At Des-Case Corporation entities, (Des-Case Group” or “Company”), a strong ethical culture is preserved worldwide with integrity, honesty, fair business practices, and full compliance with all applicable laws.
Table of Contents
Section I: Commitment to Data Privacy 3
Section II: Scope 3
Section III: Retention of GDPR Data 3
Section IV: Right of Transparency of Information 4
Section V: Right of Erasure & Right of Restriction of Processing 4
Section VI: Right to Object 5
Section VII: Right to Rectification 6
Section VIII: Right to Data Portability 6
Section IX: Personal Data Types (customer & employee) 6
Section X: Customer Consent 7
Section XI: Applicant and Employee Consent 9
Section XII: Routine Erasure & Blocking of Personal Data 10
Section XIII: GDPR Principles in Practice 10
Section XIV: Contact Information 11
Des-Case USA-Europe & RMF Systems Commitment to Data Privacy
By means of this data protection declaration, our Company would like to inform the General Public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, Data Subjects are informed by means of this data protection declaration of the rights to which they are entitled.
The protection of personal data is a fundamental right. Our Company is committed to international compliance with data protection laws.
For the sake of clear definitions for this policy, personal data is considered any information relating to an identified natural person. An identifiable person is one who can be identified, directly or indirectly, by a reference to an identifier such as a name, an identification number, location, data, an online identifier or to one or more factors related to any social identifier (Article 4:1 GDPR).
Retention of GDPR Data
The length of time for which GDPR personal data is held will vary depending upon the purposes for which the data is being used and relevant requirements related to legal compliance, applicable laws, rules and regulations.
Personal data will be destroyed or erased from our systems when no longer required for the purposes set forth with collection of such data (Article 3:63 GDPR) unless applicable laws or regulations support and/or require retention of specific data.
Right of Transparency of Information
The Data Subject shall be informed before his or her personal data is collected and recorded. He or she shall expressly consent to having this data received (Preamble:58 GDPR). The Company provides opportunities for consent wherever personal data is collected.
Right of Erasure & Right to Restriction of Processing
Each customer Data Subject has the right to request of the Controller erasure of personal data (Article 17 GDPR) concerning him or her without undue delay.
The Company shall have the obligation to erase personal data without undue delay where one of the following grounds applies if processing is not necessary:
- Customer Data Subject requests erasure of personal data as his or her fundamental right unless deemed a non-compliant action based on applicable laws, rules or regulations.
- Customer Data Subject requests erasure of personal data as his or her fundamental right with the understanding that the lack of basic customer data may result in the Company’s inability to effectively transact with the customer.
- Personal data are no longer necessary in relation to the purposes for which they were collected, and/or otherwise processed, and/or have exceeded relevant retention requirements.
- The Data Subject withdraws consent to which the processing is based according to point Article 6:1a of the GDPR, or Article 9:2a of the GDPR, and where there is no other legal ground for the processing.
- Data Subject objects to the processing pursuant to Article 21:1 of the GDPR and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21:2 of the GDPR.
- Personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
- Personal data have been collected in relation to the offer of information society services referred to in Article 8:1 of the GDPR.
Right to Object
Regarding employment or contractual work inside/outside of the EEA, objection of the processing may result in the Company’s inability to employ or work contractually with a Data Subject as certain documents and forms may be required due to the sensitive nature of such relationships (e.g. intellectual property or NDA’s). Regardless, it is the Data Subject’s right to object to the processing of his or her personal data.
If the Company processes personal data for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. In such cases, the Company will no longer process the personal data for these purposes. In addition, the Data Subject has the right to object to processing of personal data concerning him or her by the Company for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out for reasons legally legislated in for the sake of public interest.
In order to exercise the right to object, the Data Subject may contact any employee of the Des-Case Group. In addition, the Data Subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications. Each Data Subject shall have the right granted by the European legislator for those natural citizens in the EEA not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision: (1.) is not necessary for entering into, or the performance of, a contract between the Data Subject and a data controller, or (2.) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, or (3.) is not based on the Data Subject’s explicit consent. If the decision is necessary for entering into, or the performance of, a contract between the Data Subject and a data controller, or is based on the Data Subject’s explicit consent, the Company shall implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
Ultimately, the Data Subject may exercise his or her rights concerning automated individual decision-making to withdraw data protection consent at any time.
Right to Rectification
The Data Subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her (GDPR Article 16).
