1. How we collect Personal Data
2. How we use Personal Data
3. Disclosures of your Personal Data
4. International Transfers
5. Retention of Personal Data
9. Links to Other Web Sites
10. Opt-Out Policy
11. User Generated Content
12. Your Duties and Rights
14. Contact Us
When we use the term “Personal Data,” we mean information that can be used to identify you as an individual person. We collect limited categories of Personal Data through our Services, including through:
We will only use your Personal Data when and how the law allows us to. We rely on separate and overlapping bases to process your Personal Data lawfully (as described in the tables below). By way of example only, it may be necessary for us to process your Personal Data in order to provide Services you have requested and to perform the contract between us, or we may process your Personal Data where necessary to further Corsearch’s legitimate business interests, always taking into account that those legitimate interests will not be overridden by your personal rights and interests.
In certain circumstances we may ask for your consent to process your Personal Data. In such circumstances you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing undertaken by us prior to the withdrawal of your consent.
We collect the following Personal Data you provide (for example when you enter the information into form fields when registering or ordering Services, or when you contact us directly:
Category of Personal Data
Purposes of Processing
Legal Bases for Processing
including your name, address, email address, user name and phone number
|To activate and administer your account and the Services requested, authenticate you as a user, and communicate with you, including where you have requested information from us about us or our Services, and as described below in Additional Uses of Personal Data.||To provide Services requested by you and to meet our contractual obligations (Art. 6 para. 1 (b) GDPR)
Our legitimate interests (Art. 6 para. 1 (f) GDPR)
Your consent (Art. 6 para. 1 (a) GDPR), where obtained
including your email address
|To provide you with updates to our blogs, where you have opted-in to receive such updates.||Your consent (Art. 6 para. 1 (a) GDPR), where obtained|
including payment or financial account information
|To process payments for the Services requested and to provide purchased Services
To meet statutory tax or commercial law requirements
|To process transactions requested by you and meet our contractual obligations (Art. 6 para. 1 (b) GDPR)
Compliance with legal obligations (Art. 6 para. 1 (c) GDPR)
|Purchase or Subscription Information
including details of Services purchased
|To improve our platform.||Our legitimate interests (Art. 6 para. 1 (f) GDPR)|
|Information provided in response to voluntary surveys, polls and inquiries
including response and poll information
|To conduct voluntary market research, surveys, polls and similar inquiries to help us understand trends and client needs.
Where the site offers voting functionality, we may use a system to “tag” users after they have voted, so they can vote only once on a particular question. This tag is not correlated with information about individual users.
|To provide the Services requested by you (Art. 6 para. 1 (b) GDPR).
Our legitimate interests (Art. 6 para. 1 (f) GDPR)
Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have entered (or are trying to enter) into with you. In such cases, we may be unable to provide the Services you have requested.
As is true of most digital platforms, we gather certain information automatically when you use our Services. This information may include browser, device and/or similar data that we collect as follows:
We may obtain certain Personal Data about you from our corporate clients. In particular, if your employer has contracted with us for our Services, we may receive Personal Data about you directly from your employer, such as you name and work contact details. In such circumstances, we may use this Personal Data for the same purposes and on the same legal bases as set out above (see “Data you provide” above).
In addition to the uses described above, we may use your Personal Data as necessary to serve our legitimate interests (Art. 6 para. 1 (f) GDPR) in our business operations, as follows:
We may share your Personal Data with the following parties for the purposes set out in Section 2 (above):
The legal basis for sharing of your Personal Data with other Corsearch group companies is that this is necessary for our legitimate interests under Art. 6 para. 1 (f) GDPR. We have a legitimate interest in sharing your information for internal administrative purposes, in particular to offer the Services and to deal with any inquiries in an efficient and high-quality manner.
In compliance with applicable data protection requirements, we require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our processors to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our authorization and instructions.
We transfer your Personal Data within the Corsearch group of companies for business purposes only. This may involve transferring your data outside the European Economic Area (EEA) to jurisdictions such as the U.S., which has not been deemed to offer adequate protection for your Personal Data by the European Commission.
In addition, some of our processors are based outside the EEA, so their processing of your Personal Data will involve a transfer of data outside the EEA.
