Below are the categories of personal data, including examples that we process for the purposes set out in the following section. We refer to these categories in other parts of this Privacy Policy.

1. Contact details. Business e-mail address, business telephone number, and the company you represent, so we can make our services available to you and communicate with you.
2. Information about Website usage. When you visit www.scanmarqed.com we automatically receive your IP address and information your browser sends, such as the pages you visit, time spent, referring URL, and operating system and browser version.
3. Information from cookies and other tracking technologies. If you have enabled the storage of cookies in your browser, they send us additional information, for example about the pages you visit and your preferences. For more information on the use of cookies and similar technologies, please see Section D “Cookies and other digital identifiers” below.

If you visit www.scanmarqed.com or subsequent subdomains, your personal data will be processed for the following purposes:

1. Operation and security of the Website. We process Information about Website usage and strictly necessary cookies to operate the Website, deliver the content you request, and ensure its security and integrity. The legal basis is our legitimate interest. We generally retain this data for up to 24 months after your visit.
2. Analytics and measurement. Subject to your consent given through the cookie consent banner, we use cookies and similar technologies to understand how visitors use the Website (for example, which pages are most viewed and how visitors navigate between them) so we can improve and optimise it. We retain this data for the duration of your consent and in any case no longer than 24 months. The legal basis is your consent.
3. Marketing and promotion on the Website. Subject to your consent given through the cookie consent banner, we and our advertising partners use cookies and similar technologies to show you relevant content and advertising on the Website and to measure the effectiveness of our marketing. The legal basis is your consent. You can withdraw your consent at any time via the cookie preferences link on the Website.

We process the personal data that you (or the entity you represent) provide to us when you are contacting us or when you are visiting the Website.

We may also collect personal data automatically when you visit the Website (Information about Website usage and Information from cookies and other tracking technologies). We may derive other data from the data set out above.

We may also receive personal data from our partners, including resellers, identity providers (where you authenticate via single sign-on) and integration partners (including advertising, web-analytics and CRM) that pass data to us based on your or your organisation’s instructions.

Each time you visit the Website, we may store cookies – small files containing information about your visit – on your device and read them on subsequent visits. We use both session cookies (deleted after your visit) and persistent cookies that remain on your device for a set period, but no longer than 24 months. In addition to cookies, we may use other similar technologies, such as web beacons and pixel tags, that have a similar function to cookies.

We use four categories of cookies and similar technologies on the Website:

1. strictly necessary, required for the Website to function and to keep it secure,
2. preferences that remember your settings, such as language,
3. analytics that help us understand how the Website is being used, and
4. marketing used by us and our partners to deliver and measure relevant advertising.

All categories other than strictly necessary cookies are activated only with your consent given through the cookie consent banner. You can withdraw or change your consent at any time using the cookie preferences link on the Website.

Where cookies cause your data to be transferred to processors or third parties, those recipients are listed in Section E and, where applicable, in the cookie consent banner.

The processing of your personal data involves processors who always act on our documented instructions and for the purposes set out in this Privacy Policy. The current categories of processors involved in the operation of the Website include:

1. Other companies within the ScanmarQED group that provide shared services (such as IT, security, finance and Client support) on our behalf;
2. Cloud infrastructure and data hosting providers;
3. Identity, authentication and single sign-on providers;
4. Website analytics, marketing-automation and advertising providers (only where you have given consent through the cookie banner);
5. Professional advisers, including auditors and legal counsel, where necessary.

We seek to keep personal data within the European Economic Area (“EEA”). Where we need to use processors that store or process personal data outside the EEA, we ensure that an appropriate safeguard is in place, in particular:

1. an adequacy decision adopted by the European Commission, or
2. the Standard Contractual Clauses adopted by the European Commission, supplemented by additional technical and organisational measures where necessary, available at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Protecting your data is our priority. For this reason, we have adopted, maintain and continuously improve technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, damage or disclosure. We are also ISO 27001:2022 certified.

These measures include role-based access controls and the principle of least privilege; encryption of data in transit and at rest; multi-factor authentication for administrative access; centralised logging and monitoring; vulnerability management, secure development practices and regular penetration testing; vendor and sub-processor risk assessment; documented incident-response and business-continuity procedures; and confidentiality obligations imposed on all personnel and processors with access to personal data.

We retain personal data only for as long as necessary for the purposes for which it was collected, and in particular:

1. Marketing communication: for the duration of the Client relationship and up to two (2) years thereafter, or until you withdraw your consent or object to the processing, whichever is earlier.
2. Website analytics and marketing cookies: for the duration of your consent, and in any case no longer than twenty-four (24) months.

You have the following rights under the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) in relation to the processing of your personal data, which you can exercise by contacting us at privacy@scanmarqed.com. We will respond as soon as possible and, in any event, within one (1) month of receipt of your request. In exceptional cases, we may extend this period by a further two (2) months and will inform you of any such extension.

1. Right of access. You have the right to obtain confirmation as to whether we are processing your personal data and, where we are, access to that data and to information about the purposes and scope of the processing, the recipients of the data, the duration of the processing, your rights, the right to lodge a complaint with a supervisory authority and the sources of the personal data. You can also ask us for a copy of the personal data we process; the first copy is free of charge; further copies may be subject to a reasonable fee.
2. Right to rectification. You have the right to request that we correct inaccurate personal data concerning you and, where relevant, complete incomplete personal data.
3. Right to erasure (“right to be forgotten”). You have the right to request the erasure of your personal data where one of the grounds set out in Article 17 GDPR applies. This right does not apply where processing is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defense of legal claims.
4. Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in the cases set out in Article 18 GDPR.
5. Right to data portability. You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller, where the processing is based on your consent or on a contract and is carried out by automated means.
6. Right to object. You have the right to object, on grounds relating to your situation, to processing of your personal data based on our legitimate interest. You also have the right to object at any time to processing for direct-marketing purposes; we will stop such processing on receipt of your objection.
7. Right to withdraw consent. Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to such withdrawal.
8. Right not to be subject to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. We do not carry out such processing in the operation of the Website.
9. Right to lodge a complaint. In addition to exercising your rights with us, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or the alleged infringement. For the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), Hoge Nieuwstraat 8, 2514 EL The Hague, Netherlands (https://autoriteitpersoonsgegevens.nl).