Right to Data Portability
Each Data Subject shall have the rights granted by his or her respective governing legal entity to receive personal data concerning him or her. In the EU, EEA and other jurisdictions with similar legal requirements, all Data Subjects have the right to request and receive their personal data in a structured, commonly used and machine-readable format given it does not affect the rights and freedoms of others (Article 20:4 GDPR). In other countries and jurisdictions, personal data related to employment may receive different treatment based on applicable laws, rule, and regulations.
In exercising his or her right to data portability (Article 20:1 GDPR), the Data Subject shall have the right to have the personal data transmitted from one controller to another where technically feasible, legally required, and allowable without impeding upon the rights and freedoms of others. In order to assert the right to data portability, the Data Subject may at any time contact RMF Systems.
Personal Data Types (customer & employee)
Any processing of personal data with the Des-Case Group must be lawful and fair (Article 3:39 GDPR). It must be transparent to natural persons that personal data concerning them are collected, used, consulted or processed, with the scope of such processing aligned with the Data Subjects’ rights.
The Company considers the lawful and correct treatment of personal data as a vital component of its operations. The personal data of both employees and customers is handled ethically and responsibly with a high level of confidentiality and security. Not an all-inclusive list, the following key principles concerning Personal Data (Article 3 GDPR) are adhered at the Des-Case Group:
- Personal data is only processed with consent of the Data Subject
- Policies on personal data are transparent and clearly communicated
- Only relevant personal data is collected and limited to what is necessary
- All third-party contracts involving personal data must contain clauses requiring respective third parties to comply with GDPR where applicable
- Personal data is subject to confidentiality and secured with appropriate organizational and technical measures to prevent unauthorized access or illegal processing or distribution
Consent – Customer
As a customer, there are three sets of business processes for which the GDPR may impact your personal data. The first set of processes are related to use of the Company websites at
www.descase.com, or www.rmfsystems.com
The second set of business processes are to all transactional activities in the buying or selling of products, services, or subscriptions with Des-Case and its affiliates.
Per the GDPR, consent should be given by a clear affirmative act establishing a freely given, specific, unambiguous indication of the Data Subject’s agreement to the processing of personal data relating to him or her. This includes ticking a statement when visiting a website (Preamble:32 GDPR). The following website activities take place to help the organization both better serve website customers and ensure website effectiveness:
Session cookies is one method for which the Des-Case Group collects information. Cookies are text files stored in a computer system via an internet browser. A “cookie” is a unique numeric code used to identify with a user’s computer to optimize future visits and enhance Company web pages. More specifically, the Company website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. Users may set preferences regarding the storage of cookies within
their individual web browsers, which can also be used to remove stored cookies. If you choose to limit cookies, some website functionality may be limited.
Our website uses Google Analytics, a web analytics service of Google Inc. In similar fashion to session cookies, Google Analytics uses cookie text files to analyze how the website is being used. More specifically, Google uses the data stored on these cookies to compile reports on website activities with the intention of providing analytics that best service the needs of the website visitors. For more information, please visit:
Users can opt-out of the collection and use of information by blocking third party cookies and other tracking mechanisms via web browser settings or operating systems settings.
All web servers collect very basic visitor information to monitor site usage and performance.
Our website uses social media features, such as the Tweet share button. These features may collect your IP address and the specific page visited on the Company website. A cookie may be need to be enabled for this functionality.
Since social media features are hosted by third parties, user interactions with these third parties are governed by the organization providing the service.
Should a website visitor wish to contact the organization via the website, the Des-Case Group will store the personal data required to enable the interaction. This personal information will be used consistent with the intended purposes of engagement.
Website Promotions, Company Blogs, Subscription to Newsletters
On Company websites, users may be given the opportunity to subscribe to newsletters. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller. The Company may choose to inform its customers and business partners regularly by means of a newsletter and related products and services offers. The Company’s newsletter may only be received by the Data Subject if: (1.) the Data Subject has a valid email address and (2.) the Data Subject
Subject at any time. The consent to the storage of personal data, which the Data Subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter for said purposes. It is also possible to unsubscribe from the newsletter at any time directly on the Company websites or via communication with the controller.
