified on the DPF website, Users may invoke binding arbitration after other dispute resolution procedures have been exhausted.
4. Changes To This Services Privacy Policy
This Privacy Policy was last updated on February 21, 2024. However, the Services Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this website. In cases of material changes, we will also inform you in another appropriate way (for example via a pop-up notice or statement of changes on our website) prior to the changes becoming effective.