Last Updated: September 2016
Stefanini participates in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more see: Stefanini, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework
Some services have their own, separate privacy agreements. In the event of a conflict between a Stefanini privacy statement and the terms of any agreement(s) between a customer and Stefanini, the terms of those agreement(s) will control.
To view our general privacy statement, please visit Stefanini Privacy Statement.
Personal Information and Services Data We Collect
Stefanini collects data to operate effectively and provide you the best experiences with our products. Through your interaction with us, Stefanini may collect Personal Information, which is information that identifies an individual or relates to an identifiable individual. Personal Information may include, but is not limited to, your name, physical address, telephone number, e-mail address, company affiliation and associated interests. This data is governed by Stefanini’s general privacy statement.
Stefanini may also collect Services Data. This is data that resides on Stefanini, customer or third-party systems to which Stefanini is provided access to perform services (including test, development and production environments that may be accessed to perform Stefanini consulting and support services). Stefanini treats services data according to the terms of this privacy statement, and treats services data as confidential in accordance with the terms associated with the service.
To illustrate the difference between personal information and services data, when a customer contracts with Stefanini for services, the customer provides information about themselves, including their name, address, billing information, and some employee contact information. Stefanini may also collect other information about the customer and some employees, for example through web sites, as part of that interaction. All of that information is personal information, and is treated according to Stefanini’s privacy statement.
In contrast, having contracted with Stefanini for services, the customer provides Stefanini access to its production, development or test environment, which may include personal information about its employees, customers, partners or suppliers (collectively “end users”). This information is personal information, and is treated according to Stefanini’s Services Privacy Statement.
Stefanini will collect only data which is relevant for the purposes for which it is to be used. Stefanini will take reasonable steps to ensure that this data is relevant, accurate, complete, and current, to its intended use.
How We Collect and Use Services Data
Stefanini uses the service data we collect for two basic purposes, described in more detail below: (1) to provide the products and services requested, and (2) to fulfill our contractual obligations.
To Provide Services and to Fix Issues. Services data may be accessed and used to perform services in compliance with your master services agreement or scope of work. The data we collect depends on the products and features you use, and can include the following:
Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data during the course of providing services.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Support Data. When you engage Stefanini for support, we collect data about you and your hardware, software, and other details related to the support incident. Such data includes contact or authentication data, the content of your chats and other communications with Stefanini support, data about the condition of the machine and the application when the fault occurred and during diagnostics, and system and registry data about software installations and hardware configurations.
Device data. We collect data about your device and the network you use to connect. It includes data about the operating systems and other software installed on your device, including product keys. It may also include IP address, device identifiers (such as the IMEI number for phones), regional and language settings.
Error reports and performance data. We collect data about the performance of the products and any problems you experience with them. This data helps us to diagnose problems in the products you use, and to improve our products and provide solutions. Depending on your product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files you were using when an error occurred, and data about other software on your device.
Any copies of services data created for these purposes are only maintained for time periods relevant to those purposes.
To Fulfill Contractual Obligations. Stefanini may be required to retain or provide access to services data to comply with legally mandated reporting, disclosure or other legal process requirements.
Stefanini does not use services data except as stated above or in your master services agreement or scope of work. Stefanini may process services data, but does not control your collection or use practices for services data. If you provide any services data to Stefanini, you are responsible for providing any notices and/or obtaining any consents necessary for Stefanini to access, use, retain and transfer services data as specified in this statement and your master services agreement or scope of work.
Reasons We Share Services Data
We share your services data, with your consent or as necessary, to complete any transaction or provide any product you have requested or authorized. In addition, we share services data among Stefanini-controlled affiliates and entities. We also share services data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to services data in order to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use services data they receive from us for any other purpose. We may also disclose services data as part of a corporate transaction such as a merger or sale of assets.
Finally, we will access, transfer, disclose, and preserve services data, including your content, when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- protect our customers, for example to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property of Stefanini, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Stefanini, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
Security of Services Data
Stefanini is committed to protecting the security of your services data. We use a variety of security technologies and procedures to help protect your services data from unauthorized access, use or disclosure.
Stefanini’s access to services data is based on job role/responsibility. Services data residing in Stefanini-hosted systems is controlled via the use of an account management framework. You control access to services data by your end users; end users should direct any requests related to their personal information to you.
Stefanini’s security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 standard, govern all areas of security applicable to services and apply to all Stefanini employees.
Stefanini’s security policies and procedures are reviewed and overseen by Stefanini’s Global Information Communication and Technology (ICT) Risk Management group. This group is responsible for security oversight, compliance and enforcement, and for conducting information security assessments and leading the development of information security policy and strategy.
Stefanini is also committed to reducing risks of human error, theft, fraud, and misuse of Stefanini facilities. Stefanini’s efforts include making personnel aware of security policies and training employees to implement security policies. Stefanini employees are required to maintain the confidentiality of data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
Stefanini promptly evaluates and responds to incidents that create suspicions of unauthorized handling of data. Stefanini’s Risk Management Group and Legal are informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Stefanini determines that your data has been misappropriated (including by a Stefanini employee) or otherwise wrongly acquired by a third party, Stefanini will promptly report such misappropriation or acquisition to you.
Stefanini will conduct annual compliance audits of its relevant privacy practices to verify adherence to this statement, EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework Principles. The audit will be conducted under the direction of the Privacy Officer. Any employee that the Company determines is in violation of this privacy statement will be subject to disciplinary action up to and including termination of employment. Any Agent or Third Party that violates this privacy statement shall be in material breach of all agreements with Stefanini and shall defend and indemnify Stefanini from claims related to such violations.
Where We Store and Process Personal Data
Services data collected by Stefanini may be stored and processed in your region, in the United States or in any other country where Stefanini or its affiliates, subsidiaries or service providers maintain facilities. We take steps to ensure that the data we collect under this services privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.
When we transfer personal data from the European Economic Area to other countries, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. Stefanini adheres to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, regarding the collection, use, and retention of data from the European Economic Area and Switzerland. To learn more about our adherence to these programs, please see: Stefanini, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework
Our Retention of Personal Data
Stefanini retains services data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. When services data is deleted, it is removed from live systems, but may remain in a backup format for up to one year. Data, whether in live or backup format, will be protected following the Security mechanisms described above.
Changes to This Privacy Statement
We will update this privacy statement when necessary to reflect customer feedback and changes in our products or services. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how Stefanini will use your services data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Stefanini is protecting your information.
How to Contact Us
If you have a privacy concern or a question for the Privacy Officer of Stefanini, please contact us by using the following contact information. We will respond to questions or concerns within 30 days.
Name Matthew D. Engler
Address 27100 W. 11 Mile Road, Southfield, MI 48034 USA
Phone +1 (248) 263-5678
Fax +1 (248) 386-4644
Anja Hessler is our data protection representative for the country of Germany. The data protection representative can be reached at the following address: Stefanini Germany GmbH, Attn: Data Protection, Im Zollhafen 24, 50678 Cologne, Germany.
To find the Stefanini entity in your country or region, see http://global.stefanini.com.