Last Modified: December 2022
DASA is committed to protecting your privacy and ensuring you have a positive experience on the DASA Portal and in using DASA Services.
- Talent solutions: DASA Talent solutions includes DASA Talent Academy, Training Courses, Assessments, DCF(DASA Competency Framework), Recognition Badges and Skills Passport.
- Guidance products: DRA(Digital Readiness Assessments), Individual Scans, Team & Organizational scans, & Analyst Advisory Services.
- Training & Certifications: DASA Branded Courseware, Certifications, Accredited Training Provider & Accredited Trainer accreditation services forms part of this offering.
- Event & Communities: DASA offers its Enterprise customers to take part in events such as Awards, Webinars, Workshops, and various DASA Communities
1. DASA Collects Data
1.1. We may collect personal information from sources including:
- Directly from your Organization, where we process your personal information as a Data Processor on behalf of your Organization, who is a Data Controller;
- Through our website;
- Through Third-Party Services Providers;
- As part of us executing our services on behalf of Training Providers operating on the Portal who require your personal information in order to fulfill services to you, like for example schedule your exam.
- Through Third-Party sources such as social media platforms, and our joint marketing partners.
1.2. DASA Collects the Following Information. The types of personal information we may collect include:
1.2.1. Contact information, such as name, email address, business address, and telephone number.
1.2.2. End User information, such as name, email address, native language, time zone
1.2.3. Account information, such as username and password.
1.2.4. Payment Services information, such as your banking details and billing address.
1.2.5. Verification information pertinent to your organization, such as VAT number, electronic signature, company registration identifier, and certificate of incorporation.
1.2.6. Accreditation information pertinent to your organization or yourself, relevant for purchasing Items that may only become available upon your accreditation or registration with DASA.
1.2.7. Communication information, when you are communicating with other users on the Portal, we collect information you share. This also includes you providing feedback or ratings on the DASA Portal.
1.2.8. Fulfillment information, this includes the information we need in order to fulfill services to you, or other information we need in order to complete the fulfillment of Items. Fulfillment information may include information from you, or information about the locations we are required to deliver Items to.
1.2.9. Other information that you may otherwise choose to provide us when you fill in a form, conduct a search, complete a survey, update or add information to your Account, respond to emails from us, participate in promotions or loyalty programs, or use other features on DASA.
1.5. Information From Your Use of the Service. We may receive information about how and when you use Products and Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our users.
1.6. Information From End User’s Use of the Service. We use the Personally Identifiable Information that we collect from You when You access any online products including exams hosted on the DASA Portal. This is meant for processing purposes, including but not limited to tracking attendance, progress, and completion. We may also share Your Personally Identifiable Information and performance in a given Course with your Organization or with the Training Provider who has a contractual agreement with Your Organization for accreditation and fulfillment of a contract.
2. How DASA Uses Information
2.1. We use, store, and process information about you to provide, understand, improve, and develop the DASA offerings including our Platform, Products and Services, and to create and maintain a trusted and safe environment.
2.2. Information from You may be shared with other users on the Platform, or with Third Party Service Providers that perform certain services on our behalf, in connection to fulfilling services to you.
2.3. Training Providers and other Third-Party Service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes unless this is specifically required by law, or in order for Training Providers or other Third Party Service Providers to comply with accreditation or registration requirements during the provisioning of DASA Products or Services.
2.4.2. To communicate with you about your user account on the Portal and provide customer support.
2.4.3. To enforce compliance with our End User License Agreement and applicable law. This may include developing tools and algorithms that help us prevent violations.
2.4.4. To protect the rights and safety of our Training Providers and third parties, as well as our own.
2.4.5. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
2.5. Data Collected by Training Providers
2.5.1. End Users data shall not belong to DASA and shall not be used by DASA for marketing, communication or other commercial purposes unless we specifically ask permission and you grant this permission to The End Users data shall be used by DASA in provisioning of Services or where You may require support to access or use Items available from DASA.
2.5.2. We shall at all times comply with relevant European data privacy directives that are applicable to DASA. We value your information, and take reasonable measures to protect your information.
2.5.3. We reserve the right to view or remove your content for any reason at our discretion. Reasons may include quality assurance, accreditation requirements, contractual requirements or legal requirements/considerations (for example if we believe or have received evidence that your use of My DASA or Talent Academy is unlawful, unauthorized, or otherwise may result in a liability to us or anyone else).
3. Training Providers Responsibility Related to Data Collected Through the DASA Portal, Product & Services
3.1. In agreeing to use the DASA Portal, Product & Services, DASA Members and Your Organization represent and warrant that their use of DASA Talent Solutions, Guidance products, Training and Certifications, & Event & Community and any other product or services that DASA will introduce will comply with all applicable data privacy laws. They are responsible for determining whether their use of the DASA Portal, Products and Services is suitable in light of regulations like HIPAA, GLB, EU Data Privacy Laws, or other laws.