To protect your Personal Data under EU data protection laws, we ensure your Personal Data is adequately protected and that such transfers are carried out in accordance with the law by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data outside the EEA.
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or tax requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our Services are not directed to, and we do not intend to or knowingly collect or solicit Personal Data from children. If you are a minor, do not provide us with any Personal Data.
Cookies may collect certain limited Personal Data, such as your IP address. However, generally most of the information we collect through cookies is not Personal Data.
We use the following cookies:
With your consent (under Art. 6 para. 1 (a) GDPR), we also use the following cookies for the purposes described below:
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Corsearch Global Platform Remember User||ZCBX
|These cookies are used for “Remember Me” functionality on our platform|
|Corsearch Global Platform User preferences||languageCode
|These cookies are used to store user preferences on our platform and to ensure our content works on your device|
|Corsearch Global Platform Session cookie||ASP.NET_SessionId
|These cookies are used for storing user session information. These cookies expire when your browsing session ends|
|Corsearch Global Platform forms authentication||.CORSEARCHAUTHENTICATION||This cookie is used by our platform to support single sign on functionality|
|These cookies are used to collect information about how visitors use our site, including to keep track of visitor sessions and to recognize when visitors return to the site.
__hssc* expires after 30 minutes
__hssrc* expires at the end of the browser session
__hstc* expires after 2 years
hubspotutk* expires after 10 years
wp4234* expires after 1 year
__cfduid* expires after 1 year
_ga* expires after 2 years
_gid* expires after 1 day
ak_bmsc* expires after 1 day
bm_sv* expires after 1 hour
hs-ard* expires after 3 months
messagesUtk* expires after 2 years
|Universal Analytics (Google)||__utma*
|These cookies are used to collect information about how visitors use our site. We use the information to help us improve the site.
__utma* expires after 2 years
__utmb* expires after 30 minutes
__utmc* expires at the end of the browser session
__utmd* expires after 10 seconds
__utmt* expires after 10 minutes
__utmz* expires after 6 months
_ga* expires after 2 years
|These cookies are used for to keep our site secure and to recognize visitors when they return to the site.
CMSCsrfCookie* expires at the end of your session
CMSCurrentTheme* expires after 24 hours
CMSPreferredCulture*expires after 1 year
cookiesDirective* expires after 1 year
|We embed videos on our site using YouTube. This may set cookies on your computer once you click on the YouTube video player.
PREF* expires after 8 months
YSC* expires at the end of your session
VISITOR_INFO1_LIVE*expires after 6 months
remote_sid* expires at the end of your session
|Used to improve advertising, for example, to avoid showing an ad that a user has already seen. There is no personally identifiable information in these cookies.
IDE* expires after 2 years
x_axis_main* expires after 1 year
We take appropriate steps to protect your Personal Data as you transmit your information from your computer to our site and to protect such information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Corsearch employees who handle Personal Data treat it confidentially and may not disclose it to unauthorized third parties. Employees are responsible for the internal security of information. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, emails sent to or from this site or Corsearch may not be secure, and you should therefore take special care in deciding what information you send to us. Moreover, we have reasonable technical safeguards and security measures in place functionally with the site, but where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them.
We give users options wherever necessary and practical. Such choices include:
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your engagement with us.
If your Personal Data is protected under EU data protection law, under certain circumstances, by law you have the right to:
Where applicable, to exercise any of these rights, please contact us.
You also have the right to lodge a complaint with your competent data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights above, where applicable). However, in accordance with EU data protection law, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Corsearch takes compliance very seriously and gives a high priority to any personal data we process to ensure that individuals’ rights are respected (including, for clients or prospective clients, the limited contact personal data that we collect, process and maintain in relation to account information).
We maintain appropriate data protection, privacy and security measures, policies and procedures to ensure the security of all information we collect, process and/or maintain. With the implementation of the GDPR, like most other businesses, we are in the process of enhancing these measures to ensure compliance with the GDPR, where applicable.
