Last updated: September 2022
NetBenefit’s products and services enable our customers to create and administer stakeholder and rightsholder engagement. We host our data on Microsoft Azure servers and store engagement data on our customer’s behalf.
Our customers may also upload contact information of stakeholders or rightsholders to participate in stakeholder and rightsholder engagements. We refer to this type of information as “Engagement Data”.
Our customers remain Data Controllers of this Engagement Data and we process it solely in accordance with our licence agreement with our customers.
Our customers have total discretion to determine how they design their engagement, what information they collect, who they invite to participate in engagement, whether they upload stakeholder and rightsholder information, what the Engagement Data will be used for, whether it will be combined with other information and data, who it will be shared with and how long it will be stored.
You should contact our customer if you have any questions about their Engagement, or to exercise your rights in relation to the Engagement Data.
Your Right as a Data Subject
The Personal Information We Collect
Engagement Data: Our systems are used to process engagement activities. Our customer may also upload your contact information to enable them to invite you to participate in an engagement regarding their operations.
How We Use Your Information
We use the information that we hold about you in the following ways:
Engagement Data: To provide our products and services: we hold, store and process your Engagement Data to provide our products and services to our customers, in accordance with our agreement with them.
We will not use any information that we hold about you for marketing purposes.
Who We Share Personal Information With
Engagement Data: Unless we are required to do so by law, we will not disclose your Engagement Data to any third parties other than our customers and our sub-processors (such as our hosting providers) that have been authorized by our customer in our agreement with them.
Your Contact Information: Where you contact us directly, we may, if appropriate, refer your enquiry to our customer.
Your Rights as a Data Subject
If you wish to access, correct, or delete your Engagement Data, opt out of any use or disclosure of your Engagement Data or exercise any of the other rights described within the GDPR in relation to your Engagement Data, you will need to contact our customer directly. Where necessary, we will provide assistance to our customers to deal with your request.
You have the right to complain to a data protection authority about our customers’ collection and use of your personal data. For more information, please contact your local data protection authority. A list of EU Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
How Long We Keep Your Information
Engagement Data: our customers determine how long they store your Engagement Data in our products and services, so if you have any questions about this please ask them directly.
Aside from Engagement Data we are likely to hold other information about you such as emails received, and enquiries made. We typically retain technical information for as long as we have a specific reason to retain it for example to comply with a legal requirement.
Security of Personal Information
We take the security of your information extremely seriously and apply high standards of security to all information that we hold, in line with ISO 27001, which aligns our information security policies and procedures to follow industry best practice. All information that you provide to us is stored on secure Microsoft Azure servers with ISO27001 and SOC2 certification. Our customers’ Engagement Data is encrypted on the servers at rest and in transit across the internet.