Newsletters, blog pages, and email blasts may contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Company is able to learn when/if emails are opened by a Data Subject. Such personal data collected as tracking pixels are stored and analyzed by the controller in order for the Company to optimize the production of content that best serves our customers. These personal data will not be passed on to third parties. Data Subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Company automatically regards a withdrawal from the receipt of the newsletter as a revocation.
CRM, Marketing Campaigns, and Other Related Sales and Marketing Activities
In order to comply with the GDPR’s data protection provisions regarding sales and marketing activities in our Companies, explicit consent is the practice for which Data Subject information is gathered. The online declaration of consent form includes the following fields:
- Purpose of use
- Specific communication channel
- Contact data fields
- The Des-Case Group’s GDPR Principles in Practice overview (see XIII)
- Right to withdraw reminder
- Consent checkbox
With some activities, the simple opt-in process is replaced by the double-opt-in process in which the interested party is required to confirm his or her original consent. For such cases, email correspondence is typically used for confirmation.
The third set of business processes are related to the use and licenses of the Learning Management System which is hosted by a third party provider. Very basic user information and site usage and performance are tracked.
Consent – Applicant and Employee
In employment relationships, personal data can be processed if needed to initiate, carry out and terminate the employment agreement. When initiating an employment relationship, the applicant’s personal data can be processed. If the candidate is rejected, his or her personal data must be deleted in observance of the required retention period, unless the candidate has agreed to remain on file for future selection process.
We generally obtain consent from the Data Subject on required personal data for employment and contractual work. In addition, many Company benefits and state reporting requirements (i.e. remuneration, taxation, pensions, etc.) are inextricably tied to the use of Data Subject personal data. Declarations of consent will be required whenever applicable to such processes.
The Des-Case Group will only process personal data in employment engagements that are both relevant and legal in relationship to the respective employee or contractor natural resident laws, rules and regulations. Ultimately, data processing must always relate to the purpose of the employment agreement or contract of employment (Article 88 GDPR).
Based on local laws, rules and regulations, employment records will be kept in accordance with both allowable Company retention policies and state legal requirements. No Data Subject employment personal data will be kept without purpose and plan for eventual erasure.
Routine Erasure and Blocking of Personal Data
The data controller shall process and store the personal data of the Data Subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the EU or other legislators in laws or regulations to which the controller is subject to. If the storage purpose is no longer required or applicable, or if a storage period prescribed by the EEA legislator or another competent legislator expires, personal data are routinely blocked or erased in accordance with legal requirements (Article 17 GDPR).
GDPR Principles in Practice
As a final statement of our Company’s commitment to your privacy, the following (not an all-inclusive list) includes fundamental GDPR principles that embody our commitments to Data Subjects:
- Personal data shall be processed lawfully, fairly, and in a transparent manner.
- Less is more. Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate is erased or rectified without delay.
- Personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purposes for which it is processed. Thereafter, the personal data shall be blocked or erased without delay.
- Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing.
- Should a data breach occur with probability of resulting in high risk to the rights and freedoms a Data Subject, the controller shall communicate the personal data breach to the Data Subject without undue delay.
- The controller is responsible for compliance and accountability and must be able to demonstrate compliance.
Contact Information USA
If you have any question concerning this notice, please contact Tony Espinosa (VP, Operations and Administration, Data Protection Controller) at 00 1 615 285 1790 or via email at
or in writing at Des-Case Corporation, 675 N. Main Street, Goodlettsville, TN 37072.
European Economic Area
If you have any questions concerning this notice, please contact Gerben Gerken (Managing Director, Data Protection Controller) at +31 182 30 26 06 or via email at
or in writing to RMF Systems BV, Coenecoop 99, 2741 PH Waddinxveen, The Netherlands.
|PHPSESSID||This cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.||Necessary|
|geot_rocket_country||This cookie is set for geotargeting content by country.||Other|
|geot_rocket_state||This cookie is set for geotargeting content by state.||Other|
|geot_rocket_city||This cookie is set for geotargeting content by city.||Other|
|pardot||The cookie is set when the visitor is logged in as a Pardot user.||Analytics|
|visitor_idXXXXXX||This cookie set by Pardot to identify a visitor.||9 years||Other|
|visitor_idXXXXXX-hash||This cookie set by Pardot to identify a visitor.||9 years||Other|
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.||2 years||Analytics|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.||1 day||Analytics|
|_gat||This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.||1 minute||Performance|
|lpvXXXXXX||This cookie set by Pardot to identify a visitor.||30 minutes||Other|