4. General Use of Portal Data
4.1. If You no longer want any personal data to be stored by My DASA or Talent Academy , and your account is managed by Your Organization, you have to inform Your Organization. If an End User contacts DASA to remove his/her personal data, we will pass on the request to Your Organization who acts as the Data Controller within a reasonable time. It is the responsibility of Your Organization to act on the request. In all other cases DASA will remove your personal data within a reasonable time.
4.2. DASA will retain personal information we process on behalf of our Members for as long as needed to provide our services, or to comply with our legal obligations, contracts, resolve disputes, prevent abuse, or enforce our agreements. There are several training and certifications that you might take on My DASA or Talent Academy that require us to keep your data in our records as part of the service agreements and regulations with accrediting bodies, under which DASA operates. In such cases, it wouldn’t be possible for us to delete your personal data without the specific written guidance received from accrediting organizations.
5. Third-Party Services Providers
5.1. We use a variety of third party service providers to help us provide services related to the Platform. Service providers may be located inside or outside of the European Economic Area (“EEA”).
5.2. DASA Payment Services. DASA may contract with other companies to provide payment services and facilitate your use of the Platform. We provide these companies with only the information they need to perform their services and work closely with tem to ensure your privacy is respected and protected. These companies are prohibited by contract from using this information for their own marketing purposes or from sharing this information with anyone other than DASA.
We use a Third Party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our Third Party processor depending on your location, whose use of your personal information is governed by their respective privacy policies. Your credit card data is tokenized and is not being retained by DASA.
5.3. DASA Fulfillment Services. DASA may share your personal information to provide fulfillment services and facilitate your use of the DASA Portal, product and services.We provide these companies with only the information they need to perform their services and work closely with tem to ensure your privacy is respected and protected. These companies are prohibited by contract from using this information for their own marketing purposes or from sharing this information with anyone other than DASA.
5.6. Other Third-Party Service Providers. To best provide our services, we work with a few other companies which will only have access to the information they need to provide the service as agreed with DASA. Here is a list of the essential service providers we work with, and their respective privacy policies to provide a great experience.
5.6.1. Adobe EchoSign for signing agreements electronically
5.6.2. Amazon Web Services (AWS) for hosting DASA’s servers
5.6.3. Facebook for simple, optional social sharing
5.6.4. LinkedIn for simple, optional social sharing
5.6.5. Digify to control access and security of documents
5.6.6. MailChimp for sending email updates
5.6.7. Typeform for online forms and surveys
5.6.8. Twitter for simple, optional social sharing
5.6.9. Vimeo for video content
5.6.10. Zoom for virtual conference and customer support
5.6.11. Mettl – for conducting assessments
(https://pages.mettl.com/gdpr-compliance?utm_source=GDPR&utm_cam paign=GDPR )
5.6.12. Freshworks for technical support
5.6.13. Mollie for payment processing
5.7. Linked websites and Third-Party Services
5.8. DASA may provide links to other Third-Party websites and services whose data protection practices are outside of our control, and therefore fall outside the scope of this policy. We encourage you to review the privacy policies posted on these (and all) sites you visit or services you use.
6. Protection of Personal Information
6.1. Safeguarding Your Information. DASA is committed to protecting the Personal Information you share with us. We utilize a combination of industry- standard security technologies, procedures, and organizational measures to help protect your personal information from unauthorized access, use or disclosure. We recommend that you take every precaution to protect your personal information and Account information and also instruct your authorized personnel in using the Portal appropriately.
6.2. Notice of Breach of Security. If a security breach causes an unauthorized intrusion into our system that materially affects our Members or their End Users, then we will notify you as soon as possible and later report the action we took in response.
6.3. Compliance with Law. DASA may disclose your information to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required to do so by law or if such disclosure is reasonably necessary: (i) to comply with legal process and to respond to claims asserted against DASA, (ii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iii) to enforce and administer our Terms of Service or other agreements with Members, (iv) for fraud investigation and prevention, risk assessment, customer support, product development and debugging purposes, or (v) to protect the rights, property or personal safety of DASA, its employees, its Members, or members of the public.
6.4. Accuracy and Retention of Data. We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.
6.5. Access. We will give registered users access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by writing to email@example.com. Unless it is prohibited by law or the information is necessary for the performance of a contract to which the data subject is party, we will remove any Personal Information about an individual, from our servers at your or their request.
6.6. Compliance. Our servers are located in the European Union, so your information may be transferred to, stored, or processed in the EU. While the data protection, privacy, and other laws of the European Union may differ from those in your country, we take many steps to protect your privacy. By working with DASA, you understand and consent to the collection, storage, processing, and transfer of your information by our facilities in the European Union and those third parties with whom we share it as described in this policy.
7. Contacting Us About Privacy