1. Purpose of the Policy
This website (“Scope Ratings”) is operated by Scope Ratings GmbH.
Personal data means any information which relates to a specific person (“Personal Data”).
This Policy sets out the basis on which any Personal Data collected from or provided by the users, clients or subscribers of Scope Ratings website (“You” or “Data Subjects”), will be processed by the Data Controller.
Please read the following carefully to understand Our views and practices regarding Your personal data and how they will be treated.
The provisions set out in this Policy are regulated by and aligned with the General Data Protection Regulation – Regulation (EU) 2016/679 (“GDPR”).
For more information on the legal framework of this policy please consult the GDPR text at (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en).
2. Which data Scope Ratings GmbH collects
The type of data that We may need to collect vary according to the business relationship with the Data Subject:
Clients and Subscribers: the Data Controller will request only information that is strictly necessary for the fulfillment of the contract that a client signs with the Data Controller and for the provision of its services; for example, some of the information the Data Controller may need are:
- Name and Surname;
- Email address;
- Telephone number/fax number;
- Company and business address;
3. Why Scope Ratings GmbH collects personal data
The collection of personal data through Scope Ratings website is driven by the principle of “contractual necessity”: any personal information that the Data Controller collects from the Data Subjects is necessary and functional to achieve and fulfil the specific, defined and legitimate purposes which are determined and made explicit in the contract between the Data Controller and the Data Subject.
As an example, We will request personal information to:
- Provide regular information and updates to its subscribers;
- Providing technical support in the use of Scope Ratings online platform;
- Send clients relevant marketing material (where applicable);
- Deal with clients or suppliers’ queries.
4. How Scope Ratings GmbH collects personal data
We collect personal information from a variety of sources and mainly:
- Directly from the Data Subject through subscription forms and contract applications or declarations;
- From third parties: for example, when a client provides an alternative point of contact for a specific matter/service;
- From the Data Controller platforms either via subscription or by reviewing tracking activities made by Cookies.
Whatever method is used to collect personal information, the Data Controller is committed to always accurately and promptly inform the Data Subject and to request his explicit consent.
5. How Scope Ratings GmbH handles personal data
The personal data collected through Scope Ratings website are processed and handled following the key principles highlighted below:
Minimization: only those personal data which fit the purpose of the contract between the Data Controller and the Data Subject will be collected; the type of personal data that will be required will be determined on a case by case basis;
Integrity: the information collected from the Data Subject will be kept confidential by the Data Controller at any time; in case of personal data being transferred from one entity to another within Scope Group, the Data Subject will be promptly informed when signing a contract with the Data Controller (through a Declaration of Consent) or as soon as the transfer becomes necessary; the standards of data confidentiality will be maintained unchanged;
Limited storage: the Data Controller will only keep personal data from the Data Subject as long as they are needed for the fulfilment of the business purpose as indicated in the contract between the parties; once the business purpose ceases, personal data will be permanently deleted after a retention period that varies from a minimum of six months to a maximum of ten years depending on each specific case;
Security: the Data Controller is committed to keep personal data it stores secure at any time against internal and external threats such as, but not limited to, accidental loss, unauthorised access and use; however, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Properties or services, we cannot and do not guarantee the security of any information you transmit on or through the Properties or services, and you do so at your own risk.
While performing some of its business activities, the Data Controller may use external service providers who mostly operate in the technology environment.
The Data Controller is committed to promptly notify the Data Subject in case his/her personal data are transferred to any of these external providers and to accurately explain the nature, purpose and duration of the transfer.
The Data Controller is also accountable for granting that the same standard of protection on personal data belonging to its clients/suppliers is also observed by its external service providers.
The Data Controller mainly operates in EU and EEA Member States, which are subject to the legal provisions set out in the GDPR on personal data protection.
7. Confidentiality and security
The Data Controller is committed to keep personal data from Data Subjects secure and to treat them confidentially at all times.
To ensure personal data are handled accurately, the Data Controller is accountable of granting that:
- Personal data are handled by employees who are fully trained to do so;
- The processing and handling of personal data is properly supervised;
- Personal data processing practice within the Data Controller is regularly reviewed and audited
- Scope employees are aware of the policies regulating personal data processing and of the impact and consequences of potential breaches in data protection.
In case a breach of personal data occurs, the Data Controller is responsible of notifying the Data Subject(s) affected promptly and efficiently and to swiftly take any necessary actions that could help reducing the impact of the breach.
Specifically, in the event of a data privacy breach:
- The DPO must be notified in writing within 24 hours from the data privacy breach;
- The DPO will take care of notifying the Supervisory Authority as well as any relevant stakeholder and to investigate the breach further where required;
- The DPO will notify the client and the Supervisory Authority of the outcome of the investigation.
The Data Controller is also committed to perform an exhaustive and thorough investigation both internally and externally (with the involvement of the supervisory authority if needed) on the root cause of the breach and to take any corrective measure in a timely manner, to help preventing the breach to occur in the future.
Below is the list of the Cookies used by Scope Ratings website:
|_ga||Cookie used by Google Analytics to distinguish users (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookieusage)|
|_gat||Cookie used by Google Analytics to throttle request rate (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookieusage)|
|_gid||Cookie used by Google Analytics to distinguish user(https://developers.google.com/analytics/devguides/collection/analyticsjs/cookieusage)|
9. Social Media Plug-Ins
Scope Ratings website uses plug-ins for social media platforms which allow You to share information or to follow Us on Your social media’s profile
When You click on the plug-in button, the social media will automatically receive the information on the page You visited and on the content You viewed.
For more details on data protection policy for each social media, please visit the following pages:
- Plug-Ins: https://dev.twitter.com/web/overview/privacy
- Plug-Ins: https://developer.linkedin.com/plugins
10. Data Subjects rights and duties
Although some of the personal data are held and handled by the Data Controller, Data Subjects remain the owner of this information and, as such, they keep the following rights:
Right to access the data: Data Subjects have the right to access any information concerning them held by the Data Controller; additionally, the Data Controller takes any reasonable steps to ensure that the personal data it holds for its customers are kept up to date and accurate;
Right of revocation: at any time, the Data Subject can withdraw the consent for the handling and processing of his/her personal data by the Data Controller; the Data Subject can also change the level of consent, i.e. not withdrawing it entirely, but restricting its applicability; requests to revoke personal data should be sent via email to email@example.com;
Right of erasure: Data Subjects have the right to request the complete deletion of their personal records held by the Data Controller: requests to delete personal data must be submitted via email to firstname.lastname@example.org; this right does not apply if there is a legal or official obligation to store this data;
Right of data portability: personal data can be transferred to another service provider upon request from the Data Subject; this right is only applicable to information which the Data Subject he or she has provided to the Data Controller;
Right of complain: Data Subjects have the right to object the way personal data are processed by the Data Controller and they have the right to raise a complain directly with the local supervisory authority.
The Data Controller is committed to keep the personal data it stores up to date and accurate, nevertheless it is the Data Subject’s responsibility to promptly notify the Data Controller of any relevant change that may affect the personal records it keeps.
11. Update of the Policy and point of contact
12. Additional contacts
Data Protection Officer:
Scope SE & Co. KGaA
D-10785 Berlin - Germany
Phone +49 30 27891-0
Fax +49 30 27891-100
Scope Ratings GmbH
D-10785 Berlin - Germany
Phone +49 30 27891-0
Fax +49 30 27891-100
Managing Director: Guillaume Jolivet
Commercial Register Berlin: HRB 192993 B
Berliner Beauftragte für Datenschutz und Informationsfreiheit
D-10969 Berlin - Germany