Please keep in mind that for the purposes of the GDPR, the personal data that we process in relation to clients or others is undertaken in Corsearch’s capacity as a “controller” and not a “processor.” The information in our products, through the services we offer and, generally as a business, is information we license through authorized third-party providers. In relation to our own processors, we have and are taking on-going steps to ensure these entities comply with GDPR requirements (where applicable), and that we have appropriate contractual protection in place, where required. For purposes of information, we store data on our servers in Mechelen, Belgium and in the United States and through our EU-US Privacy Shield-certified cloud-based providers.
The GDPR is a European Union (EU) law which enhances individuals’ rights in respect of their personal data. The GDPR applies to all personal data processed by organizations established in the EU, and to personal data processed by non-EU organizations to the extent that they offer goods or services to individuals in the EU or otherwise monitor their behavior.
While data protection and privacy laws have been in existence in the EU and globally for some time, the GDPR is a single regulation which is directly binding in all EU member states, and which aims to unify existing, fragmented national laws and extend the territorial scope of EU data protection laws.
The GDPR affects Corsearch in two major ways: (1) we need to be compliant as a company internally and externally, as we conduct business throughout the EU and globally and; (2) we need to address, for clients and as a business, how this law affects the data offered through our platform and within our products and services.
As a recent, stand-alone company, we are making the most of the opportunity to put into place state-of-the-art security systems, policies, procedures and technical safeguards to ensure the safety and security of the personal data of our employees, clients and others. Diane Plaut, the General Counsel of Corsearch is a privacy professional and is committed to compliance and data protection at Corsearch. As a counselor and guide to Corsearch and its employees on data protection, privacy and information security laws, Diane helps to ensure that we have a fully compliant infrastructure, policies and procedures. Diane is also a resource to help answer questions you, our clients, or employees may have and to help ensure the development and promotion of compliant products and services by Corsearch, its business partners and vendors.
Corsearch has a full project team in place to ensure GDPR compliance. Corsearch has taken the following steps to achieve ongoing compliance:
We will only process your personal data for the specific purposes for which it was collected and in accordance with our privacy notices and policies which we provide to you and update as necessary. We will fulfill our duty and inform you if our use of your personal data materially changes.
We will comply with our obligations regarding requests from data subjects in relation to their rights under the GDPR (where applicable), including, without limitation, rights of access, rectification, restriction of processing, objection to processing, data portability and erasure. We have acted in accordance with all laws to ensure that we are supplied with accurate data but cannot be responsible for the inaccuracy and the quality of the personal data that is supplied to us.
We have safeguards in place in the form of confidentiality clauses and contractual provisions with vendors, employees, contractors, processors and sub-processors to ensure they have only necessary and restricted authorized access to and limited use of personal data, and only within the scope necessary to perform the services we request. In addition to our employee training programs, we are implementing internal policies which dictate how our employees protect and process personal data in the course of their duties.
The measures we take to protect data include, but are not limited to:
Corsearch has developed a Document Retention and Destruction Policy to ensure that personal data is not retained for longer than is necessary for business purposes. This is subject to any limitations described in separately requested service agreements or terms between Corsearch and our clients, as well as any restrictions prescribed by law that prevent us from destroying such personal data in relation to a legal hold, bankruptcy or other legal or contractual provision or matter. We will always honor requests to delete or access personal data in line with data subjects’ rights, where required to do so.
Corsearch has updated its marketing policies and procedures which are in line with GDPR and ePrivacy Directive requirements and which will take into account ePrivacy Regulation requirements, once determined. Corsearch is clear about how and when it collects personal data and the specific purposes for which it is collected and be will used. All Corsearch employees have been told of these principles and will receive all needed and continued trainings to ensure compliance with all laws.
At Corsearch, we value you and the security of your personal data. We ensure all necessary measures are in place and will continue to be in place to ensure data protection compliance now and always.
Diane Plaut, General Counsel and Privacy Officer, Corsearch
Diane Plaut will offer GDPR-related Webinars on the following dates (duration: 1 hour):
(1) By mail: Corsearch, Inc. 220 West 42nd Street, 11th Floor, New York, NY 10036
(2) Through our dedicated email address: firstname.lastname@example.org
(3) By contacting our General Counsel and Privacy Officer, Diane Plaut, directly at: Diane.Plaut@corsearch.com
(4) By contacting our European representative: Corsearch Europe S.A.