Legal Basis for The Processing of Personal Information from EEA Residents
If you reside within the European Economic Area (EEA), our processing of your personal information will be legitimized as follows:
(i) Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.
(ii) If the processing of your personal data is necessary for the performance of a contract between you and CMMI Institute or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).”). If this data is not processed, the CMMI Institute will not be able to execute the contract with you.
(iii) Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.
(iv) And where the processing is necessary for the purposes of the CMMI Institute’s legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.
(v) You may also receive personalized advertising where you indicate to the CMMI Institute specific interests by requesting information about a product or service or by indicating your marketing preferences in the preference center.
Transferring Personal Data from the EU to the US:
The CMMI Institute has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR). A finding of “adequacy” in short means that the European Commission has decided that this country outside the EEA ensures an adequate level of data protection. The CMMI Institute relies on derogations as set forth in Article 49 of the GDPR as the United States has no “adequacy” decision and no other safeguards under the GDPR are in place (for example binding corporate rules on the transfer outside the EEA). In particular, the CMMI Institute collects and transfers to the U.S. personal data only: with your explicit consent; to perform a contract with you; in a manner that does not outweigh your rights and freedoms. If this data is not processed and transferred, the CMMI Institute will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction. The CMMI Institute endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with the CMMI Institute and the practices described in this Privacy Notice. The CMMI Institute also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
If you wish to confirm that the CMMI Institute is processing your personal data, or to have access to the personal data the CMMI Institute may have about you, please contact us at [email protected] or you may submit a Data Subject Access Request (DSAR) here.
European Union Data Subject Rights
The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects (these are persons that can be identified).
This Privacy Notice is intended to provide you with information about what personal data the CMMI Institute collects about you and how it is used.
If you wish to confirm that the CMMI Institute is processing your personal data, or to have access to the personal data the CMMI Institute may have about you, or have other questions, please contact us at [email protected] or you may submit a Data Subject Access Request (DSAR) here.
You may also request information through our Data Subject Access Portal about: the purpose of the processing; the categories of personal data concerned; who else outside the CMMI Institute might have received the data from the CMMI Institute; what the source of the information was (if you did not provide it directly to the CMMI Institute); where the personal data is stored and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by the CMMI Institute if it is inaccurate. You may request that the CMMI Institute erase that data or cease processing it, subject to certain exceptions. You may also ask the CMMI Institute for your personal data to be supplemented or updated, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. You may withdraw your consent for the processing of personal data or the further processing of personal data by the CMMI Institute at any time. YOU MAY ALSO REQUEST THAT THE CMMI INSTITUTE CEASE USING YOUR DATA FOR DIRECT MARKETING PURPOSES THROUGH THE DATA SUBJECT ACCESS PORTAL OR BY EMAILING [email protected]. In many countries (including EEA countries), you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how the CMMI Institute processes your personal data. When technically feasible, the CMMI Institute will—at your request—provide your personal data to you or transmit it directly to another controller. You have the right to receive your personal information in a structured and standard format.
In addition to the information contained in this Privacy Notice, you may be provided with additional and contextual information concerning particular services or the collection and processing of your personal data upon request.
Reasonable access to your personal data will be provided at no cost to the CMMI Institute customers, conference attendees and others upon request made to the CMMI Institute at via the Data Subject Access Portal or [email protected]. If access cannot be provided within a reasonable time frame, the CMMI Institute will provide you with a date when the information will be provided. If for some reason access is denied, the CMMI Institute will provide an explanation as to why access has been denied.
You may submit a Data Subject Access Request (DSAR) here.